PRIVACY & DATA PROTECTION POLICY
Who we are
For over 400 years, ScotsCare has been in London giving a helping hand to Scots and the children of Scots; and is the longest established charity for Scots outside of Scotland. ScotsCare (also known as The Royal Scottish Corporation) is registered as a charity in England and Wales (registered charity number 207326).
How we use your information
This policy covers how ScotsCare will use personal information that is collected when you apply for one of our services, volunteer or support us in other ways, or donate to ScotsCare. We are committed to protecting and respecting your privacy and letting you know how we use your personal information.
What personal information do we collect?
Personal information is information that can be used to identify you. It can include your name, date of birth, email address, postal address, telephone number, mobile telephone number, fax number, bank account details, credit/debit card details and whether you are a UK tax payer so that we can claim Gift Aid (please rest assured we do not collect information about your actual tax payments, just whether you are a tax payer). We collect personal information about you when you ask about our activities, make a donation to us, register for an event, benefit from our services, or otherwise give us personal information.
We only collect “sensitive personal information” about you if there is a clear reason for doing so, such as tenancy in one of our sheltered housing sites, provision of one or more of our services, or participation in an event where we need this information to ensure we provide appropriate facilities for you. We may collect health information (for example, if you agree to be a case study for us); however, we will make it clear to you when collecting this information what we are collecting and why.
Why do we collect and how do we use your information?
We may collect your personal information for a number of reasons, such as:
- to provide you with the services, products or information you have applied for;
- to process any donation(s) we may receive from you;
- to provide you with information about our work or our activities, that you have asked to receive;
- to send you the items we have provided for you;
- to invite you to participate in surveys or research;
- for administration purposes e.g. we may contact you about a donation you have made or event you have
expressed an interest in or registered for;
- for internal record keeping, such as the management of feedback or complaints;
- to analyse and improve the services we offer;
- the use of IP addresses to record website traffic;
- where it is required or authorised by law.
We may contact you for marketing purposes by mail, e-mail, telephone, mobile telephone, text or social messaging; in all cases, this will require getting your permission. We may also send you service communications via e-mail, text or social posting, for example where you make an online application for services on our website.
The type of communications and information you receive about our charity and the ways in which you can get involved are your choice. You can change your mind at any time by contacting us at Comms Officer, ScotsCare, 22 City Road, London EC1Y 2AJ or on 020 7240 3718 or via e-mail: firstname.lastname@example.org.
We will never use your information for marketing purposes without your explicit permission.
However, if you no longer wish us to contact you, we will retain your details on an inactive list to help ensure
we do not continue to do so.
Information sharing and disclosure
We will not sell or swap your information with any third party.
We may share your information with our data processors. These are trusted partner organisations that work with us in connection with our charitable purposes; and other entities that send out printed material on our behalf (such as newsletters), fundraise for us, sell products to us for us to provide to our clients, are contractors who work on our sheltered housing sites, or provide us with information and marketing (subject to your communication preferences and our internal policies and procedures). All our trusted partners are required to comply with data protection laws and our high standards and are only allowed to process your information in compliance with our instructions. We will always make sure appropriate contracts and controls are in place.
We may disclose your personal information to third parties if we are required to do so through a legal obligation (for example to the police or a government body); to enable us to enforce or apply our terms and conditions or rights under an agreement; or to protect us, for example, in the case of suspected fraud or defamation.
We do not share your information for any other purposes.
The accuracy of your information
We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will ensure it is amended and updated as soon as possible.
Storing your information
All of the information we store and process stays within the UK.
Our outsourced IT support company (OneStop) has a robust and detailed Cyber Security Statement, covering everything from firewalls and internet gateways, through protection from malware to physical security of servers and backup appliances, based on government guidelines and the Cyber Essentials Scheme. A copy of this will be made available on request.
We will keep your information for as long as required to enable us to operate our services but we will not keep your information for any longer than is necessary. We will take into consideration our legal obligations and tax and accounting rules when determining how long we should retain your information. When we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time.
For all areas of our website which collect personal information, we use a secure server (see para 8 above on ‘Storing your information’). Although we cannot 100 per cent guarantee the security of any information you transmit to us, we enforce strict procedures and security features to protect your information and prevent unauthorised access.
ScotsCare uses Google Analytics to monitor usage of our website. Google Analytics captures locations using IP addresses, but does not make the addresses available to us, which means we cannot identify visitors to our site. We use analytics to let us know the numbers of new and repeat visitors to our website so we can assess how we are doing in spreading the word about our services to potential new clients and supporters.
Changes to the policy
You have the right to:
- Ask us not to process your personal data
- See information we hold about you
- Ask for inaccurate personal data to be corrected
- Ask us to erase all data we have about you (the right to be forgotten)
If you wish to obtain a copy of the information we hold about you, or would like to make a complaint, please contact our team at:
Private Information Request
22 City Road
Tel: 020 7240 3718
When we are satisfied with your proof of identity, we will send you a copy of your personal information which we are legally required to disclose.
If you have any questions or queries about this Privacy and Data Protection Policy, please contact our Chief Executive using the above address and contact details.