From 25th May 2018 the processing of personal data will be governed by the General Data Protection Regulation (GDPR).
Supporters Direct Scotland (SDS) will comply with its obligations under GDPR by:
- using personal data lawfully and transparently
- collecting personal data only for specified, express and legitimate purposes
- ensuring the data we collect is adequate, relevant, limited, accurate and kept up to date
- keeping data for no longer than is necessary
- processing data in accordance with the subject’s rights
- ensuring appropriate security
Who are we?
Supporters Direct Scotland Limited (SDS) is a Registered Society under the Co-operative and Community Benefit Societies Act 2014. Our registered address is 64A Cumberland Street, Edinburgh, EH3 6RE. Our Registered Number is 7681.
What is personal data?
Personal data means any information relating to an identified or identifiable person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as:
- a name
- an identification number
- location data
- online identifier
What is sensitive data?
Under GDPR sensitive data uses the term ‘special categories of personal data’ meaning personal data that reveals:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data
- biometric data
- data concerning health
- data concerning a person’s sex life or sexual orientation
What is data processing?
Data processing includes:
- collection
- storage
- retrieval
- use
- destruction
What data do we hold?
We hold contact details (email address) for Scottish Supporters Network members/Supporters Direct Scotland full members. Sensitive data may be held via our Annual Supporters Survey.
How do we collect this data?
We collect this data from you when you complete your membership application. We also collect data via our Annual Supporters Survey.
Where do we hold this data?
We hold this data securely in a file hosting service called G Suite (cloud based) and via SurveyMonkey/Mailerlite.
Which payment processors do we use?
We use GoCardless (www.gocardless.com) to process membership fees and PayPal (www.paypal.com) for the processing of ad hoc online payments.
Which communication processors do we use?
We use Mailerlite (www.mailerlite.com)
What legitimate interest do we have in holding and processing your personal data?
We use your personal data to:
- enable us to collect membership subscriptions
- inform you of news, surveys, events and services
- carry out research via the Annual Supporters Survey
- consult with our members to assist in the creation of organisational policy
- maintain our records and accounts
Who do we share your personal data with?
We do not share your personal data with anyone.
Will your data be processed outside the UK or EU?
Your data will not be processed outside the UK or EU.
How long do we hold your personal data for?
We will hold your personal data for as long as you continue to be a subscriber/member.
What are your rights under GDPR?
You have the following rights with respect to your personal data under GDPR:
- the right to be informed
- the right of access to a copy of the information comprised in your personal data
- the right to object to processing that is likely to cause or is causing damage or distress
- the right to prevent processing for direct marketing
- the right to object to decisions being taken by automated means
- the right to have inaccurate personal data rectified, blocked, erased or destroyed
- the right to be forgotten
- the right to data portability
- the right to withdraw consent
What is our Data Breach Policy?
A data breach is a breach of security leading to the accidental or unlawful destruction of, alteration of, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
In the event of a security breach SDS (data controller) will make a report to the Information Commissioner’s Office (ICO) without delay and at the latest, within 72 hours of becoming aware of it if it presents a risk to the rights and freedoms of the data subjects.
How do you contact us?
You can contact us by email at: info@supporters-direct.scot
Or by writing to us at:
Supporters’ Direct Scotland, 64A Cumberland Street, Edinburgh, EH3 6RE
