Friends of the Earth Scotland is committed to protecting your privacy, including online, and in the transparent use of any information you give us.
- We will only ever ask for what we really need to know
- We will collect and use the personal data that you share with us transparently, honestly and fairly
- We will always respect your choices around the data and methods of communication you use with us
- We will put appropriate security measures in place to protect the personal data that you share
- We will never sell your data.
We are registered with the Information Commissioner’s Data Protection Register no. Z8870853; Friends of the Earth Scotland is a Scottish Charity number SC003442.
- Contacting us
- What we’ll do with your data if: you sign up to our email list; make a donation; join as a member; take an e-action with us; book or attend an event
- Website, cookies and browsing
- Retention of data
- Data security
- Transfer of data outside the EU
- Data subject rights
- Data subject access requests
- Compliance with this policy
- Data security breaches
You can contact us at the following address: Friends of the Earth Scotland, Thorn House, 5 Rose Street, Edinburgh, EH2 2PR. Our telephone number is 0131 243 2700, and our email address is firstname.lastname@example.org.
What we’ll do with your data
If you sign up to our email list:
FoE Scotland will record your name, email address, and postcode (for the purpose of sending you geographically relevant information). This information is processed via MailChimp (an industry-standard bulk email system) in order to maintain your subscription on our mailing list. It is not used for any other purpose and is not shared with any external organisations. You can unsubscribe from our mailing list or update your information whenever you wish by clicking an unsubscribe link in any of our emails or by emailing email@example.com.
If you make a donation:
FoE Scotland will hold a record of your name, postal address and any email address(es) or telephone numbers you register with us for the purpose of administrative communication. This information is safely stored in our Customer Relationship Management System (CRM) and you can amend it at any time by contacting us. We do not retain any card or bank account details. All online donations are securely processed via accredited donation platforms Committed Giving, JustGiving, and Facebook Donate. We will never share your contact information externally unless required by law, and we will only contact you for non-administrative purposes if you have explicitly given us permission to do so. You will only be subscribed to our mailing list (see above) if you request it. You can update your communication preferences at any time.
If you join Friends of the Earth Scotland as a member:
FoE Scotland will hold a record of your name, postal address and any email address(es) or telephone numbers you register with us for the purpose of administrative communication. This information is safely stored in our CRM and you can amend it at any time by contacting us. The personal and bank details you provide are held securely by us and are only shared with your bank and ours. All online direct debits and payments are securely processed via accredited donation platform Committed Giving. We will never share your contact information externally unless required by law, and we will only contact you for non-administrative purposes if you have explicitly given us permission to do so. You will only be subscribed to our mailing list (see above) if you request it. You can update your communication preferences at any time.
If you take an e-action with us:
We apply an opt-in policy to e-actions: You will only be subscribed to our mailing list (see above) if you request it, and we will only pass your details to third parties (e.g. partner organisations) if you request it. If the e-action is targeted at an external recipient, we pass on your message, name, email and postcode directly to the politician(s) or relevant Government Department to which you write. We use campaigns platform ImpactStack for all our e-actions. FoE Scotland also holds a record of people who have taken our e-actions in our CRM for administrative purposes.
If you book or attend an event:
FoE Scotland holds a record of people who have registered for our events in our CRM for administrative communication. If you provide information about accessibility needs, we will only process this information in order to ensure accessibility and provide for your safety. We use Eventbrite to manage our event registrations and collect attendance fees. Event payments are processed securely either via Eventbrite (if paying by card) or Paypal (if this is the selected option). You will only be subscribed to our mailing list (see above) if you request it. You can update your communication preferences at any time. We may take photos or record videos at events to promote and archive our work. It is your responsibility to make it known to us if you do not wish to be in a photo or video.
Website, cookies and browsing
Our main website (foe.scot) uses secure server software (SSL) with 128-bit encryption, the industry standard for secure commercial transactions. It encrypts all of your personal information, including credit card number, name, and address, so that it cannot be read as the information travels over the internet. While on a secure page, such as a donation form, the lock icon on web browsers becomes locked (as opposed to unlocked, or open, when you are just surfing). Additionally, our choice of payment provider means we never hold your credit card details on our website.
We also use third party marketing cookies, which collect information about your browsing habits. This may also include your use of social media sites, e.g.: Facebook etc. or how you interact with our website which then shows you relevant content elsewhere on the internet. These may also be used to choose the advertisements that are displayed to you on our website and other websites. However, you can choose to use our website anonymously without giving us any information. The “Help” menu in the toolbar of most web browsers will tell you how to change your browser’s cookie settings, including how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether.
Retention of data
Friends of the Earth Scotland only retains members’ and contacts’ personal information for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When determining the appropriate retention period for personal data, FoE Scotland considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which the personal data is processed, whether FoE Scotland can achieve those purposes through other means, and the applicable legal requirements.
After the data retention period has expired, FoE Scotland securely destroys personal information. Our detailed data retention schedule for different types of data is available to download here.
FoE Scotland has put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
FoE Scotland requires third parties to respect the security of personal data and to treat it in accordance with the law. FoE Scotland may also need to share personal information with a regulator or to otherwise comply with the law.
The following third-party service providers process personal information about members and contacts for the following purposes:
- Committed Giving, Facebook and JustGiving: processing of one-off and regular donations
- Impact Stack: hosting and sending e-action messages
- Mailchimp: Sending email bulletins to subscribers
- EventBrite: Handling registrations and bookings for events
Transfer of data outside the EU
Friends of the Earth Scotland, like all other organisations using these services, transfers personal information to the United States for processing by Mailchimp and EventBrite. Transfers to these suppliers are covered by the EU-US Privacy Shield Agreement, which ensures EU standards are adhered to wherever data is processed. Should the EU-US Privacy Shield be reviewed, FoE Scotland will ensure any suppliers processing personal data will continue to adhere to EU standards.
Data subject rights
You have the right to:
- Request access to the personal information that we hold about you (commonly known as a “data subject access request”).
- Ensure that the information we hold about you is accurate and complete.
- Complain to the Information Commissioner (www.ico.org.uk or 0303 123 1113) if you think we have not treated your data properly within the law.
Under certain circumstances you also have the right to:
- Request erasure of your personal information.
- Object to the storage or use of your personal information.
- Request the restriction of processing of your personal information.
- Request the transfer of personal information to another party.
If you wish to make a request on any of the above grounds, you should contact us. Please note that, depending on the nature of the request, FoE Scotland may have good grounds for refusing to comply. If that is the case, you will be given an explanation by FoE Scotland.
Data subject access requests
Friends of the Earth Scotland has a process for handling data subject access requests. In the first instance, please contact the Head of Operations via 0131 243 2700, firstname.lastname@example.org or the postal address above. FoE Scotland may need to request specific information to help confirm your identity and ensure the right to access the information (or to exercise any of the other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You will not normally have to pay a fee to access personal information (or to exercise any of the other rights). However, FoE Scotland may charge a reasonable fee if the request for access is clearly unfounded or excessive. Alternatively, FoE Scotland may refuse to comply with the request in such circumstances.
Compliance with this policy
The Head of Operations is tasked with overseeing compliance with this policy. If contacts or members have any questions about this policy or how Friends of the Earth Scotland handles personal information, they should contact them. Data subjects have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Data security breaches
Friends of the Earth Scotland has put in place procedures to deal with any data security breach and will notify members and contacts and any applicable regulator of a suspected breach where legally required to do so.
This policy was last updated in January 2021.