Who controls your data?
The Scottish Seabird Centre is a charity registered in Scotland (charity no. SC025837). Our registered address is The Harbour, North Berwick, EH39 4SS.
It is important to us that we keep your data as secure as possible. On most occasions we will be the Data Controller responsible for storing and handling your data.
On some occasions, for particular transactions, we will need to provide data to our trusted partners in order to be able to process the service / product you have requested.
Examples include: storing your data securely in a cloud-based (internet-hosted) database; using a financial services company to complete a Direct Debit or transaction.
What rights do you have?
We comply with the data protection laws in the United Kingdom and General Data Protection Regulation (GDPR). We take all possible, reasonable steps to prevent any unauthorised access to your personal data.
We are only able to store, handle and use your data for the reasons you have given in your explicit consent. We will keep a note of the date and details of your consent together with your personal data. You have the right to review, alter or change your mind about this consent at any time. Please contact us if you wish to do so.
You have the right to view the information that we hold on you. You may ask to view this as reasonable intervals and we will respond within 1 month.
You have the right to know how we collect data, what we do with it and how we process it. The details are within this privacy document.
You can ask for your data, if incorrect or incomplete, to be rectified at any point.
We will only collect data from you for a specific purpose (eg to process your membership or a donation, or to sell you a product or service you have requested). You have the right to request your data be deleted if it is no longer necessary for the purpose you agreed to.
You have the right to demand your data be erased if you withdraw your consent or object to the way it is being processed. We will no longer be able to use your data for any purpose (eg to process direct debits or contact you).
Please contact us regarding any of the above rights.
What if you are giving us someone else’s data?
If you are providing us with someone else’s data, please ask them to read this policy, or make sure they have it explained to them (eg children, vulnerable adults). By giving us information about other people, you are confirming that they have given you their consent to share their data with us.
How we use your data
We need to store and handle specific personal data in order to provide the services you have requested. We are only able to do this with your explicit consent.
We will use the financial data you have provided to:
- - Process Direct Debits (eg membership)
- - Process payments (eg boat trip bookings, buying items from our shop)
- - Pay for other services you have requested (eg invoice payments, event tickets)
Where you have consented, we will use your contact details to:
- - Thank you for donations or other support you have given us
- - Let you know how we will record your support / donation
- - Keep you updated with details of our vital education and conservation work eg via our members’ magazine or enewsletters
- - Let you know about opportunities to get involved with our charity eg upcoming events, volunteering programmes, fundraising appeals
When you give us consent to contact you, you will be able to choose the following options:
- - Post
- - Emails
- - Telephone*
*We will only telephone you if there is something very important and we cannot get hold of you another way eg to alert you to a change of banking processes or other details.
It is important to us that we keep a note of any changes to your details and preferences, so that we can continue to provide you with the best possible service. To do this, we will keep a record of our contact and transactions with you and any relevant information you give us, eg a change in address / circumstances / preferences.
All of the above data will be stored securely and privately and not shared with any third parties for marketing or other purposes. All data stored will be appropriate, relevant and not excessive.
We may use third parties to process personal information on our behalf. We will only do this where we are unable to provide the service ourselves eg processing Direct Debits.
How we store your data
We make every effort to ensure your data is stored as privately and securely as possible.
Access to your data is strictly limited, restricted to those people involved in delivering the services you have requested. Examples include: password protected databases, computers/offices secured when unstaffed.
Specific, senior staff members are allocated particular areas of activity eg fundraising, membership, marketing. This includes being responsible for ensuring your data is stored and handled securely and privately.
The Scottish Seabird Centre has a GDPR committee who are responsible for ensuring we continue to comply with data protection laws.
What happens if there’s a data breach?
It is our responsibility to inform the Data Protection authority as soon as we become aware of a data breach (within 72 hours).
It is also our responsibility to contact everyone affected by the data breach before we contact the Data Protection authority.
Should we have reason to suspect a data breach, we will contact you with the nature of the data affected, how many people are impacted, the potential consequences and the measure we have in place to correct this.