Friends of the Earth Scotland is committed to protecting your privacy, including online, and in the transparent use of any information you give us. This page sets out what information we may hold about you and how that data will be used. No information will be shared more widely than is set out below unless it is required by law.
We are registered with the Information Commissioner’s Data Protection Register no. Z8870853
Friends of the Earth Scotland is a Scottish Charity number SC003442.
You may contact us at the following address:
5 Rose Street
By phone on 0131 243 2700, or email email@example.com
If you sign up to our email list:
FoE Scotland will record your name, email address, and postcode (for the purpose of sending you geographically relevant information). This information is processed via MailChimp (an industry-standard bulk email system) in order to maintain your subscription on our mailing list. It is not used for any other purpose and is not shared with any external organisations. You can unsubscribe from our mailing list or update your information whenever you wish by clicking an unsubscribe link in any of our emails or by emailing firstname.lastname@example.org.
If you make a donation:
FoE Scotland will hold a record of your name, postal address and any email address(es) or telephone numbers you register with us for the purpose of administrative communication. This information is safely stored in our Customer Relationship Management System (CRM) and you can amend it at any time by contacting us. We do not retain any card or bank account details. All online donations are securely processed via accredited donation platform Committed Giving. We will never share your contact information externally unless required by law, and we will only contact you for non-administrative purposes if you have explicitly given us permission to do so. You will only be subscribed to our mailing list (see above) if you request it. You can update your communication preferences at any time.
If you join Friends of the Earth Scotland:
FoE Scotland will hold a record of your name, postal address and any email address(es) or telephone numbers you register with us for the purpose of administrative communication. This information is safely stored in our CRM and you can amend it at any time by contacting us. The personal and bank details you provide are held securely by us and are only shared with your bank and ours. All online direct debits and payments are securely processed via accredited donation platform Committed Giving. We will never share your contact information externally unless required by law, and we will only contact you for non-administrative purposes if you have explicitly given us permission to do so. You will only be subscribed to our mailing list (see above) if you request it. You can update your communication preferences at any time.
If you take an e-action:
We apply an opt-in policy to e-actions: You will only be subscribed to our mailing list (see above) if you request it, and we will only pass your details to third parties (e.g. partner organisations) if you request it. If the e-action is targeted at an external recipient, we pass on your message, name, email and postcode directly to the politician(s) or relevant Government Department to which you write. We use campaigning platform MoreOnion for all our e-actions. FoE Scotland also holds a record of people who have taken our e-actions in our CRM for administrative purposes.
If you book or attend an event:
FoE Scotland holds a record of people who have registered for our events in our CRM for administrative communication. If you provide information about accessibility needs, we will only process this information in order to ensure accessibility and provide for your safety. We use Eventbrite to manage our event registrations and collect attendance fees. Event payments are processed securely either via Eventbrite (if paying by card) or Paypal (if this is the selected option). You will only be subscribed to our mailing list (see above) if you request it. You can update your communication preferences at any time. We may take photos or record videos at events to promote and archive our work. It is your responsibility to make it known to us if you do not wish to be in a photo or video.
Website, cookies and browsing:
Our main website (foe.scot) uses secure server software (SSL) with 128-bit encryption: the industry standard for secure commercial transactions. It encrypts all of your personal information, including credit card number, name, and address, so that it cannot be read as the information travels over the internet. While on a secure page, such as a donation form, the lock icon on web browsers becomes locked, as opposed to unlocked, or open, when you are just surfing. Additionally, our choice of payment provider allows us to never hold your credit card details on our website.
This site will set anonymous cookies if your browser is set to accept them, and they will be used by Google Analytics to track page visits which helps us monitor how our content is performing.
DETAILED INFORMATION BELOW:
Retention of data
Friends of the Earth Scotland only retains members’ and contacts’ personal information for as long as necessary to fulfil the purposes it was collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When determining the appropriate retention period for personal data, FoE Scotland considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which the personal data is processed, whether FoE Scotland can achieve those purposes through other means, and the applicable legal requirements.
After the data retention period has expired, FoE Scotland securely destroys personal information. Our detailed data retention schedule for different types of data is available to download here.
FoE Scotland has put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
FoE Scotland requires third parties to respect the security of personal data and to treat it in accordance with the law. FoE Scotland may also need to share personal information with a regulator or to otherwise comply with the law.
The following third-party service providers process personal information about members and contacts for the following purposes:
- Committed Giving: processing of one-off and regular donations
- Campaignion: hosting and sending e-action messages
- Mailchimp: Sending email bulletins to subscribers
- EventBrite: Handling registrations and bookings for events
Transfer of data outside the EU
Friends of the Earth Scotland, like all other organizations using these services, transfers personal information to the United States for processing by Mailchimp and EventBrite. Transfers to these suppliers are covered by the EU-US Privacy Shield Agreement, which ensures EU standards are adhered to wherever data is processed. Should the EU-US Privacy Shield be reviewed, Friends of the Earth Scotland will ensure any suppliers processing personal data will continue to adhere to EU standards.
Data subject rights
You have the right to:
- Request access to the personal information that we hold about you (commonly known as a “data subject access request”).
- Ensure that the information we hold about you is accurate and complete.
- Complain to the Information Commissioner (www.ico.org.uk or 0303 123 1113) if you think we have not treated your data properly within the law.
Under certain circumstances you also have the right to:
- Request erasure of your personal information.
- Object to the storage or use of your personal information.
- Request the restriction of processing of your personal information.
- Request the transfer of personal information to another party.
If you wish to make a request on any of the above grounds, you should contact the Membership and Office Manager. Please note that, depending on the nature of the request, Friends of the Earth Scotland may have good grounds for refusing to comply. If that is the case, you will be given an explanation by Friends of the Earth Scotland.
Data subject access requests
Friends of the Earth Scotland has a process for handling data subject access requests. In the first instance, please contact the Membership and Office Manager via 0131 243 2700, email@example.com or the postal address above. Friends of the Earth Scotland may need to request specific information to help confirm your identity and ensure the right to access the information (or to exercise any of the other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You will not normally have to pay a fee to access personal information (or to exercise any of the other rights). However, Friends of the Earth Scotland may charge a reasonable fee if the request for access is clearly unfounded or excessive. Alternatively, Friends of the Earth Scotland may refuse to comply with the request in such circumstances.
COMPLIANCE WITH THIS POLICY
The Membership and Office Manager is tasked with overseeing compliance with this policy. If contacts or members have any questions about this policy or how Friends of the Earth Scotland handles personal information, they should contact the Membership and Office Manager. Data subjects have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Data security breaches
Friends of the Earth Scotland has put in place procedures to deal with any data security breach and will notify members and contacts and any applicable regulator of a suspected breach where legally required to do so.
This policy was last updated on 24 July 2018.