About Udny Community Trust Company Limited

Udny Community Trust Company Limited takes its responsibility as an organisation working in and for the
community of Udny seriously. We aim to work in ways that give our members and the wider community
confidence in us. That includes how we deal with any personal data that we collect and process.

We try to collect as little personal data as possible but there are situations where we must collect personal
data to meet a legal requirement or because it is in our legitimate interests to do so.

Whenever we collect personal data we will try and make sure that people can understand what we are
collecting and why. Normally this means there will be a privacy notice, and, in some cases, we will ask for
written permission.

It is important to us that people have reasonable expectations of what we will do with personal data, not
just because it is the law, but because Udny Community Trust is part of the local community and we want
to do the right thing in the right way.

You can read more about our Privacy Policy below:

Why are we providing you with this information?

The new General Data Protection Regulations or GDPR mean that from 25th May 2018 individuals have new

rights about the control and use of their personal data. You can find out more about this from the
Information Commissioner’s Office website: http://www.ico.org.uk

If you are unhappy about how we deal with your personal data, you have the right to complain to the

Information Commissioner’s Office.

What is personal data?

Personal data is information that could identify a living person, either because it is unique to them (like a

National Insurance number) or because pieces of information like a name, address and email, taken

together, could identify a unique individual.

Photographs can be personal data if you can identify an individual from them, normally this means if
clearly see a person’s face.

What about sensitive personal data^1?

We do not normally collect or store sensitive personal data (such as information relating to health,
beliefs or political affiliation).

If you come to work or volunteer with us, then we may collect extra information about you (e.g.
references, criminal records checks, details of emergency contacts, medical conditions, etc.). We
would discuss this with you at the time and provide you with a privacy notice, so you can understand
what we need to collect and why.

1 Sensitive personal data (GDPR calls this Special Category Data) includes any of the following: racial or ethnic origin, political
opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data
concerning a natural person's sex life or sexual orientation.

What is the UCTC’s legal basis for processing data?

The new Data Protection law means we must have a legal basis for collecting and processing personal
data. As mentioned above we only collect personal data if we must or have a legitimate need to.

The reasons that apply to Udny Community Trust are:

  • Legal obligation. This applies to our members. We are required by the Companies Act 2006
    and by the Charity and Trustee and Investment Scotland Act 2005 to collect personal data
    about our individual members.
  • Contract. This applies to staff, grant applicants including personal data, and to volunteers with
    volunteer agreements.
  • Consent. This applies mainly when we take photographs in which people can be individually
    identified. It would not, though, apply at public events where it would be reasonable to expect
    that photographs would be taken (by others as well as by us). An example of this would be the
    Udny Gala.
  • Legitimate interest of the organisation. This applies when we need to process personal data for our legitimate interests (such as the management and administration of our charity and the improvement of our services). We will only use people’s data in ways they would reasonably expect, and which have minimal privacy impact. Examples might include contacting you about a specific new project because we believe it might be of genuine interest to you or because we are gathering community feedback on a specific issue.

What personal data do we collect?

We collect personal data provided on membership forms, grant application forms and at events or
projects. Mostly the personal data we collect is text such as names, addresses, phone numbers, email
addresses and email addresses.

Sometimes we collect images (photographs) that can be personal data.

How do we use this information?
We use information in different ways but the most important is to be able to contact people. We also
use images (which could be personal data) to illustrate our work. Udny Community Trust has tried to
consider all the ways in which we use personal data and actively try not to use personal data in ways
people would not expect or might find unreasonable. We use data to:

  • Process member application forms
  • Process grant application forms
  • Correspond with individuals about membership and the Trust
  • Correspond with individuals about grant applications they have made on behalf of community
    groups
  • Correspond with individuals about projects
  • Illustrate our work to partners in reports
  • Publicise our projects in the press, locally and on social media
  • Keep in touch with our volunteers

Who do you share and disclose information with?

We will never sell your personal data. We may contact you with information about partner
organisations, and this might include services they want to offer you, but these communications will
always come from us and where possible will be included in a regular newsletter.

We will never use your personal data to ask you for donations to Udny Community Trust or another
organisation.

We may share personal data with subcontractors or partner organisations for a specific project but
will only do so with your consent.

Otherwise we would only share personal data if we were legally required to.

How do you protect young people?

We take great care to protect and respect the rights of individuals in relation to their personal data,
especially in the case of children. We will ask for the consent from a parent or guardian to process the
personal data of a person who is under 16 years old.

This will mainly apply to consent for photographs taken at events but will also apply to the new
category of Young Membership to be introduced from 2018.

When using photographs, we do not normally publish names and ages of young people. In cases
where we would like to publish names and ages of young people we would explain this in the privacy
notice and consent form.

How do you protect my data?

We employ a variety of physical and technical measures to keep your data safe and to prevent
unauthorised access to, use or disclosure of your personal information.

Electronic data and databases are stored on secure cloud server systems and we control who has
access to information (using both physical and electronic means).

We do not collect any personal data through our website.

Where do you store my data and for how long?

Udny Community Trust’s operations are based in Scotland and we store our data within the European
Union. We use a reputable IT contractor and a cloud-based system which is fully compliant with the
new GDPR rules.

Some organisations that provide services to us may transfer personal data outside of the European
Economic Area(EEA), but we’ll only allow them to do so if your personal data is adequately protected
and we will always try and keep the personal data processed to a minimum. We will check they are
registered with Privacy Shield. Examples include:

  • Mail Chimp
  • Survey Monkey
  • Dropbox

We will only use and store information for as long as it is required for the purposes it was collected for
and this will be set out in the privacy notice when we collect the personal data, so you know exactly
what we will do

What are my rights?

We want to ensure you remain in control of your personal data.

  • The new General Data Protection Regulations give you the following rights:
  • The right to be informed about how we use your personal data.
  • The right to access your personal data.
  • The right to obtain a copy of the personal information we hold (this is known as subject
    access request).
  • The right to have your data erased (though this will not apply where it is necessary for us to
    continue to use the data for a lawful reason).
  • The right to have inaccurate data rectified.
  • The right to restrict the processing of your personal data.
  • The right to object to your data being used for marketing and or profiling.
  • Where technically feasible, you have the right to the data portability of the personal data
    you have provided to us which we processed.

More information about your rights can be found on the Information Commissioner’s Office (ICO)
website.

How do I make a complaint?

If you wish to make a complaint you can follow the regular complaint process. See the separate
complaints policy for information (you can find this on our website).

You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK
supervising authority for data protection issues. Details of how to do this can be found at
the Information Commissioner’s Office (ICO) website.

Policy review

This policy will be reviewed by the Udny Community Trust board to ensure it remains up to date and
compliant with the law.

This document was last reviewed on 24th August 2018.

Cookie Policy

This website uses things called “Cookies” to ensure your experience of the site, and our ability to improve it is enhanced. Specifically, the following Cookies are in use:

Google Analytics (3rd party). We use this to see how many visitors we are getting, and how they found us. You can find out more about Google Analytics’ Cookies here.

Social Media Sharing and Integration (3rd party). We use Facebook and Twitter functionality within this site so that you can share items of interest, or become a fan of our Social Media Profiles. You can find out more about Facebook’s Cookie use here, and Twitter’s here.

We also sometimes use video embedding, like YouTube or Vimeo (3rd party) to enhance your experience of content on our site. You can find out about YouTube’s Cookie policy here, and Vimeo’s here.

WordPress uses Cookies to further enhance the experience of the website, which you can read more about here.