Privacy and Cookies
Scottish Autism is committed to preserving your privacy and safeguarding your personal data. This policy will help you understand what information we collect from you, how we use it and your rights and choices in managing your data.
When we refer to ‘Scottish Autism’, ‘we’, ‘our’ or ‘us’, we mean Scottish Autism, a Scottish charity (number 009068) and a company limited by guarantee, registered in Scotland (SC81123). Our contact details can be found at the end of this policy. We are a data controller under the General Data Protection Regulation (GDPR) Data Protection Act (2018), and are registered with the Information Commissioner’s Office (ICO). Our registration number is Z9342584.
We always aim to process your personal data in a way that you would reasonably expect and in line with current privacy legislation.
Below is an overview of our commitment to respecting your privacy. Specific information for different stakeholders can be found HERE
How do we collect your personal data?
We may collect your personal data in a number of ways when you interact with us. Some examples include when you make a purchase, sign up for more information on our website, send us an email, or attend an event.
We aim to process the minimum amount of your personal data to fulfil our obligations. If you do not agree to us processing your personal data, we may not be able to provide you with the services, support or information you have requested.
We may obtain your personal data from a third party, where you have given them permission to share your personal data with us, for example if you make a donation on a JustGiving web page. Where you have provided other organisations with your personal information, those organisations’ privacy policies will apply (see ‘Sharing your personal data’ section below).
We may make use of information you submit to us regarding your location, such as your postcode, to send you information about upcoming events within your area (where you have consented to receive marketing information from us) or to ensure that our Gift Aid records are accurate. We may also use publicly available information to identify people who express interest in our work, such as media coverage or social media postings.
How do we use your personal data?
We may process basic personal data, such as your name, email address or phone number, or we may process special categories of personal data (also known as sensitive personal data) such as information about your physical health, depending on the reasons for you engaging with us. We will ask for your consent to process your basic personal data. We would only request sensitive personal data from you when there is a valid reason for doing so, for example, participation in an event, to ensure we can provide you with the appropriate facilities or support. We may also ask you for information about other special categories of personal data to progress an application for employment with us or to provide you with autism services. This will be made clear to you at the point at which you provide us with your personal data.
If you contact our advice team, we will not process your personal information other than for the purposes of providing you with advice. We collect anonymised information about the types of calls we receive which are used to generate statistical information only.
Payment transactions by debit or credit card are done securely and in accordance with the Payment Card Industry data security standard. We do not retain your card details; they are securely destroyed when a transaction has been completed.
Sharing your personal data
We will never sell or share your personal data with a company to use for their own purposes. Sometimes we may need to share your personal data with other organisations, for example if you are a supporter signing up for an event hosted by an external company. This will be made clear to you at the point at which you sign up for any such event. We have robust procedures in place with third parties, who would be classed as “data processors”, to ensure that your personal data is used only on our instruction, for the purposes for which you have provided it to us. We take care to ensure that they keep your data secure.
We may refer callers to our advice line to other agencies and at that point, may share your personal data with these. This will be made clear to you at the time and will be done with your consent.
We use SurveyMonkey to obtain feedback on our activities and for some research projects.
If we are required by law to share your personal data with authorities such the Police, or regulators such as the Care Inspectorate, we will need to comply with our legal obligation.
If we enter into a joint venture with or merge with another business entity, your data may be disclosed to our new business partners or owners.
A "cookie" is a piece of software that attaches to the hard drive of your computer and remembers information about the configuration of your computer.
We use this information to track your movements through our site, to find out how it is being used and to assess its usefulness. Personal information about you is not collected during the tracking process.
You can disable the cookies that we attach if your browser supports this. For further information on how to do this, please refer to www.allaboutcookies.org. However, you should bear in mind that if you exercise this option, you may be unable to use some of our online services.
We use a third party service, Google Analytics, to collect standard internet log information and details of how you use our website. This helps us to improve our website in line with what visitors view. This information is processed in an anonymised manner and we do not use this to identify individuals, nor do we allow Google to do so.
We would like to keep you informed of activities, services and events that may be of interest to you. You can sign up to our newsletter and other information about Scottish Autism HERE. We respect your right to choose the communication method that suits you best. You can update your preferences or unsubscribe from our mailings at any time – see “How can I update or amend my personal information/ contact preferences” section below.
Alongside the GDPR, we comply with the Privacy and Electronic Communications Regulations (PECR) when we send you information about our activities.
Security and retention
We take data security seriously and have put in place measures to protect your personal data whether in electronic or hard copy format. Your personal data will only be accessed by those authorised to do so.
We will hold your personal data only for as long as is required for a particular activity. We may also retain your data in line with statutory requirements, for example, if you have made a donation or payment to us, we will retain that information for 7 years in line with legal requirements. Where you withdraw your consent for us to contact you, we may retain your information on a suppression list to ensure that we comply with your request.
We have a records retention schedule. This outlines how long various records will be held and is compiled based on legislative or regulatory requirements, best practice and specific requirements by our insurers. A copy of the schedule is available on request.
Please help us to keep your personal information up to date by informing us of any changes. You can email firstname.lastname@example.org or contact us in writing at the address below.
From time to time we undertake research projects. We have strict ethics guidelines that we follow when we are involved in activity for research purposes. We always obtain people’s consent to engage with any research project. If you are interested in finding out more about our research, please click HERE.
We endeavour to use suppliers for data services that have servers based within the EEA or are able to provide us with verification that their data management meets the ‘adequacy’ standards required by the UK regulator. By submitting your personal data, you are agreeing to this transfer, storing or processing. If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services, for example if you access our website from outside the EEA.
Please contact us in the first instance if you have a concern about any of our privacy practices. The ICO is the regulator for data protection matters in the UK and you may also contact them, but we would welcome the opportunity to discuss things directly with you first. More information about your rights is available on the Information Commissioner’s Office (ICO) website www.ico.org.uk .
You have a right to access your personal data that we process. You have the right to ask us to correct any inaccuracies in your personal data. Where you have given us consent to process your personal data, for example by signing up to receive emails from us, you may withdraw that consent at any time.
You have the right to know about any automated decision-making undertaken with your personal data. Scottish Autism does not undertake any automated decision-making with your personal data.
If you make a request for your data, we will provide you with information about the ways we process your data, including our legitimate basis for processing, who we share it with and how long we keep it for. Where your personal data is not obtained directly from you, you will be able to ask for information on the source of the data.
You will also be able to ask us to stop processing or delete your personal data, and we will, where it is lawful and possible to do so.
You can contact our Information Governance Manager (who is also our Data Protection Officer) by email at email@example.com or by writing to our registered address to discuss privacy or make a request about your personal data. We will require you to prove your identity before we release information to you.
Changes to this Privacy Notice
We will make changes to this privacy notice from time to time to take into account legislative and other developments. If material changes are made we will notify you by placing a prominent notice on our website. We encourage you to review this page regularly. We will publish the changes and include the latest publication date on this page. By continuing to use our website, you agree that the Privacy and Cookies Policy current at that time shall apply to all information held by us. If you do not agree to these changes, please do not continue to use this website to submit personal information to us.
How can I update or amend my personal information/ contact preferences?
You can amend your contact preferences on every email we send you, by clicking the ‘update your preferences’ link at the bottom of the email. You can also contact us by email: firstname.lastname@example.org
or write to:
Risk and Compliance Lead, Hilton House, Whins Road, Alloa FK10 3SA