1.1 We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Statement describes Camphill-Blair-Drummond's (‘CBD’) policies and practices regarding its collection and use of your personal data and sets forth your privacy rights.
1.2 We promise to respect any of your personal information which is under our control and to keep it safe. We aim to be clear when we collect your information about what we will do with it. We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Statement as we undertake new personal data practices or adopt new privacy policies.
2 WHO WE ARE
2.1 Camphill (Blair Drummond) Trust Ltd is a charity registered in Scotland (Reg no: SC001917, Company registration no: SC059206). We are registered with the Information Commissioner's Office as a Data Controller under registration number Z5176972.
2.2 We have appointed a Data Protection Compliance Manager for you to contact if you have any questions or concerns about our personal data policies or practices. CBD's Data Protection Compliance Manager’s name and contact information are as follows:
Blair Drummond House,
Cuthil Brae, Stirling FK9 4UT
Tel: +44(0) 1786 841573
E-mail: [email protected]
2.3 If you are concerned about an alleged breach of privacy law or any other regulation by us, please contact our Data Protection Compliance Manager who will ensure that your complaint is investigated.
2.4 If you are not satisfied with our handling of your queries or complaints on data protection, you can call the Information Commissioner's Office on 0303 123 1113.
3 THE DATA WE COLLECT AND PROCESS
3.1 We collect, store and use the following kinds of personal information:
- your name;
- your contact details (including postal address, telephone number, e-mail address and/or social media identity);
- your date of birth;
- your gender;
- if you volunteer for us or apply for a job with us, information necessary for us to process these applications and assess your suitability (which may include things like employment status, previous experience depending on the context, as well as any unspent criminal convictions or pending court cases you may have);
- information about your activities on our website(s) and about the device you use to access these, for instance your IP address and geographical location;
- information about events, activities and products which we consider to be of interest to you;
- information relating to your physical and health if you are a resident or a day visitor;
- where you have left us a legacy, any information regarding next of kin with which you may have provided us to administer this;
- information as to whether you are a taxpayer to enable us to claim Gift Aid;
- age, nationality and ethnicity information for monitoring purposes; and
- any other personal information you provide to us.
- CCTV images call recordings and photographs.
4 SPECIAL CATEGORY DATA
4.1 Certain types of personal information are in a special category under data protection laws, as they are more sensitive. Examples of this type of sensitive data that we may collect includes information about mental and physical health, disabilities, medical records, care plans, race, ethnicity, religious beliefs, sex life or sexuality or genetic/biometric information.
4.2 We only collect this type of information for providing appropriate facilities or support to our residents, day visitors and individuals who get in touch with us or are referred to us for such facilities and support.
5 HOW WE USE YOUR INFORMATION
5.1 We will use your information:
- To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.
- To provide the services or goods that you have requested.
- To update you with important administrative messages about your donation, an event or services or goods you have requested.
- To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the OSCR Commission, which require us to identify and verify the identity of supporters who make major gifts, so we can assess any risks associated with accepting their donations.
- To keep a record of your relationship with us.
- Where you volunteer with us, to administer the volunteering arrangement.
- To contact you about our work and how you can support CBD
- To invite you to participate in surveys or research.
5.2 We may also use your personal information:
- To contact you about our work and how you can support CBD
- To invite you to participate in surveys or research.
6 BASIS FOR USING YOUR INFORMATION
6.1 Specific consent
Consent is where we ask you if we can use your information in a certain way, and you agree to this (for example when we send you marketing material via post, phone, text or e-mail). Where we use your information for a purpose based on consent, you have the right to withdraw consent for any future use of your information for this purpose at any time.
6.2 Legal obligation
We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, in some cases we may need to share your information with our various regulators such as the Charity Commission, Fundraising Regulator, Information Commissioner or Medical and Health professionals, or to use information we collect about you for due diligence or ethical screening purposes.
6.3 Performance of a contract / take steps at your request to prepare for entry into a contract
We have a basis to use your personal information where we are entering into a contract with you or performing our obligations under that contract. Examples of this would be if you are buying something from us (for instance some branded merchandise or, in some cases, an event place), applying to work/volunteer with us, or being funded to undertake research.
6.4 Vital interests
We have a basis to use your personal information where it is necessary for us to protect life or health. For instance, if there were to be an emergency impacting individuals at our residential homes, at one of our events, or a safeguarding issue which required us to contact people unexpectedly or share their information with emergency services.
6.5 Legitimate interests
We have a basis to use your personal information if it is reasonably necessary for us (or others) to do so and in our/their “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights).
We consider our legitimate interests to include all of the day-to-day activities we carry out with personal information. Such examples may include:
- analysis and profiling of our supporters using personal information we already hold;
- use of personal information to administer, review and keep an internal record of the people we work with, including supporters, volunteers and researchers;
We only rely on legitimate interests where we consider that any potential impact on you (positive and negative), how intrusive it is from a privacy perspective and your rights under data protection laws do not override our (or others’) interests in us using your information in this way.
7 HOW IS YOUR PERSONAL DATA COLLECTED?
We collect information from you in the following ways:
7.1 When you interact with us directly
This could be if you ask us about our activities, register with us for training or an event, make a donation to us, ask a question about mental health, purchase something, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website, make a purchase from our shops, or get in touch through the post, or in person.
7.2 When you interact with us through partners or suppliers working on our behalf
This could be if you access a service which is delivered through a trusted organisation working on our behalf and always under our instruction.
7.3 When you interact with us through third parties
This could be if you provide a donation through a third party such as Just Giving or one of the other third parties that we work with and provide your consent for your personal information to be shared with us.
7.4 From other information that is available to the public
To tailor our communications with you to your background and interests we may collect information about you from publicly available sources or through third party subscription services or service providers (we have provided further details about this below – see 'Profiling: Making our work unique to you').
8 WHEN AND HOW WE SHARE INFORMATION WITH OTHERS
8.1 The personal information we collect about you will mainly be used by our staff (and volunteers) at CBD so that they can support you.
8.2 We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.
8.3 CBD may however share your information with our trusted partners and suppliers who work with us on or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes.
8.4 Some examples of where we may share your information are with our fulfilment partners who help to create and send information to you to reduce our costs, with our partners who help us to process donations and claim Gift Aid and our partners who help us to manage our social media accounts.
8.5 We enter into contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.
8.6 We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority).
9 YOUR RIGHTS
9.1 This Privacy Notice is intended to provide you with information about what personal data the Firm collects about you and how it is used. If you have any questions, please contact us at [email protected]
9.2 If you wish to confirm that the Camphill-Blair-Drummond is processing your personal data, or to have access to the personal data we may have about you, please contact us at [email protected]
9.3 You have a right to request correction of inaccurate information, deletion of information, and to instruct us to stop processing your information. We are obliged to honour such requests as per the regulatory requirements. If you'd like more information or would like to make such a request, please contact us at
10 SECURITY OF YOUR INFORMATION
10.1 To help protect the privacy of data and personally identifiable information you provide to us, we maintain physical, technical and administrative safeguards. We update and test our security technology and controls on an ongoing basis.
10.2 We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
11 DATA STORAGE AND RETENTION
11.1 Your personal data is stored by Camphill-Blair-Drummond on its servers, and on the servers of the cloud service providers we engage, as well as in physical forms in our office and at backup and archival facilities.
11.2 We retain data only for as long as reasonable and necessary for the relevant activity, or to fulfil our legal obligations.
11.3 For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at