The Scottish Geology Trust (Scottish Charity # SC049775) needs to process various types of personal data about the people we interact with. Data Protection Law requires that we notify you about how we use your data. This Privacy Notice explains how we collect, store, and use personal data about individuals who interact with SGT. This is a general privacy notice that applies to the general public. We have separate privacy notices for members and volunteers, mailing list subscribers, trustees, and staff.
For these purposes, SGT is the Data Controller. SGT is based in Scotland, the United Kingdom.
What personal data might we need to process?
- Contact details
- Event attendance
- Records of actions and behaviours relevant to SGT’s business and governance activities
- Records of any donations or payments that you make to us
- Photographs of SGT events that you might be in
- Other information that you might provide voluntarily.
Why do we need this data?
- If you contact us with a query, we need your contact details and the nature of your query (which may contain personal information) to respond.
- Some events that we host require registration and so we may access the details you provide at registration.
- We need to understand how people interact with SGT, so that we can adapt our activities to better serve our audiences and meet our charitable aims.
- If you express an interest in volunteering with SGT, we may discuss your skills and experience within SGT and with relevant stakeholders and project partners, to find the most suitable and mutually rewarding role for you.
- We need to document any donations you make as part of our financial accounts.
- We may need to analyse the donations we receive to look for trends that might help our fundraising efforts.
- We may use photographs from public events that you have attended to promote our work.
Where do we get your data?
- Directly from yourself
- Indirectly from yourself via our third party service providers:
- We take photos at SGT events.
- We may sometimes make a note of or discuss information that you have made public, e.g. on social media, that we happen to come across. We only do this if it is relevant to SGT and we have a legitimate interest in doing so.
- Occasionally, we may collect information about certain individuals that we have reason to believe would be interested in supporting SGT’s charitable aims (e.g. particularly well known or influential people) from public sources. This could include public databases (such as Companies House), news or other media. We don’t do this to everyone, and it is the exception not the rule.
We do not buy data from third parties or engage in automated or systematic data gathering.
What will we do with the data?
In addition to the examples described above:
- We will try to respond to your queries.
- When you register for an event, we will use the data to facilitate the event.
- If you express an interest in volunteering or becoming more involved with one of our campaigns, we will add your name to a relevant contact list and discuss your potential involvement with relevant committees.
- If you object to our processing your data, we may hold your name and relevant contact details in a register to allow us to comply with your request.
- We may analyse event registration and attendance data to understand how we can better serve our audiences.
- We may share photos from SGT events on our website, newsletter, and social media channels.
- Sometimes personal data related to how an individual interacts with SGT may need to be discussed during board and committee meetings. In this case, the data may be recorded in meeting minutes. We will take care to minimise the personal data recorded in minutes.
- If you engage in actions or behaviours that pose a risk to SGT, we might discuss this during board and committee meetings to identify the best ways to mitigate the risk.
- Many trustees and volunteers use personal email addresses for SGT business, or access their SGT email via a personal or academic email account. This means that emails may be held by universities, or by providers such as Gmail and data may be stored on servers outside of the UK and the EU. That means any personal data you send over email to an SGT representative might be transferred out of the UK and could be stored on servers in the USA. (Note that, if your own email is a free, personal webmail account, such as Gmail, Hotmail, yahoo, etc, then your data is already stored in such a way via your own email account).
We will not contact you with information about SGT’s campaigns and activities unless you are a member and / or signed up to our mailing list.
Will we share the data?
The data may be used within SGT, including trustees, volunteers, contracted staff, and project partners or stakeholders. With the exception of photographs taken in public spaces, we will only share data outwith these groups with your permission or if the law requires us to do so. Specific examples of how we might share your data include:
- If you have a query that can be best answered outside of SGT, our representatives might forward your query onto a more appropriate recipient.
- If you have offered to volunteer with SGT, we may share your email address with project partners or other stakeholders if it is appropriate to facilitate SGT business and furthering our charitable aims.
- Our constitution states that we must share our meeting minutes if requested by a member of the public. In the unlikely event that your information has been recorded in meeting minutes that are requested by a member of the public, we might have a legal obligation to share them. We will redact any information we consider sensitive.
- Photographs of SGT events taken in public places may be used for promotional purposes and shared publicly.
SGT will NOT sell your data. SGT will not share any of your data outside of SGT unless it is for networking purposes that are consistent with SGT’s charitable aims AND we either have your express permission to do so, or we have reasonable reason to believe you would not object to the sharing.
How we store the data
- Data may be stored digitally in email chains. Email addresses and data discussed in email conversations will be stored on the email servers of all the recipients. As SGT is a small, volunteer-led charity, where volunteers use their personal email addresses, this may involve your data being included in emails that are not stored on servers within the UK or European Economic Area, and the data may be stored in countries with low data protection standards.
- Data may be stored digitally in the relevant register files, held by SGT’s Secretary.
- Data may be stored digitally as part of meeting minutes.
- Meeting minutes will be stored on SGT’s cloud storage provider, which may involve data being transferred out of the UK. Any meeting minutes that contain personal data will be assessed and sensitive information redacted, or the file password protected, as appropriate.
How long will we hold this data for?
- The contents of any email discussions that you have with SGT, including your email address, may be retained in email chains for up to 6 years, in line with SGT’s data processing and retention policy.
- We need to retain information relating to financial transactions for at least 6 years.
- Approved minutes of meetings become official records and are legally required to be retained for at least 10 years, and sometimes the lifetime of the charity.
- Event registration and attendance is held for as long as is necessary to facilitate your attendance. We may also hold the data for an additional 3 years to allow us to monitor trends in registration and attendance.
Our legal basis for using the data
- If you message SGT with a query or other discussion, we will process your data and reply on a contractual basis.
- We may also use your data on a consent basis, where you have given us consent to do so.
- Often, we may have a legitimate interest for processing your data, such as using opinions you have shared to stimulate discussion to facilitate SGT business, or using event photographs that may feature you as promotional materials. When we process your personal data for our legitimate interests, we will make sure that we consider and balance any potential impact on you and your rights under data protection laws. We will not use your personal data for activities where we expect that the impact on you is greater than the benefits of processing your data, unless we have your consent or have a legal obligation to do so.
- Some of the data we collect and store in documentation is on a legal basis, to comply with our legal obligations.
You have the right to:
- Be informed about how we process your data.
- Make a reasonable request for access to data that we hold.
- Restrict or object to the processing of your data in some situations – e.g. request that we make reasonable effort to ensure photos containing you are not used for promotion.
- Correct any inaccurate data we hold about you.
- Have the data we hold about you erased in certain conditions, such as if we used the data for a legitimate interest which is no longer relevant.
If you would like more information, or to object to or restrict any processing of your personal data, please contact email@example.com, who will forward your query to the most appropriate person to discuss this.
Cookies and data processing associated with SGT’s website
We value your privacy. Any information you provide us with, such as by using our online contact forms, will be used solely for enabling us to attend to your enquiry as effectively as possible – we will not be sharing this information with anyone else, unless we’re legally obliged to do so.
Likewise with any “cookies” on this website. Cookies are tiny browser-related files that enable most websites to function properly. In order for us to better understand how visitors use the Scottish Geology Trust website, we will also be using Google Analytics to help us keep track of which pages are most popular, or what visitors are searching for. This will enable us to provide the information that people want.
The web browsing program you use on your computer or other device will have information on how you can delete existing cookies, or restrict the future use of them.
SGT’s Data Processing Policy
If you want to know more about how SGT meets its data processing obligations, you can read our Data Processing Policy here.