Privacy and Data Protection Policy

Policy statement

The Trustees and Committee Members of Glencoe and Glen Etive Community SCIO  (“the Committee”) are committed to a policy of protecting the rights and privacy of individuals. The Committee needs to collect and use certain types of data in order to carry out the work of processing grant applications received from individuals or groups within the Community.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).  It governs the use of information about people (personal data). Personal data can be held on computers, laptops and mobile devices, or in a manual file, and may include names, addresses, phone numbers, emails, personal financial details of those who receive grants, minutes of meetings, and photographs. We collect the information from members when they join the SCIO, and from those applying for grants. This personal information must be collected and handled securely according to UK law.

The Committee will remain the data controller for the information held. Trustees and Committee Members are personally responsible for processing and using personal information in accordance with the Data Protection Act and GDPR. If you would like to find out more about how we use your personal data or want to see a copy of information about you that we hold, please contact the Secretary: info@glencoe-glenetivecc.org

Aims

The purpose of this policy is to set out the Committee’s commitment to, and procedures for, protecting personal data. The Committee regards the lawful and correct treatment of personal information as very important to the successful operation of the SCIO, and to maintaining the confidence of grant applicants and the local community at large.

Operation

The Data Protection Act 2018 contains 8 principles for processing personal data with which we will comply.

Personal data 

  1. Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met, 
  2. Shall be obtained only for one or more of the purposes specified in the Act, and shall not be processed in any manner incompatible with that purpose or those purposes, 
  3. Shall be adequate, relevant and not excessive in relation to those purpose(s), 
  4. Shall be accurate and, where necessary, kept up to date, 
  5. Shall not be kept for longer than is necessary, 
  6. Shall be processed in accordance with the rights of data subjects under the Act, 
  7. Shall be kept secure by the Trustees who will take appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information, 
  8. Shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal information.

The Trustees are collecting personal data for the purpose maintaining the membership list and for the processing of grant applications. It is our responsibility to ensure the data is only used for this purpose. Access to personal information will be limited to the Committee. Data may be retained for up to 7 years for accounts purposes and for longer where required by law.

Individuals have a right to make a Subject Access Request (SAR) to find out whether the Trustees hold their personal data, where, what it is used for and to have data corrected if it is wrong. Any SAR will be dealt with within 30 days, as is required, and steps will be taken to confirm the identity of the individual making the request.

Where the law allows, we may occasionally need to share data with other agencies such as the local authority, funding bodies and other voluntary agencies in circumstances which are not in furtherance of the management of Glencoe and Glen Etive Community SCIO.

Specific Actions

The Trustees have a duty to ensure that appropriate technical and procedural measures are taken to prevent breaches of data security. These measures will include:

  1. Physical files containing personal data will be kept in a locked cabinet, or secure area. 
  2. Personal data stored electronically will be password protected, with a strong password. 
  3. Computers and devices used to access and process the data will have up to date internet security software installed and operational. 
  4. Only the Committee will have access to personal information and then only on a need to know basis and having given written assurance that appropriate data security measures are in place and procedures observed. 
  5. No personal data will be given over the phone unless there is no doubt as to the caller’s identity and right to access the information. 
  6. Information to meet a SAR request will only be released if evidence of identity is provided. 
  7. Consent to retain personal information will be recorded and updated as necessary. 
  8. Email correspondence on behalf of Glencoe and Glen Etive Community SCIO will use a dedicated email account, not personal emails. Emails containing personal information will be saved into appropriate secure folders and deleted from email in-boxes and deleted files folders. 
  9. Personal data will be stored for only as long as it is needed, or required by statute and will be disposed of appropriately. 
  10. Data security will be included as a regular agenda item at Trustee meetings.

Our details

  1. This website is jointly owned and operated by Glencoe and Glen Etive Community SCIO and Glencoe and Glen Etive Community Council.
  2. The SCIO is registered in Scotland under registration number SC035068 and its registered office is at Honeysuckle Cottage, Carnoch, Glencoe, PH49 4HS.
  3. The SCIO's principal place of business is at Honesuckle Cottage, Carnoch, Glencoe, PH49 4HS.

How to Complain

If you have concerns about our use of your personal information, you can make a complaint to us at: info@glencoe-glenetivecc.org

You can also complain to the ICO if you are unhappy with how we have used your data:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113