Privacy notice for Dorothy Dunnett Society (​DDS​ or ​Society​)

Introduction

This notice sets out how the DDS holds, processes and treats personal data and special category data. Personal data is, briefly, information about a living individual which can identify them. In the context of the majority of the information the DDS holds, this information is name, address, email and usually telephone (which is not used for fundraising or other direct marketing).

Special category data (formerly called sensitive personal data) is, briefly, personal data that is sensitive and must be treated with more care. In the context of the DDS this may be religion (for food preferences) or medical history (again for food preferences or to make reasonable adjustments at events).

We have attempted to give a sensible plain English explanation but for anyone who requires further information please visit the Information Commissioner’s website –​ ​www.ico.org.uk​ – or speak to the Society’s Data Privacy Officer, Lesley Burnie or deputy Data Privacy Officer, Sarah Mumford.

As a charity constituted in Scotland but with members world-wide, ​we will apply this policy consistently regardless of where you, our members, are based.

Who we are

We are the DDS. We are the data controller of personal data supplied to us. We are committed to best practice in dealing with the personal data we control, balancing our duties under the Eight Data Processing Principles with our obligations under statute and regulation.

The DDS is managed by volunteers who give their time for free for the benefit of the DDS. The DDS does not have any premises nor own its own computer equipment. We use Google products designed for charities for board communications.

What we collect

We collect the personal data of our members and non-members (for example friends/family who attend our Dunnett Weekend, or who purchase from our shop, or those to whom we distribute copies of the Whispering Gallery​ in recognition of their contribution to the magazine). The data is supplied to us by the data subject (you) or by those who are purchasing gift memberships. These details are kept by our Membership Officer on a database with very restricted access.

Why we collect it

For one or more of the following reasons:

1. As part of your membership, a contract between you and the DDS, e.g.
   1. Managing your subscription benefits including ​Whispering Gallery
   2. Providing membership services and events (see also Ad Hoc events below which are slightly different)
   3. Providing address lists to Communicate Mailing Ltd., or CMS (a fulfilment house which packs and sends ​Whispering Gallery​ to members), or similar organisation
   4. Providing voter lists for the AGM
   5. Processing sales, refunds and donations received through the online shop or otherwise
   6. Sending you prizes if you win one of our competitions (this also applies to non-members)
   7. Asking members if they are interested in volunteering for the DDS: eg, in assisting with contributions to ​Whispering Gallery​, joining the Board or helping organise events. Traditionally most of our volunteers become involved in this way.
2. For the legitimate interests of the DDS, including
   1. Provision of information to our regulator and auditors
   2. Forward planning and research
   3. To comply with charity law and good charity governance

Personal data required for events

Events at the DDS are of two kinds:

Official Events​ are part of our membership service. They include the AGM and Dunnett Weekend. Members proactively sign up to attend these events and the entry form will, for events after May 2018, give clear information about how the data will be used.

Ad Hoc Events.​ Advertised in ​Whispering Gallery​, ad hoc events are events which members attend and are often related to the works of Dorothy Dunnett. They are very valued by our members and their family and friends. However, they are not ‘official’ events of the DDS: personal data is given directly by the participant to the local organisers. This category includes International Dorothy Dunnett Day (IDDD). The Society sets a date each year for members and readers to get together to celebrate the work of Dorothy Dunnett. The Society publicises events which are run by local volunteers. Events that take place under this umbrella may be ad hoc events or entirely informal events of which the DDS may not even be aware. In the case of informal events organised amongst friends and/or members, the Society cannot take any responsibility for how data is gathered or used. After May 2018, clear information will be given about how the data will be used in flyers or invitations to the relevant ad hoc event. Unless specifically opted-in in writing, past participants will not be invited to future events after May 2018, (although this does not apply to the Dunnett Weekend where the participants are not individually invited but through a flyer in ​Whispering Gallery​).

Special category data​ may be gathered if a participant has specific dietary or medical requirements for an event, whether official or Ad Hoc. The data will be kept and shared on a ‘need to know’ basis for the duration of the event (for example, we may share dietary information with a venue to ensure the health and safety of the person involved) and then one copy of the special category data is kept (for Health & Safety record purposes only) for a further three calendar years. All other copies are securely destroyed.

What we may do with your data in the future

If the Dunnett Weekend attracts large enough numbers, we may in future use an online event organisation to help us with the organisation. The DDS will not give personal data to the organisation – but will ask the organisation to process the information that members and other participants provide.

What we will not do with your personal data

We will never sell your data.

We will only share it with others as described above, or by seeking your permission.

Donations are always welcome but we will not use your data to fund raise.

Data retention and destruction

We will keep data only for so long as necessary.

Members’ data. We will keep basic data such as name, address and email address for four years after a member’s subscription has lapsed because in our experience, members often renew within that time frame. After four years, we may anonymise the data for research purposes but the name, email address and full postal details are securely destroyed. In order to comply with the guidance supplied by the Office of Scotland’s Charity Regulator, we will keep your name and the date on which your membership lapsed for at least six years (in total).

Event data – we will keep personal data supplied for an official event for a minimum of three years and six months after the event for insurance purposes and then securely destroy it. This includes the single copy of special category data. We do not hold members’ information relating to ad hoc events.

Other

The DDS has a data loss policy and procedure in the event that any personal data is lost, destroyed or compromised. We would be transparent with the data subjects specifically and our members generally if this occurred.

Any member wishing to know what personal data of theirs is held by the DDS should enquire in writing to the Society’s Data Privacy Officer, Lesley Burnie, 206 Overton Road, Kirkcaldy, Fife, KY1 3JG or by email to dataprotection@ddsoc.org.

This privacy statement was agreed by the Trustees in February 2018. The policy is regularly reviewed and any changes agreed by the Board. We will inform you of any changes by putting the revised policy on the DDS website and letting you know we have done so in the next available issue of the ​Whispering Gallery​.

There is a Facebook page moderated by the Society, a Twitter account and an Instagram account. These are the responsibility of Facebook, Twitter and Instagram respectively who have their own terms and notices in relation to each of them.

Payments to the Society, for example for membership fees or shop merchandise, may be made through Paypal. Paypal has its own terms and notices in relation to transactions made via them.

We use cookies on our website and give information about their use by a clickable link.

Version 2.0
Date approved: January 2020
Date effective from: January 2020
Date reviewed: December 2019