Data Protection Policy

General Data Protection Regulations

  • The General Data Protection Regulation (GDPR) is the EU General Data Protection Regulation which replaces the Data Protection Act 1998 in the UK and the equivalent legislation across the EU Member States.
  • The British Association of Gender Identity Specialists (BAGIS) reviews its policies to ensure compliance with the GDPR.  We audit the data we hold and destroy personal data every 3 years.
  • BAGIS commits to regularly review and, where necessary, update privacy information.  If we plan to use personal data for a new purpose, we will update our privacy information and communicate the changes to individuals before starting any new processing.
  • When you provide personal information to the organisation, you will be asked to give your consent to the policy outlined below.  Your consent is the condition or “legal basis” by which we can collect and process your personal information. 

BAGIS Data Policy

  • The personal information you provide to BAGIS, its council members or adminstrators is collected and processed for the purposes of administration of the association, assessing membership eligibility, organising association events and communicating with you about the association and its work. 
  • Your personal information is stored by BAGIS on password protected computers and secure servers. 
  • The Data Controller is the secretary-general of the organisation, who is currently Dr Sarah Murjan.   She can be contacted via
  • The information you provide when applying for membership will be shared with members of the council and the association’s administrators.
  • If you supply details of referees, for example, as part of applying for membership, you should consult them prior to providing their information.  Your personal information may be shared with them, to verify your eligibility.
  • It will be possible for members of the public to verify your membership status, by making an enquiry through the website.  If an individual’s full name is submitted to the association’s administrators, they will search the database of members and inform the enquirer whether the person is a full member, provisional member, affiliate member or not a member at all. 
  • If you share information as part of attending a conference, your personal data will also be shared with the organisers of the conference, other delegates and the conference venue.  This will be limited to a minimum.  For example, only your name and place of work will be shared with other delegates, while your name and accessibility or dietary needs may be shared with a venue, if relevant. 
  • Your personal information will not be shared with any other third parties, aside from those detailed above.
  • We do not gather personal information about you from third parties. 
  • Automated decision making and profiling processes are not used by the association. 
  • The information you provide will be held for a maximum of 3 years and will be deleted thereafter. 
  • The GDPR confers a number of rights, including:
    • You have the right to withdraw your consent at any time. Your personal information will then be deleted from all platforms upon which it is stored.
    • You have the right to request access to a copy of your data in electronic form.
    • You have the right to correct any personal information, if it is inaccurate or incomplete.
    • You have “the right to be forgotten”, meaning you can request the deletion of your data at any time.
    • You have the right to request a halt on processing of your personal information if you object.
    • Please contact the Data Controller if you wish to exercise any of these rights.
  • If you have any concerns about the way in which BAGIS has collected, shared or processed your personal information, please contact the Information Commissioner’s Office.