Scottish Communities Climate Action Network (SCCAN) CIC
The Scottish Communities Climate Action Network (SCCAN) and our working groups (e.g. Transition Scotland hub) and task groups (e.g. those planning an annual gathering) take your privacy seriously. We never pass your personal data to anyone else.
If you have any concerns, you have a right to:
- Request that we correct personal data if you believe it is inaccurate / incomplete
- Request that we delete your personal data
- Change communication preferences or restrict processing of your personal data
- Access the personal data that we hold about you via a “subject access request”.
Please contact us at info@scottishcommunitiescan.org.uk for any of these purposes.
Under data protection legislation we are a “controller” of personal data you share with us. We have undertaken a Data Audit and this Policy provides notice on how and why we process your data and for how long we will keep your personal data, and where it is held.
We retain your data in different ways depending on the application:
- Group and Individual Membership
What we do with your data: We use your data to provide both group and individual membership services, including e-newsletters, communications regarding relevant collaborations, events, SCCAN proposals and decisions, including your organisation’s description and website in our online database.
Data held: Organisation name, address, website, phone number, email, description; names, email addresses, phone numbers of two contact people; any other data on organisation activities you supply us with.
Individual name, address, email, phone number and description of why you wish to join. This contact information is private, the email address being the exception, and will not be given out to a third party including other members without your permission.
Name of the organisation or individual along with the reason for joining will be shared only with the members of the Welcoming Circle.
Legal basis for processing data: Legitimate interest – as you have signed up.
Storage: Data is held in a password protected database accessed only by nominated SCCAN representatives who have signed our Confidentiality Agreement. Email addresses are also held on our Mailchimp account to enable us to circulate our newsletter to contacts.
Restricted data of those contributing to sub groups may be held on specific service providers like Buddypress and Slack where it is used with agreement of each individual – to facilitate active collaboration.
Retention: We keep your personal data only to provide you with membership services. We will update or delete your data on request.
- Mailing list subscribers
What we do with your data: We send you an e-newsletter and other occasional mailings about relevant events or projects.
Data held: First name, Last name & email address, community organisation (optional)
Legal basis for processing data: Consent – as you have signed up.
Storage: Data is held on our Mailchimp account. Their servers are based in the US and they uphold the EU Privacy Shield to certify their data security.
Retention: We will keep you on this mailing list until you request any change. You can unsubscribe any time you want by following the link at the bottom of each mailing.
- Event attendees
What we do with your data: When you attend an event we organise, we collect data to demonstrate trends to funders or for internal monitoring and evaluation purposes. We may also take photos for documentation or to be used in our future communications.
Data we may collect: Name, email, address, photo.
Legal basis for processing data: Consent – as you have signed up.
Storage: Data is held in a password protected database accessed only by key staff.
Retention: We keep details only as needed for reporting purposes, maximum 5 years.
- Contracted work
What we do with your data: We are required to use your data to enter into a contract and to remunerate those who do paid work.
Data collected: Name, address, phone number, email, bank account details.
Legal basis for processing data: Contract – that you have signed.
Storage: Correspondence is held in a password protected folder. Bank details are also stored in our online bank account with our bank, to enable them to process payment transactions securely on our behalf.
Retention: 7 years or as required under current legislation.
- Website visitors
Like most other organisations we use Google Analytics on our websites. This software captures data from website visitors in a form of an advanced web server log. It records:
- What website you came from;
- How long you stay for; and
- the kind of computer used.
This helps us to understand who comes to our sites and what content they’re reading and enables us to make better decisions about design and writing.
We occasionally compile aggregate statistics about numbers of site visitors and browsers being used. No personal data is included in this type of reporting and all this activity falls within the bounds of the Google Analytics Terms of Service.
- Your rights
If you have any concerns, which are not resolved by communicating with us, you can raise a complaint with the Information Commissioner’s Office at www.ico.org.uk.
- Other uses of your personal information
We may ask you if we can process your personal information for other purposes. If we do so, we will provide you with an additional privacy notice explaining how we will use your information for these purposes.
- Third party suppliers with limited access to members’ data
We may use third party suppliers to provide services. These suppliers may process personal data on our behalf as “processors” and are subject to contractual conditions to only process that personal information under our instructions and to protect it.
In the event that we share personal information with external third parties, we only share such information strictly required for the specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes.
- The Co-operative Bank process payment transactions securely on our behalf
- Mailchimp distributes some of our email communications. Their servers are based in the US and they uphold the EU Privacy Shield to certify their data security
- We use Eventbrite’s ticketing service for some of our events. They comply with GDPR, see their privacy policy online.
- Instructors, coaches and event organisers receive details of training participants.
- Data Protection
The Scottish Communities Climate Action Network (SCCAN) and our established working groups (e.g. Transition Scotland hub) and task groups (e.g. those planning an annual gathering) take privacy and data protection seriously.
Everyone handling data on our behalf, must follow these guidelines:
- Ensure passwords for files, databases, and accounts are securely stored and not shared with anyone without the consent of the General Circle / secretariat.
- Do not leave your computer logged in to encrypted files / folders.
- Delete emails containing personal data and / or password information as soon as possible.
If you need a password or are unsure about any of these guidelines, please contact the Network Weaver on info@scottishcommunitiescan.org.uk.
Document history
Who | Discussed | Changes / Decisions | Date |
Original Privacy Policy adopted | 2016 | ||
Steering Group | Minor revisions | 18 May 2018 | |
Welcoming | Clarified data flow for new members | 21 Sept 2020 | |
General Circle | Circulated for adoption by email | Dec 2020 | |
G&PCircle | Reviewed for adoption by CIC Board | 15 Feb 2021 | |
CIC Board | Adopted – next Review due in Feb 2024 | 19 Feb 2021 |