Version 1:23 May 2018
The privacy and security of your information is extremely important to us. This policy is intended to give you a clear view of the data we collect, how we use it and how long we retain it for, so you can be confident in submitting data when dealing with us.
We will keep this page updated so you can see what we do with your personal data. This policy applies to you if you visit our website, use our services, email us, contact us or have a membership with ASPA.
We will never sell your personal data and will only share it with organisations we work with to deliver the services we provide where they have shown they will respect your privacy and security.
Who are we?
We are the Association for Scottish Public Affairs, also known as ASPA. Throughout this document we will be referred to by either name or else ‘us’ or ‘we.’
What personal data do we collect?
Personal data is any data which may identify you. Or be identified as relating to you. For example, your name, address, telephone number and email address. We will collect this data when you apply, on behalf of the company you represent, to become a member of ASPA.
You may submit personal data to us in various ways including through direct email, email forms on our website or via phone calls.
This personal data may include name, title, address, date of birth, age, gender, position held within the company you represent, email address, phone numbers, personal descriptions, photographs, usernames, passwords and databases.
Personal data provided by you
This data may include but is not limited to;
- Personal details – name, address, phone number, email address and so on
- Financial details – bank name, bank address, bank account number and SORT code
- Technical information about your visit to our site such as usernames, passwords, login details, IP address, login information, browser type and version, time-zone settings, operating systems and version and platform used to access the website.
- Analytical information about your visit – full URL and query string, pages you viewed on our website, length of visit to the pages and any search terms you used to find our website. This information may be analysed to help us continually create a better user experience and for no other purpose.
How we use your Personal Data
Your membership of ASPA will generate personal data which will be only be used on relevant, lawful grounds as permitted by the EU General Data Protection Regulation (from 25th May 2018), UK Data Protection Act 2018 and Privacy of Electronic Communication Regulation. These may be as follows:
- Accounting – We are required by law to keep accurate and up to date accounts of our business transactions. When you join ASPA you will be added to our accounting system.
- Communication – We may keep you informed of forthcoming ASPA events by email or other relevant communication medium specified by you. You will of course have the right to choose not to receive these communications and we will not sell nor share your data with third-party marketing companies.
Disclosure of personal data to other bodies
To carry out the running of our business day to day we may sometimes need to disclose necessary data to other bodies or third-parties via our website operation. Here are some examples of third-party suppliers – Robert Shepherd (Copy Content – web designer), Adobe Systems, Google Inc, Memberpress, PayPal Inc, Modern Tribe, Siteground Hosting, WordPress.com, WP Engine Ltd.
You can contact us at any time to change or discuss your privacy preferences at any time by emailing firstname.lastname@example.org. You can also email our Secretary from the contact page by clicking here.
Your Rights under GDPR
Under the GDPR, where we are using your data under consent, you have the right to withdraw that consent at any time. Please contact us if you would like to do this.
Keeping your information
When you send an email to ASPA via our website form your data is also stored securely on our website. If you have not applied for membership we will delete your data from our website securely after 90 days. If you have applied for membership we will keep your email data and membership files for as long as your membership is valid plus a further 7 years to comply with any potential audit by HMRC after which time, if no longer relevant, it will be deleted securely.
How we secure your data
Information systems and data security are imperative to us to ensure we are keeping your data safe. We operate and implement robust procedures for managing your data and we only host your personal data with suppliers who have confirmed that they take your personal data security as a priority.
ASPA’s website is hosted by Siteground which was launched in Bulgaria in 2004. However, the company, as an established website host, has five international data centres data centres in the US, Italy, Singapore, The Netherlands and the UK (London). The data storage services for ASPA’s website is in the UK. Furthermore, we do not collect, or store, payment information and we do not transmit your data outside of the European Union.
Online payments are made via PayPal or Stripe, if using a credit card. We do not store your card details and we use an off-site version of Stripe. When you input your card details you communicate directly with our card payment provider, Stripe.
Changes to this policy