Privacy Notice, GDPR and Complaints Policy

Creative Crieff takes your privacy seriously. We are a ‘controller’ of the personal information that you provide to us. In accordance with the EU General Data Protection Regulation (GDPR), this privacy notice sets out how, why and for how long we will your use your personal data, as well as who it is shared with. It also explains your legal rights as a data subject and how to exercise them.

What we need from you

When you register with Creative Crieff, or send us a donation, we may ask you for some or all of the following personal information:

    -Contact details - (name, address, email address and phone number) to get in touch with you, define your membership category -Date of Birth – to calculate the membership category and eligibility for events; -Payment Details- (bank account number, sort code, card details) if subscription fee or donation is payable; -Equality Information – sex, gender, disability, ethnic group and religion – to demonstrate and ensure we are reaching all areas of the community; and, - Safety and emergency details – next of kin, relevant health information – if you are taking part in any events hosted by us.

Why we need your personal information

We need to collect our members and customers personal information so that we can manage your relationship with us. We may use our members’ personal information to:

  • -Provide you with core member services, including information on membership and end of year reporting;
  • -Set up online membership accounts enabling you to access your membership and communications preferences, as well as give you access to members
  • areas on our website; and,
  • -Organise activities and manage risk and safety if you attend our events
  • -Engage with you as a donor supporter of the charity, invite you to special events and projects
  • - We use aggregated and anonymised reports of our members personal information for equality monitoring purposes, enabling us to evaluate and promote
  • equality of opportunity within our activities.

Legitimate Purposes

We also process our members personal information in pursuit of our legitimate interests to:

  • -Provide you with news and updates about the activity of Creative Crieff, opportunities to get involved in our events, workshops, general meetings or other activities;
  • -Raise awareness of Creative Crieff’s activities by capturing photos, videos or live streaming at events. We will use this for promotion, education and
  • development purposes;
  • -Respond to and investigate your questions, comments, support needs, complaints, concerns or allegations.

Legal Obligations

We are under a legal obligation to process certain personal information relating to our members for the purpose of complying with:

  • -Protection of Vulnerable Groups (Scotland) Act 2007, which requires us to check that our instructors, facilitators and volunteers are able to undertake
  • regulated work with children and vulnerable adults;
  • -The Equality Act 2010 which requires us to process personal information to make reasonable adjustments where necessary;
  • -The Charities and Trustees Investment (Scotland) Act 2005 and the Companies Act 2006 both of which require us to maintain a register of members, including name address, date of admitted to membership and date on which the membership ceased, to hold general meetings, issue notices and AGM voting arrangements.

Who we share your personal information with

If you become a member of Creative Crieff your details will be added to the Register of Members. In terms of the Companies Act 2006 (the “Act”) any member of Creative Crieff and any other person (subject to the provisions of the Act) is entitled to inspect the Register of Members.

We may be required to share personal information with statutory or regulatory authorities to comply with statutory obligations. Such organisations include the Health and Safety Executive, Disclosure Scotland and Police Scotland for the purposes of safeguarding children. We may also share personal information with professional and legal advisors for the purpose of obtaining advice.

Third Party Suppliers with access to Members’ personal Data

Creative Crieff may use third party suppliers to provide services. These suppliers may process personal data on our behalf and are subject to contractual conditions to only process that personal information under our instructions and protect it.

In the event we share personal information with external third parties, we only share such information strictly required for the specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes.

  • -A membership database processing service
  • -A financial institution to process payment transactions securely on our behalf;
  • -Salesforce, Mailchimp or other services to process and distribute some of our email communications;
  • -Instructors, professional trainers and event organisers receive details of training or events participants.

We will never pass your details on to third parties for marketing or sales purposes.

How we protect your personal data

We are committed to protecting the privacy and confidentiality of your personal information.

Your personal data is accessed by our Executive Staff only for the purposes set out above. It is stored by Creative Crieff in secure password protected database. If the information is sent electronically, it is through a password protected email.

How long we keep your personal information

We only keep your personal information for as long as necessary to provide you with membership services. Unless you ask us not to, we will review and delete your personal data where you have not renewed your membership for several years, however there may be some personal information that we will require for a longer period to meet statutory record keeping and accounting requirements, such as Gift Aid Declarations.

Transmission of Data Overseas

The information you provide to us will be transferred to and stored on our secure servers in the European Economic Area (“EEA”). However, occasionally, there may be a need for your personal data to be transferred to, stored in, accessed from or processed at a destination outside the EEA. Where we transfer your personal data outside the EEA, we will only do so lawfully and we will ensure that adequate security measures are in place and that your personal data is processed only in accordance with EU Data Protection laws. If we are proposing to make a restricted transfer that is not covered by an adequacy decision of the EU Commission or an appropriate alternative safeguard, we will only make that transfer if you give your consent.

Using our website

You can visit and browse our website without providing any personal information.

You may choose to submit your personal information by contacting us through our website Contact Form. In such instance we will only process your personal information for the purpose of responding to your request and for no other purpose, without your prior consent.

Our website uses Cookies.

Please note that this Privacy Policy applies to our website and not to the websites of other organisations to which we may provide links. We are not responsible for the information notices/privacy policies, terms and conditions or practices of such third party sites and you should make your own enquiries in respect of any or each of them.

Internet and Data Storage

The Internet is inherently insecure. Personal information submitted by means of the Internet may be vulnerable to unauthorised access by third parties. Submission of personal information using the Internet is at your own risk. We will take reasonable and appropriate technical measures to ensure that your personal information is stored in a secure manner. However, we shall have no liability for disclosure of data due to errors in transmission or the fraudulent, negligent or other illegal acts of a third party, such as ‘Hacking’. Any transmission of personal information on or through the use of our website is at your own risk.

You have the right to

Access to your information – You have the right to request a copy of the personal information about you that we hold.

Correcting your information – We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.

Deletion of your information – You have the right to ask us to delete personal information about you where:

  • -You consider that we no longer require the information for the purposes for which it was obtained.
  • -We are using that information with your consent and you have withdrawn your consent – see “Withdrawing consent to using your information” below.
  • -You have validly objected to our use of your personal information – see “Objecting to how we may use your information” below.
  • -Our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information – You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.

Restricting how we may use your information – In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don't want us to delete the data. Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Withdrawing consent using your information – Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Complaints

We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner's Office, whose contact details are as follows: Information Commissioner's Office, Wycliffe House, Water Lane, Cheshire. SK9 5AF Telephone - 0303 123 1113 https://ico.org.uk/concerns

© Creative Crieff. All Rights Reserved.