Friends of the Earth Scotland is committed to protecting your privacy, including online, and in the transparent use of any information you give us. This page sets out what information we may hold about you if you provide it, and how that data will be used. No information will be shared more widely than is set out below unless it is required by law.
We are registered with the Information Commissioner’s Data Protection Register no. Z8870853
Friends of the Earth Scotland is a Scottish Charity number SC003442.
You may contact us at the following address:
5 Rose Street
By phone on 0131 243 2700, or email firstname.lastname@example.org
If you sign up to our mailing list:
FoE Scotland will record your name, email address, and postcode. This information is processed via MailChimp (an industry-standard bulk email system) in order to maintain your subscription on our mailing list. It is not used for any other purpose and is not shared with any external organisations. You can unsubscribe from our mailing list or update your preferences whenever you wish by clicking an unsubscribe link in any of our emails or by emailing email@example.com.
If you make a donation:
FoE Scotland will hold a record of your name, postal address and any email address(es) or telephone numbers you register with us for the purpose of administrative communication. This information is safely stored in our Customer Relationship Management System (CRM) and you can amend it at any time by contacting us. We do not retain any payment information. All online donations are securely processed via accredited donation platform Committed Giving. We will never share your contact information externally unless required by law, and we will only contact you for non-administrative purposes if you have explicitly given us permission to do so. You will only be subscribed to our mailing list (see above) if you request it. You can update your communication preferences at any time.
If you join Friends of the Earth Scotland:
FoE Scotland will hold a record of your name, postal address and any email address(es) or telephone numbers you register with us for the purpose of administrative communication. This information is safely stored in our CRM and you can amend it at any time by contacting us. The personal and bank details you provide are held securely by us and are only shared with your bank and ours. All online direct debits and payments are securely processed via accredited donation platform Committed Giving. We will never share your contact information externally unless required by law, and we will only contact you for non-administrative purposes if you have explicitly given us permission to do so. You will only be subscribed to our mailing list (see above) if you request it. You can update your communication preferences at any time.
If you take an e-action:
We apply an opt-in policy to e-actions: You will only be subscribed to our mailing list (see above) if you request it, and we will only pass your details to third parties (e.g. partner organisations) if you request it. If the e-action is targeted at an external recipient, we pass on your message, name, email and postcode directly to the politician(s) or relevant Government Department to which you write. We use campaigning platform MoreOnion for all our e-actions. FoE Scotland also holds a record of people who have taken our e-actions in our CRM for administrative purposes.
If you book an event:
FoE Scotland holds a record of people who have registered for our events in our CRM for administrative communication. If you provide information about accessibility needs, we will only process this information in order to ensure accessibility and provide for your safety. We use Eventbrite to manage our event registrations and collect attendance fees. Event payments are processed securely either via Eventbrite (if paying by card) or Paypal (if this is the selected option). You will only be subscribed to our mailing list (see above) if you request it. You can update your communication preferences at any time.
Website, cookies and browsing:
Our main website (foe.scot) uses secure server software (SSL) with 128-bit encryption: the industry standard for secure commercial transactions. It encrypts all of your personal information, including credit card number, name, and address, so that it cannot be read as the information travels over the internet. While on a secure page, such as a donation form, the lock icon on web browsers becomes locked, as opposed to unlocked, or open, when you are just surfing. Additionally, our choice of payment provider allows us to never hold your credit card details on our website.
This site will set anonymous cookies if your browser is set to accept them, and they will be used by Google Analytics to track page visits which helps us monitor how our content is performing.
DETAILED INFORMATION BELOW:
Retention of data
Friends of the Earth Scotland only retains members’ and contacts’ personal information for as long as necessary to fulfil the purposes it was collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When determining the appropriate retention period for personal data, FoE Scotland considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which the personal data is processed, whether FoE Scotland can achieve those purposes through other means, and the applicable legal requirements.
After the data retention period has expired, FoE Scotland securely destroys personal information. Our detailed data retention schedule for different types of data is available to download here.
FoE Scotland has put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
FoE Scotland requires third parties to respect the security of personal data and to treat it in accordance with the law. FoE Scotland may also need to share personal information with a regulator or to otherwise comply with the law.
The following third-party service providers process personal information about members and contacts for the following purposes:
- Committed Giving: processing of one-off and regular donations
- Campaignion: hosting and sending e-action messages
- Mailchimp: Sending email bulletins to subscribers
- EventBrite: Handling registrations and bookings for events
Transfer of data outside the EU
Friends of the Earth Scotland, like all other organizations using these services, transfers personal information to the United States for processing by Mailchimp and EventBrite. Transfers to these suppliers are covered by the EU-US Privacy Shield Agreement, which ensures EU standards are adhered to wherever data is processed. Should the EU-US Privacy Shield be reviewed, Friends of the Earth Scotland will ensure any suppliers processing personal data will continue to adhere to EU standards.
Data subject rights
Under certain circumstances, data subjects have the right to:
- Request access to personal information (commonly known as a “data subject access request”).
- Request erasure of personal information.
- Object to processing of personal information where Friends of the Earth Scotland is relying on a legitimate interest (or those of a third party) to lawfully process it.
- Request the restriction of processing of personal information.
- Request the transfer of personal information to another party.
If a person wishes to make a request on any of the above grounds, they should contact the Membership and Office Manager on the telephone number or email address provided above. Please note that, depending on the nature of the request, Friends of the Earth Scotland may have good grounds for refusing to comply. If that is the case, the person making the request will be given an explanation.
Data subject access requests
Friends of the Earth Scotland has a process for handling data subject access requests. In the first instance, please contact the Membership and Office Manager via 0131 243 2700. Members and contacts will not normally have to pay a fee to access personal information (or to exercise any of the other rights). However, Friends of the Earth Scotland may charge a reasonable fee if the request for access is clearly unfounded or excessive. Alternatively, Friends of the Earth Scotland may refuse to comply with the request in such circumstances.
Friends of the Earth Scotland may need to request specific information from the member or contact to help confirm their identity and ensure the right to access the information (or to exercise any of the other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
COMPLIANCE WITH THIS POLICY
The Membership and Office Manager is tasked with overseeing compliance with this policy. If contacts or members have any questions about this policy or how Friends of the Earth Scotland handles personal information, they should contact the Membership and Office Manager. Data subjects have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Data security breaches
Friends of the Earth Scotland has put in place procedures to deal with any data security breach and will notify members and contacts and any applicable regulator of a suspected breach where legally required to do so.
Privacy by design
Friends of the Earth Scotland will adhere to the principles of this policy and relevant legislation when designing or implementing new systems or processes (known as “privacy by design”).
This policy was last updated on 10 May 2018.