Privacy notice for Dorothy Dunnett Society (DDS or Society)
This notice sets out how the DDS holds, processes and treats personal data and special category data. Personal data is, briefly, information about a living individual which can identify them. In the context of the majority of the information the DDS holds, this information is name, address, email and usually telephone (which is not used for fund raising or other direct marketing).
Special category data (formerly called sensitive personal data) is, briefly, personal data that is sensitive and must be treated with more care. In the context of the DDS this may be religion (for food preferences) or medical history (again for food preferences or to make reasonable adjustments at events).
We have attempted to give a sensible plain English explanation but for anyone who requires further information please visit the Information Commissioner’s website – www.ico.org.uk – or speak to the Society’s Data Privacy Officer, Lesley Burnie or deputy Data Privacy Officer, Sarah Mumford.
As a charity constituted in Scotland but with members world-wide, we will apply this policy consistently regardless of where you, our members, are based.
Who we are
We are the DDS. We are the data controller of personal data supplied to us. We are committed to best practice in dealing with the personal data we control, balancing our duties under the Eight Data Processing Principles with our obligations under statute and regulation.
The DDS is managed by volunteers who give their time for free for the benefit of the DDS. The DDS does not have any premises nor own its own computer equipment. We use Google products designed for charities for board communications.
What we collect
We collect the personal data of our members and non-members (for example friends/family who attend our Dunnett Weekend, or who purchase from our shop, or those to whom we distribute copies of the Whispering Gallery in recognition of their contribution to the magazine). The data is supplied to us by the data subject (you) or by those who are purchasing gift memberships. These details are kept by our Membership Officer on a database with very restricted access.
Why we collect it
For one or more of the following reasons:
- As part of your membership, a contract between you and the DDS – eg,
a. Managing your subscription benefits including Whispering Gallery
b. Providing membership services and events (see also Ad Hoc events below which are slightly different)
c. Providing address lists to CMS (a fulfilment house which packs and sends Whispering Gallery to members) or similar organisation
d. Providing voter lists for the AGM
e. For processing sales, refunds and donations received through the online shop or otherwise
f. For sending you prizes if you win one of our competitions (this also applies to non-members)
g. Asking members if they are interested in volunteering for the DDS – eg, in assisting with contributions to Whispering Gallery, joining the Board or helping organise events. Traditionally most of our volunteers become involved in this way.
- For the legitimate interests of the DDS, including
a. Provision of information to our regulator and auditors
b. For forward planning and research
c. To comply with charity law and good charity governance
Personal data required for events
Events at the DDS are of two kinds.
Official Events are part of our membership service. They include the AGM and Dunnett Weekend. Members proactively sign up to attend these events and the entry form will, for events after May 2018, give clear information about how the data will be used.
Ad Hoc Events. Ad Hoc events are events advertised in the Whispering Gallery which members attend and are often related to the works of Dorothy Dunnett. They are very valued by our members and their family and friends. However they are not ‘official’ events of the DDS: personal data is given directly by the participant to the local organisers. This category includes International Dorothy Dunnett Day (IDDD). The Society sets a date each year for members and readers to get together to celebrate the work of Dorothy Dunnett. The Society publicises events which are run by local volunteers. Events that take place under this umbrella may be ad hoc events or entirely informal events of which the DDS may not even be aware. In the case of informal events organised amongst friends and/or members, the Society cannot take any responsibility for how data is gathered or used. After May 2018, clear information will be given about how the data will be used in flyers or invitations to the relevant ad hoc event. Unless specifically opted in in writing, past participants will not be invited to future events after May 2018, (although this does not apply to the Dunnett Weekend where the participants are not individually invited but through a flyer in Whispering Gallery).
Special category data may be gathered if a participant has specific dietary or medical requirements for an event, whether official or Ad Hoc. The data will be kept and shared on a ‘need to know’ basis for the duration of the event (for example, we may share dietary information with a venue to ensure the health and safety of the person involved) and then one copy of the special category data is kept (for Health & Safety record purposes only) for a further three calendar years. All other copies are securely destroyed.
What we may do with your data in the future
If the Dunnett Weekend attracts large enough numbers, we may in future use an online event organisation to help us with the organisation. The DDS will not give personal data to the organisation – but will ask the organisation to process the information that members and other participants provide.
What we will not do with your personal data
We will never sell your data.
We will only share it with others as described above, or by seeking your permission.
Donations are always welcome but we will not use your data to fund raise.
Data retention and destruction
We will keep data only for so long as necessary.
Members data: we will keep basic data such as name, address and email address for four years after a member’s subscription has lapsed because in our experience, members often renew within that time frame. After four years, we may anonymise the data for research purposes but the name, email address and full postal details are securely destroyed. In order to comply with the guidance supplied by the Office of Scotland’s Charity Regulator, we will keep your name and the date on which your membership lapsed for at least six years (in total).
Event data: we will keep personal data supplied for an official event for a minimum of three years and six months after the event for insurance purposes and then securely destroy it. This includes the single copy of special category data. We do not hold members’ information relating to ad hoc events.
The DDS has a data loss policy and procedure in the event that any personal data is lost, destroyed or compromised. We would be transparent with the data subjects specifically and our members generally if this occurred.
This privacy statement was agreed by the Trustees in February 2018 and will be kept under review for the first year after May 2018, when the General Data Protection Regulation (GDPR) became enforceable. Thereafter, the policy will be regularly reviewed and any changes agreed by the Board. We will inform you by putting the revised policy on the DDS website and letting you know we have done so in the next available issue of the Whispering Gallery.
There is a Facebook page moderated by the Society and a Twitter account. These are the responsibility of Facebook and Twitter respectively who have their own terms and notices in relation to each of them.
Date approved: February 2018
Date effective from: 25 May 2018
To be reviewed: October 2018