Privacy Policy

BRAEHEAD, BROOMRIDGE & DISTRICT COMMUNITY DEVELOPMENT TRUST

PRIVACY POLICY

1. INTRODUCTION

We are committed to protecting your privacy in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by GDPR.

The DPA 2018 gives specific rights which individuals can expect in respect of their personal data. Key roles are the Data Controller who determines the purpose and means of processing personal data and the Data Processor who processes personal data on behalf of the Data Controller.

 

2. CONTACT

Data Controller: Braehead, Broomridge & District Community Development Trust (BBDCDT)

Data Processor: David Black, Trustee

Both roles above can be contacted via the following:

Braehead Community Garden, Broom Road, Stirling FK7 7GU

 

3.WHAT PERSONAL INFORMATION WE COLLECT

We collect only the information deemed necessary to enable BBDCDT to fulfil our obligations.

  • Name
  • Address
  • Phone number
  • Email address
  • Year of birth
  • Photographs (events, open days)

 

4. HOW WE COLLECT PERSONAL INFORMATION

We collect information from our members and visitors in different ways:

  • Membership paperwork
  • When using your entry fob to access / exit the garden
  • When attending open days or events
  • When you make an enquiry or complaint
  • Via social media when you join or follow our Facebook page (this information is publicly accessible)
  • Via our WhatsApp group chat, should you choose to join (this information is available to all members of the group chat)
  • When investigating potential issues or complaints

 

5. WHY WE COLLECT PERSONAL INFORMATION

We collect personal information for several purposes, all of which are in line with operating our organisation and our constitution:

  • Manage membership and garden access
  • To manage our employees and volunteers
  • To maintain our own accounts and records
  • Ensure our garden serves the local community / geography
  • Ensure the health & safety of members and visitors
  • For insurance purposes regarding garden and equipment use
  • To provide an internal list of members and raised bed numbers
  • To keep members up to date via our newsletter, email and social media, including WhatsApp
  • Support investigations into complaints or allegations
  • Develop and inform a system of monitoring and evaluation (ie, demographics, garden use)
  • Aid reporting to funders, stakeholders and partners
  • Trustee names are shared internally with members
  • Trustees are listed in our annual report and on OSCR website
  • To enable us to provide a voluntary service for the benefit of the public as specified in our constitution
  • To fundraise and promote the interests of the charity
  • To operate the braehead.org web site and deliver the services that individuals have requested
  • To inform individuals of news, events, activities or services running in our local community
  • To process gift aid applications
  • To contact individuals via surveys to conduct research about their opinions of current services or of potential new services that may be offered
  • Encourage and facilitate compliance and best practice within charities
  • Inform research into the charity sector in Scotland.

 

6. SECURITY & STORAGE OF INFORMATION

BBDCDT will store your personal data securely at all times and will keep it up to date. Information is stored electronically. Where information is on paper, this will be scanned or transferred to an electronic version. Your information will be protected from loss, misuse, unauthorised access and disclosures. Access to data will be limited and only for legitimate purposes as agreed with our Data Controller.

We will keep your data throughout the duration of your membership and for one year afterwards. This is to ensure we can fulfil any funder requirements for reporting. Trustee information will be kept for 6 years, plus the current year (should a person cease being a trustee during a membership year).

 

7. SHARING OF INFORMATION

BBDCDT will not share personally identifiable information without express consent of the person concerned. Any data or information shared for the purposes of Section 5 will be anonymised and aggregated so no persons are identifiable, where possible and appropriate.

Your personal data will be treated as strictly confidential, and will be shared only with the board of Trustees and our Development Officer of BBDCDT if required or volunteer members of the BBDCDT who are assisting with the management of the organisation including any nominated Membership Secretary or communications person as necessary to carry out the running of the Trust. We will only share your data with third parties outside of the organisation with your consent.

 

8. YOUR RIGHTS

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

  • The right to request a copy of your personal data which BBDCDT holds about you;
  • The right to request that BBDCDT corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for BBDCDT to retain such data;
  • The right to withdraw your consent to the processing at any time, however please note some data is essential for managing our garden and withdrawal of such data may result in withdrawal of membership;
  • The right to request that the data controller provide the data subject with their personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to lodge a complaint with the Information Commissioners Office.

 

9. REVIEW

This policy was approved and implemented on 9th October 2024.

It will be reviewed annually, or upon any changes in legislation if these occur sooner.