Privacy Notice
Leith Civic Trust (“we”/”us”/”Trust”) promise to respect the confidentiality of any personal data you share with us, to keep it safe, and we will always take every effort to protect your privacy. We pride ourselves on our honesty and openness and will always be clear how, when and why we collect and process your information; we promise we will never do anything with your details that you wouldn’t reasonably expect.
Developing a better understanding of our members and donors is crucial, and your personal data allows us to manage your membership and provide the services to which you are entitled.
It is expected that Trust members and district officers may also process member personal data on behalf of the Trust
Personal Data you give to us DIRECTLY
There are many ways you may give us your information. For example, when you join as a member, begin volunteering, make a donation, purchase our products or communicate with us either by phone, email or in person. We are responsible for your data at all times.
Personal Data you give to us INDIRECTLY
Your information may be shared with us by independent organisations, for example sites like Virgin Money Giving or other such services. These independent third parties will only share your information when you have consented. You should check their Privacy Notice when you provide your information to understand fully how they will process your data.
Via Social Media
Depending on your settings or the privacy notices for social media and messaging services like Facebook, WhatsApp, LinkedIn or Twitter, etc., you might give us permission to access information from those accounts or services.
Via information available publicly
This may include information found in places such as websites, Companies House and information that has been published in articles/newspapers.
What personal information we collect and how we use it
We will only ever capture the minimum amount of information that we need to in relation to your membership, donation or services we provide to you and we promise to keep your information secure. The personal data we may collect includes:
Where it is appropriate, we may also ask for additional information, and this will be made clear to you at the time the personal information is requested.
How we will use your data
Sensitive information
We do not collect any personal information on members classified as ‘sensitive’ under GDPR. For example, information about an individual’s: race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sex life; or sexual orientation. We do not collect information from under 18’s without the consent of their parent/guardian.
Data Sharing
Our service/host providers
In the course of our legitimate Trust activities, there may be a need for us to share, or give access to, your personal data to third parties that provide us with services or host our applications/software that you may access, for instance:
Local printers when used to print booklets etc.
On occasion, the Trust may collect personal data for our individual activities (such as an event requiring personal information for registration) and are therefore independent data controllers. This means that we are also responsible for protecting your data under GDPR legislation whilst it is in our safekeeping and we will process your data in accordance with the privacy notices of the Trust
Sharing with third parties
We will only ever share your personal data if we have your explicit and informed consent at the time of collection. We will never sell your personal data to anyone.
However, we may need to disclose your details if required to by the police, other agencies, for example HMRC, regulatory bodies or our legal advisors.
How we keep your information safe and who has access to it
We ensure that there are appropriate physical and technical controls in place to protect your personal details and we work within good practice, for example, confidential paper records are securely stored, or securely disposed of as appropriate. The Trust and its members ensure that PCs/devices holding personal information on behalf of the Trust are protected with appropriate anti-virus and malware protection and this is routinely monitored by the Trust.
We undertake regular reviews of who has access to information that we hold to ensure that your personal information is only accessible by appropriate members, Rotary officers, Rotary staff and members and our service/host providers. We do comprehensive checks on the companies we use before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they may have access to as part of providing those services.
We have a duty to report certain types of personal data breaches to the relevant supervisory authority, and where feasible, we will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, we will inform you without undue delay.
Where we store your information:
The Trust may hold your information in various ways depending on your relationship with us, for instance:
As a member, your personal information may be held by individual Trust officers or members for the purpose of specific Trust activities.
As a member of Leith Lives, with your consent, your personal information will be held by individual Trust officers or members for the purpose of specific Trust activities.
How long we retain your information and how we keep it up to date
We will only keep your information for as long as we need it to assist you with your enquiry, process your membership, with either membership of this Trust, volunteering, any enquiry you make to us, donations, event registrations or other services as part of your membership, Trust activity or as requested by you. There are statutory timescales on how long we should keep your information, for example, gift aid transactions must be retained indefinitely, financial records must be kept for 7 years, information associated with Health & Safety can be retained for up to three years after an event etc. We shall delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner, or guidance issued at the time the personal information is collected.
Your rights
The General Data Protection Regulations gives you certain rights and these are listed below for your convenience, further clarification of your rights is available on the Information Commissioners website:
You have a right to be informed when your personal data is being collected, what is collected and how it will be used or shared.
You have a right of access to your personal data: the right of access allows you to be aware of and verify the lawfulness of the processing of your personal data.
You have a right in certain circumstances to have inaccurate personal data rectified, blocked (restrict processing), erased (right to be forgotten), or destroyed.
You have a right in certain circumstances to object to the processing of your personal data for such reasons as direct marketing, automated decision making, profiling; although we can confirm we make no decisions on you using an automated process.
You have a right in certain circumstances to data portability.
In certain situations, these rights may not apply, for example if you are a valid member we will need to communicate with you about your membership and those services afforded to you as part of that membership; you hold a Trust office and we need to communicate with you in relation to that office, in which case you will not be able to unsubscribe from certain communications.
We collect and process your personal data through legitimate interests or because you have provided it to us to enable us to deliver a service to you. We will only process your personal data as you would reasonably expect us to. You can opt out of general member mailings at any time.
Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.
Changes to this privacy notice
We may change this privacy Notice from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website or by notifying you directly.
Our contact details
Leith Civic Trust
Email: info@leithcivictrust.org
Complaints
If you are unhappy with how we have processed your personal information, please firstly contact the Trust - details above. If you are still unhappy you may contact the following:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or ++44 1625 545 745
Our website only uses cookies to ensure that users get the best experience possible. We do NOT collect any personal information. We do not use analytical/performance cookies.