Privacy Policy

Introduction

Social Enterprise Scotland (“we”, “our” “us”) respects the privacy of our members and stakeholders and recognises the need for appropriate protections and management of your personal information. This policy sets out what personal information we collect, how we will treat it and how we will keep it protected in compliance with our legal obligations.

It is important that you read this privacy policy together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Who are we?

We are the controller for the purposes of data protection legislation in respect of the personal information that we hold about you. If you have any questions, comments or requests regarding your personal information you can contact us at Social Enterprise Scotland, Thorn House, 5 Rose Street, Edinburgh, EH2 2PR, by email to admin@socialenterprise.scot or by calling us on 0131 243 2650.

If you are unhappy with how we handle your personal information, you can contact us and / or notify the Information Commissioner’s Office (ICO) by calling their helpline on 0303 123 1113.

Your personal information – what is it?

Personal information relates to a living individual who can be identified from that information, either by that single piece of information or by combining it with another piece of information that we hold or might hold in the future. Personal information could include things like your name, address, email address or internet protocol (IP) address.

How and why do we collect your personal information?

The type of personal information we collect depends on the relationship that you have with us.

(i) If you or your organisation is a member of Social Enterprise Scotland:

INFORMATION

WHY WE COLLECT IT

LEGAL BASIS

Information you provide to us: We collect personal information when you apply for membership and during the course of your membership with us. This includes your name, organisation, details of others within your organisation, job titles, bank details and contact details.

We collect this information to manage your membership and administer membership records, provide you with our membership services and member benefits including sending you emails, inviting you to comment on government consultations, telling you about our latest news or information, providing you with advice and support, arranging networking opportunities and for our internal purposes of managing your membership with us.

We collect this information on the basis that it is necessary to fulfil our contractual obligations to you.

Information we collect about you: When you use our website (“our website”) we will collect information about you through our use of cookies. Our website uses cookies set by the site itself, as well as by Google applications and Google Analytics. This technical data includes details of your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. For further details, please the Cookies section below.

Our website uses cookies to track your visit to the site, to maintain security and to help us enhance and improve the site. For further details, please the Cookies section below.

We only use cookies where you have provided your consent for us to do so.

Retention of your information

Information you provide to us:

If you work for a corporate body and give us the email address provided by your employer e.g. johnsmith@socialenterprisescotland.com, we will retain your personal information for the duration of your membership. Following termination of your membership, we will consider you a “stakeholder” and will retain your information on the basis of ours and your legitimate interests to allow us to continue to contact you as set out in the table below.

If you provide us with a personal email address e.g. johnsmith@gmail.com, we will hold your personal information for the duration of your membership with us and for up to 6 months following the termination of your membership. If you consent to us retaining your personal information, we will consider you a “stakeholder” and will retain your information to enable us to continue contacting you as set out in the table below.

Information we collect about you:

For details of how long we keep this information please see the Cookies section below.

(ii) if you are not a member of Social Enterprise Scotland but have used our website or receive emails from us. For example, you may be interested in social enterprise or working in an area that is linked to social enterprise such as local government or business i.e. you are a stakeholder):

INFORMATION

WHY WE COLLECT IT

LEGAL BASIS

Information you provide to us: We collect personal information which you give to us. This may be for example when we meet you at an event or when you contact us by phone or email or when you sign up to receive social enterprise news from us or through other aspects of our work to promote, support and grow social enterprise in Scotland. This includes your name, email address and contact details.

We collect this information in order to contact you by email, phone or post about our latest news, events and services.

If you work for a corporate body and give us the email address provided by your employer e.g. johnsmith@socialenterprisescotland.com, we will process this information on the basis of our and your legitimate interests, our interests being that we wish to share our news and details of our services and events with you.

If you provide us with a personal email address e.g. johnsmith@gmail.com, we will only process this information where you have provided us with your consent to do so.

If you provide us with your phone number or postal address, we will contact you by phone or post on the basis of our legitimate interests being that we wish to share our news and details of our services and events with you.

Each time we contact you, we will provide you with the option to opt out of receiving further correspondence of this nature from us.

Information we collect about you: When you use our website (“our website”) we will collect information about you through our use of cookies. Our website uses cookies set by the site itself, as well as by Google applications and Google Analytics. This technical data includes details of your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. For further details, please the Cookies section below.

Our website uses cookies to track your visit to the site, to maintain security and to help us enhance and improve the site. For further details, please the Cookies section below.

We only use cookies where you have provided your consent for us to do so.

Retention of your information

Information you provide to us:

Where you have provided us with consent to process your information, we will retain this information for a period of 24 months after which time we will ask you to renew your consent to allow us to continue processing your information.

Where we process your information on the basis of ours and your legitimate interests, we will retain this information until you ask us not to you. As noted above, we will give you the option to “opt out” when we contact you.

Information we collect about you:

For details of how long we keep this information please the Cookies section below.

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Disclosure of your personal information

We share your personal information with the following third parties:

  • MailChimp – MailChimp provide marketing automation service. We will provide MailChimp with your email address to enable MailChimp to send out our email communications.
  • SurveyMonkey – SurveyMonkey provide online survey software. We will provide SurveyMonkey with your email address to enable SurveyMonkey to contact you in relation to surveys which we wish to conduct.
  • Xero Limited– Xero Limited provide accounting software services.
  • GoCardless and Directli – GoCardless and Directli provide Direct Debit payment services. If you choose to make a payment to us by Direct Debit, you will need to provide your bank details to GoCardless.
  • Google – we use the Google services Gmail, Google Groups, Google Drive and Shared Contacts for Gmail - our email service, storage of contact details and data storage are hosted by Google. Personal information which is transmitted to or by us by email will therefore be hosted by Google.
  • Backupify – Backupify provide data backup services and backs up the data held on Google.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Where we store your information

The information we collect from you may be stored inside the UK, the European Economic Area (“EEA”) or outside the EEA.

If you live or work outside of the UK or the EEA, we may need to transfer your personal data outside of the UK or the EEA to correspond with you. Where this applies, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.

We also transfer data outside the UK or the EEA where our service providers host, process, or store data outside the UK or the EEA. Where we do this, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Your rights and your personal data

You have certain rights under data protection legislation which can be exercised by contacting us at: Social Enterprise Scotland, Thorn House, 5 Rose Street, Edinburgh, EH2 2PR, by calling us on 0131 243 2650 or by emailing admin@socialenterprise.scot, including:

  • the right to access the personal data held about you by making a subject access request in accordance with data protection legislation;
  • the right to have your personal data rectified if it is inaccurate or incomplete;
  • the right to request to have your personal data deleted in certain specific circumstances;
  • the right to request to restrict the processing of your personal data in certain specific circumstances;
  • the right to ask us not to process your personal data for marketing purposes or for purposes based on our legitimate interests;
  • the right to ask us to not undergo automated decision making;
  • the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you; and
  • where you have provided consent, to request to withdraw such consent at any time.

There are some exceptions to the above rights that are permitted under the data protection legislation. Please note that if you choose to exercise your rights to have personal data restricted or deleted, then we may not be able to provide you with a full service.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Cookies

We use cookies to improve your experience. By viewing our content you are accepting the use of cookies. You can read more about the cookies we use below.

Set by this site

No personal info is retained in any of the cookies set by this site.

  • sessionid Used to uniquely identify the visitor as they use the site. Contains a unique but anonymised ID. Expires when the visitor exits their browser.
  • csrftoken A security cookie that stores a unique ID that the server uses to protect against CSRF attacks. Does not expire.

Set by Google Maps and/or Google Translate

These are used by Google applications like Maps to enhance your experience. As of the writing of this text, no personal information is retained in any of these cookies.

  • SS Expiry in 10 years.
  • SID Expiry in 10 years.
  • NID Expiry in 6 months.
  • HSID Expiry in 10 years.
  • APISID Expiry in 10 years.
  • SAPISID Expiry in 10 years.
  • SSID Expiry in 10 years.
  • PREF Expiry in 2 years.

Set by Google Analytics

These are used by Google Analytics to track your visit to the site, and to help us enhance and improve the site. As of the writing of this text, no personal information is retained in any of these cookies.

  • __utma Used to identify unique visitors to the site for analytics tracking purposes. Contains a unique but anonymised ID. Expiry 2 years.
  • __utmb Used to track a user's session. With each new page visited the expiration is set for 30 minutes.
  • __utmc Used in conjunction with __utmb to track a visitor session. Expires when you exit the browser.
  • __utmz Used to determine how the user arrived at the site. Updated with each new page visited. Expiry 6 months.
  • __utmv Sometimes used as part of custom reporting segments. Expires when you exit the browser.
  • __utmx Sometimes used as part of multivariate reporting. Expires when you exit the browser.

All of this information is accurate to the best of our knowledge, but cookies (especially from third parties) can change at any time. If you discover that anything above is incorrect please let us know.

You can choose to disable cookies at any time in your browser, and will find instructions on how to do so in Help. Please note that doing so may affect your experience of this site.