Data Privacy Notice
Broxburn & Uphall Community Website Trust (SC050044)
1. Your personal data – what is it?
Personal data relates to an identifiable person who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we?
3. How do we process your personal data?
The Committee of BUCWT complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes:
- To enable us to carry out our objectives as specified in the purposes of the trust;
- To administer trustee membership records;
- To fundraise and promote the interests of BUCWT;
- To manage our volunteers;
- To inform you of relevant news, events, meetings, activities and services;
4. What is the legal basis for processing your personal data?
Article 6 processing:
- Consent of the data subject:
- trustee application form completion
- data consent form completion
- photography consent form completion
- oral history consent form completion
- Processing is necessary for compliance with a legal obligation:
- OSCR requires that we keep registers of charity trustees
5. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the Committee in order to carry out a relevant service or for purposes connected with BUCWT. We will only share your data with third parties outside of BUCWT with your consent.
6. How long do we keep your personal data?
We keep data of current trustees and for a two year period thereafter. After two years database records are deleted but the Secretary will retain a list of former trustees. Consent forms (data / photography / oral history) are retained for a length of time not exceeding their legitimate need and purpose. Financial records are retained for a period of six years.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which BUCWT hold about you;
- The right to request that BUCWT corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for BUCWT to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
- The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Data Handling
- Website Visitor Tracking: The website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
- Downloads & Media Files: Any downloadable documents, files or media made available on the website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti virus software or similar applications. We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti virus software or similar applications.
- Contact & Communication With Us: Users contacting us through the website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
- Email Mailing List & Marketing Messages:
- We operate an email mailing list program, used to inform subscribers about events, updates, meetings and calls for assistance. Users can subscribe through an online automated process where they have given their explicit permission. Subscribers can unsubscribe at any time as detailed in the footer of sent messages.
- Our EMS (email marketing service) provider is; Mailchimp who are GDPR compliant.
- External Website Links & Third Parties. Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout the website.
10. Data Storage
Your data is stored in two permanent databases:
- The Trustee membership database - a database is kept securely stored offline on removable media.
- The Mailing List database - for those who have opted in - Email Address, First Name and Last Name are stored by the GDPR compliant Mailchimp on their US based servers. No hard copy back-up is kept of this.
- From time to time temporary databases will hold pertinent data to allow specific ad-hoc functions to be fulfilled. Once the function has completed these databases are securely destroyed.
11. Contact Details