Information Commissioner Registration No ZA751836, expires 27th April 2021
This Privacy Notice tells you about the personal data that Community Resources Network Scotland (CRNS) collects, how we handle it, how we store it and how we keep it safe. This notice also tells you about your rights in relation to your personal data. We hope the following sections will answer any questions you have but if not, please get in touch with us. It’s likely that we’ll need to update this Privacy Notice from time to time. An updated version of our policy will be displayed on our website and can be requested by emailing firstname.lastname@example.org.
Who Are We?
CRNS is a membership organisation that supports community groups in Scotland. CRNS exist to build a stronger community reuse, repair and recycling sector in Scotland that can create real social, environmental and economic benefit within our local communities.
Suite 33, Stirling Business Centre, Wellgreen Place, Stirling, FK8 2DZ
Tel: 01786 232060
What Personal Data Do We Process?
CRNS collects, stores and uses information about:
- our own employees and prospective employees
- our members
- our stakeholders
- the employees of potential and current members/stakeholders
- our events delegates / attendees /sponsors
- our suppliers
As you would expect, we are fully committed to dealing with all personal data in a fair and transparent way and ensure that we have the appropriate security measures in place. This notice sets out what we do with your personal data, why we do it, who we pass it on to and what we do to keep it secure.
Contacting us by e-mail
When you email our office for the first time we will, temporarily, store your email address in order to respond to your questions or enquiry. We monitor any emails sent to us, including file attachments, for viruses, phishing and malicious software.
Visiting our website
Our website uses Google Analytics to collect information and details of visitor behaviour patterns. This helps us understand how many people have visited our site and which pages are visited most often. We do not collect or store personal information in this way, and we cannot identify you as an individual through this third-party service.
If you complete a “contact us” form on our website, you will be asked to complete your name, email address and telephone number. This will be used to contact you to respond to your enquiry.
This is our main data storage tool for member data. We use this to record information on all our members, supporters and stakeholders. We record all significant interactions with members, supporters and stakeholders. This information will be deleted after a record has been inactive for 7 years.
Visiting our social media sites
We use social media platforms including:
If you message us via any of the above platforms the message is stored in their secure messaging system and can only be accessed by authorised individuals within our business. We will not pass this information to a third party. We are not responsible for any comments or reviews made by visitors to these social media platforms as we have no control over them.
Visiting our office
We may record details in email and on our shared data drive depending on the nature of the visit.
Why do we process this information?
We have a legitimate interest to process this information in order to communicate with our members and to keep them updated with all sector news/events etc.
We will use these contact details to send information, but we will always provide the individual receiving the message with the option to opt out of receiving our messages.
Our stakeholders, current employees of potentials members stakeholders/member
We use this information to keep them up to date with our news/events/communications as necessary. They also have the option to opt out at any time.
Our event delegates/attendees/sponsors
We use this information to update all relevant parties up to date with all information regarding the event they are attending or sponsoring.
We use supplier’s information to place orders, discuss orders and invoicing.
Who do we share your data with?
We will only share personal data as is necessary to provide our services. This will only be with third parties that we trust e.g. our accountancy firm and only when there are appropriate arrangements in place for sharing data. We also have a role to represent the sector and therefore share overall data and analysis, but this will be anonymized unless permission obtained.
All our shared data is stored on data servers and for CRM it is stored on CRM server. They have security precautions such as password and authentication requirements enabled.
How long do we keep data?
All email data will be deleted after one year. For CRM records we will anonymize after records has been inactive for 7 years.
You have rights in relation to your personal data and you can ask CRNS to:
- Provide a copy of your personal data
- Correct any mistakes in your personal data
- In certain situations, delete your personal data
- In certain circumstances, restrict processing of your personal data, i.e. if you contest the accuracy of the data
- In certain situations, provide you with a copy of the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party
You can object:
- At any time to your personal data being processed for direct marketing (including profiling).
- In other situations, to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
If you would like to exercise any of these rights, or if you have any concerns about how your personal data is being processed, please contact us and we will do our best to address your concerns.
Your objection (or withdrawal of consent) may mean we cannot perform the services you have requested of us or you may not be able to use the services we offer. We will advise you where this is the case. In certain circumstances even if you withdraw your consent, we may still be able to process your information if:
- required or permitted by law
- for the purpose of exercising or defending our legal rights
- meeting our legal and/or any regulatory obligations
You also have the right to complain to the Information Commissioner where any alleged infringement of data protection laws occurred. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner so please contact us in the first instance. If you still believe that we have not handled your personal data properly or have not complied with your rights, you can complain to the Information Commissioner.
Contact details are available at: https://ico.org.uk/