Privacy Policy

Privacy Policy

HOW WE RESPECT PRIVACY WHEN WE DEAL WITH PERSONAL INFORMATION

COLLECTED BY OUR ORGANISATION

This Privacy Policy applies to information we, the Edinburgh Remakery, collect about individuals who interact with our organisation. It explains what personal information we collect and how we use it.

The Edinburgh Remakery needs to obtain and keep certain information on its employees, volunteers, members, service users and customers to carry out its day-to-day operations, to meet its objectives, and to comply with legal obligations.

The Edinburgh Remakery is committed to ensuring that any personal data we hold is dealt with in line with the relevant Data Protection legislation (the General Data Protection Regulations (GDPR) and Data Protection Bill).

Personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully. We will not share your information with any other organisation without informing you, unless required to do so by law. The Edinburgh Remakery may share data within the organisation in order to help us carry out our business and improve our service. We may also share data with processors, as and where required to carry out our business, such as SurveyMonkey for research purposes.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

The Edinburgh Remakery may update our Data Protection Policy as required. You should revisit this page from time to time to ensure that you are happy with any changes. This statement is effective from May 2018.

If you have any comments or questions about this notice, please contact us at hello@edinburghremakery.org.uk.

1. Personal data that we process

The following table explains the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed.

Purpose Data (key elements) Basis
Enquiring about our organisation and its work Name, email, message Legitimate interests – it is necessary for us to read and store your message so that we can respond in the way that you would expect
Subscribing to email updates about our work Name, email Consent – you have given your active consent
Making a monetary donation Name, email, address, payment information Legitimate interests – this information is necessary for us to fulfill your intention of donating money and your expectation of receiving a confirmation message
Signing up as a member Name, email, address, telephone Contract – by paying your membership fees you have entered into a contractual relationship with us as set out in our membership terms and conditions
Making an online purchase Name, email, address, telephone Consent – you have given your active consent
Delivery/collection of goods Name, email, address, telephone Legitimate interests – it is necessary for us to read and store your information so that we can deliver or collect purchased or donated items to you as per your request
Appointments and workshop bookings Name, email, telephone Consent – you have given your active consent. This information is necessary for us to keep in touch with you about an appointment or workshop you have expressed interest in or booked onto
Volunteer forms Name, email, telephone Consent – you have given your active consent
Feedback forms Name, email (both optional) Consent – you have given your active consent
Website functionality Website activity collected through cookies Legitimate interests – it is necessary for us to store a small amount of information, usually through cookies, to deliver functionality that you would expect, such as remembering the contents of your order before you have fully completed the process.
Laptop/PC security wiping Name, email Consent – you have given your active consent

2. How we use your data

We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as set out in the table above.

For example, we may use your personal information to:

  • reply to enquiries you send to us;
  • handle donations or other transactions that you initiate;
  • where you have specifically agreed to this, send you marketing communications by email relating to our work which we think may be of interest to you.

3. When we share your data

We will only pass your data to third parties in the following circumstances:

  • you have provided your explicit consent for us to pass data to a named third party;
  • we are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors; or
  • we are required by law to share your data.

In addition, we will only pass data to third parties outside of the EU where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.

4. How long we keep your data

We take the principles of data minimisation and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required.

Where data is collected on the basis of consent, we will seek renewal of consent at least every five years.

5. Rights you have over your data

You have a range of rights over your data, which include the following:

  • Where data processing is based on consent, you may revoke this consent at any time and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our marketing emails).
  • You have the right to ask for rectification and/or deletion of your information.
  • You have the right of access to your information.
  • You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed.

A full summary of your legal rights over your data can be found on the Information Commissioner’s website here: https://ico.org.uk/

If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us. In order to process such a request we may require your full name, contact information, relation to the Edinburgh Remakery, and details of the information you are requesting. We may also request proof of identification before releasing any information.

Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.

6. Cookies & usage tracking

A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things, eg remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website.

Where cookies are used to collect personal data, we list these purposes in section 1 above, along with other personal data that we collect. However, we also use some cookies that do not collect personal information but that do help us collect anonymous information about how people use our website. We use Google Analytics for this purpose.  Google Analytics generates statistical and other information about website usage by means of cookies, which are stored on users’ computers. The information collected by Google Analytics about usage of our website is not personally identifiable. The data is collected anonymously, stored by Google and used by us to create reports about website usage. Google’s privacy policy is available at http://www.google.com/privacypolicy.html.

7. Modifications

We may modify this Privacy Policy from time to time and will publish the most current version on our website. If a modification meaningfully reduces your rights, we’ll notify people whose personal data we hold and is affected.