We value your privacy and are committed to protecting your personal data. This policy explains how we collect and process your personal data.
The Scottish Outdoor Access Network (SOAN) (referred to as “we”, “us” or “our” in this privacy policy) is an unincorporated association and is the data controller of the information we hold about you.
What’s personal data?
1. Personal data means any information about an individual from which that individual can be identified. It can be stored electronically or on paper. It includes images and audio recordings as well as written information.
What’s data protection?
2. Data protection is about how we, as an organisation, make sure we protect the rights and privacy of individuals and comply with the law, when processing (e.g. collecting, storing, using, amending, sharing or deleting) personal data.
Who’s responsible for data processing and who can I contact?
3. Responsibility for data protection lies with our Management Committee (email [email protected]). They are responsible for overseeing our activities and making sure that this policy is followed.
What personal data may we collect and process?
4. We may collect and process the following personal data:
- personal details (name, address, email address, telephone numbers) and business details (job title, work email address, organisation) – e.g. those that you give us as a member, via filling in forms on our website, completing surveys, enrolling for our events, filling in event evaluations or telling us directly in some other way);
- any information about you that you choose to send to us via email, K-Hub, our website and social networking tools such as Twitter or tell us over the phone;
- financial details through donations or transactions with us (e.g. for goods, services, attending events);
- audio recordings (e.g. if you attend and speak at an online event and you give us permission to make the recording); and visual images (e.g. if you attend an online / in-person event and give us permission to take photographs / video).
Whose personal data may we collect and process?
5. We may process personal information about:
- members and supporters;
- event attendees;
- our Management Committee;
- employees and volunteers;
- anyone who may contact or supply their personal information to us (e.g. via email, X, K-Hub, our website, surveys, phone);
- representatives of other organisations, including funders; and
- those from whom we obtain goods and services.
Why we may collect and process these individuals’ personal data and on what legal basis?
6. We may collect and process these individuals’ personal data in order to carry out our activities.
7. We process personal data only in ways which protect people’s privacy and comply with the General Data Protection Regulation (GDPR) and other relevant legislation.
8. We will only collect, store and use personal data:
- for purposes for which an individual has given consent;
- for purposes that are in our legitimate interests;
- for entering into and performing contracts;
- to comply with legal obligations;
- to protect someone’s life; or
- to perform public tasks.
Sharing your personal data
9. We will only disclose personal information to third parties or individuals when obliged to by law, to protect someone’s life or to perform public tasks and the following:
- if you have agreed that we may do so.
- when we use any service providers, sub-contractors or agents to provide services on our behalf and in accordance with our instructions including payment providers, event ticketing providers, email communication providers, IT service & online storage providers, accountants, auditors and lawyers; and
- if we run an event and your details need to be shared for the management of the event with any event partner, events company or venue. We will be very clear what will happen to your data when you register.
10. We will never sell or rent your personal information to other organisations.
How do we store your personal data?
11. We only collect, store and use the minimum amount of data that we need for clear purposes and will not collect, store or use data we do not need.
12. We aim to keep personal data up-to-date and accurate.
13. Our data is stored and processed by a range of software packages and data services including within our Google Drive and connected Google applications (see Google’s Privacy Policy). It may also be processed via Mailchimp (see Mailchimp’s Privacy Policy) or Sendinblue (see SendinBlue’s Privacy Policy), both industry-standard bulk email systems.
How long we keep personal data
14. We won’t keep your personal data for any longer than is reasonably necessary and all data will be securely destroyed or otherwise disposed of once it’s no longer needed.
Your rights
15. We must tell you how we use your data. This is the purpose of this Privacy Policy.
16. You can ask us, at any time, to change, delete, restrict the use of or send you a copy of your personal data as well as object to us using your personal data by emailing us at [email protected]. We will do so unless legally required to do otherwise. You can also email us at this address if you have any questions about your personal data or our privacy policy.
17. If you are unhappy with how we have used your data, you have the right to complain to the Informational Commissioner’s Office:
Information Commissioner’s Office – Scotland
Queen Elizabeth House
Sibbald Walk
Edinburgh
EH8 8FT
Telephone: 0303 123 1115 – Email: [email protected] – visit: ICO Website