Data Protection and Privacy Notice
Data Protection Policy
ACE IT Scotland is committed to the essential collection and proper safeguarding of personal data with due regard to the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Personal data is any information which is or can be related to an identified or identifiable person, for example, telephone number, credit card details, appearance, or names and address records.
The Charity’s legal basis
ACE IT Scotland must have a legal basis to collect, store and use personal data. In the case of sensitive personal data a second legal basis and consent is required. The legal basis relied upon by the charity to process personal data is that it is necessary:
- to perform charitable services
- to exercise of legal duties
- to protect the interests of various parties
- to protect the legitimate interests of the charity
- to develop products or services and grow the service provision of the charity.
Consent is generally sought and obtained by signature confirmation, by way of contractual provisions, or by electronic means, such as clicking a box on the charity’s website. When processing personal data, the charity will ensure the information is;
- used fairly, lawfully and transparently and for specified, explicit purposes
- accurate, up to date and kept for no longer than is necessary
- used in a way that is adequate, relevant and limited to only what is necessary
- retained and managed in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
The charity will not hold sensitive information, such as:
- race and ethnic background
- political opinions and religious beliefs
- trade union membership
- genetics and biometrics (where used for identification)
- health and sex life or orientation, and
- criminal convictions and offences.
Under the law any concerned person has the right to find out what personal data the charity holds about them. These include the right to:
- access and be informed about how data is being used have incorrect data updated and erased
- stop or restrict the processing of his/her data
- data portability (allowing extraction and reuse of data for different services)
- object to how your data is processed in certain circumstances
If a person wishes to find out what personal data ACE IT Scotland has about them, they should write to the ACE IT Manager at firstname.lastname@example.org Information will be provided within one month, If it is complex, or there are multiple requests, it may take a further two months to provide in which case response will made within one month of the request with an explanation for the delay.
There are some situations in which the charity is allowed to withhold information and does not have to give reasons. In particular if the information concerns:
- the prevention, detection or investigation of a crime
- national security or the armed forces
- the assessment or collection of tax
- judicial or ministerial appointments
Requests for information are usually free. However, the charity reserves the right to charge an appropriate administrative fee, if a large amount of information is requested or the request will take a lot of time and effort to process.
This Privacy Notice explains how and why ACE IT Scotland processes your personal data under UK GDPR and the Data Protection Act 2018. It tells you what we may do with your personal information when you contact us or use one of our services. We will also ask you to sign our GPDR Permission Form. If you have a query about this privacy notice, please contact the ACE IT Scotland Manager by emailing email@example.com. Most of the personal information we process is provided to us directly by you when you:
- apply for a job or to be a trustee or volunteer
- make a complaint or enquiry
- make an information request
- book or attend an event or coaching course
- subscribe to email updates
How we use your personal data
What we collect about you and how we do this depends on when you contact us and what services you use and how much personal data we need to provide these services.
Applying for a contract, job or to be a volunteer
When applying for a contract, job or to be a volunteer, we will ask for your contact, work experience, qualifications and reference details. If you are unsuccessful in your application, your personal data will be destroyed after three months. If you are successful in your application your personal data will be kept and added to as required.
Applying to be a trustee or member
When applying to be a trustee we will ask for your contact, work experience, qualifications and reference details, plus any potential or actual conflicts of interest. If you are applying to be a member we will ask for your contact details, interests in the charity and any potential or actual conflicts of interest.
Events or coaching services
When you book or arrange a coaching session or event offered by the charity, we collect and use personal data to provide this service to you. In order to process your request when you make a booking, we collect your:
- telephone number
- email address
Your details will be kept by us for up to 12 months, after which they will be deleted from our database.
You may be asked to tell us about any special needs you have, such as sensory impairments, mobility or dietary requirements, if food is provided for an event.
Signing up to the newsletter
If you sign up to our newsletter, your personal details will be stored by a third-party website (Mailchimp) and you will have consented to receive marketing updates through this. You can unsubscribe at any time but please contact us to have your details fully removed from the Mailchimp system.
Use of personal data for internal research
We may use personal data we collect as part of the services we offer: to inform our funders, to carry out research into learning trends and how well the charity is meeting its learners’ needs. We will tell you about this when you sign up to use our services. If you use our helpline or use our website, we may also ask if you’re willing to take part in research, for example a user survey. If you agree, we’ll collect personal data, such as contact details. When we do this, we will do our best to make sure you cannot be recognised from the data before we use it.
Confidentiality, storage and security of personal data
Any personal data you give us will be held securely. It will not be sold or traded to another organisation or company. We may sometimes need to share information with government departments, the emergency services, law enforcement agencies, and public authorities (such as the Employment Tribunals Service). If we share personal data with an external company or service we employ as part of our work, we make sure it will be held securely by them and that and they will only use it to provide the services or information you have asked for.
How we protect your data
We protect the information you give us using physical, electronic and management procedures on use of personal data. Industry-standard secure sockets layer (SSL) encryption is used on web pages where we collect personal information electronically. For the purposes of booking appointment sessions, your details may be held securely on our Customer Relationship Management (CRM) systems such as AirTable and Mailchimp.
Use of our website and social networking
When you visit our website, we collect your Internet Protocol (IP) address as a unique identifier for security purposes.
The following information may be collected through third-party Google Analytics:
- data about how you use the ACE IT Scotland website
- if you visited the website by clicking on a link from a different website, we collect the URL of that website
- information about your online activity, such as the pages you have viewed and the purchases you have made.
Further information can be found on Google Analytics website.
Sharing your personal data with a social media network may result in the social network provider collecting that information. They may also make the information you share visible to the public.
If you leave the ACE IT website
The ACE IT website contains links to other websites. These links are mainly to third parties. These websites are not covered by this privacy notice and ACE IT is not responsible for how they manage privacy.
Changes to this privacy notice
We regularly review this page so you’re always aware of:
- what information we collect
- how we use it
- what circumstances, if any, we will share it with other parties.
If you have any concerns about the use of your data, you can:
- Contact the ACE IT Manager firstname.lastname@example.org or call 0131 667 2053
- Seek advice from the Information Commissioner’s Office (ICO) by calling 0303 123 1113