The Scottish Heritage Social Media Group is committed to protecting your personal data.
The Scottish Heritage Social Media Group is supported by Dig It!, which is coordinated by The Society of Antiquaries of Scotland, who are registered with the Information Commissioner’s Office (ICO) as a Data Controller under the Data Protection Act (ref Z1108226). Under the EU GDPR (see below) the Society will continue to be a Data Controller.
To deliver the Scottish Heritage Social Media Group’s core functions, the Scottish Heritage Social Media Group must collect personal data and process it in various ways, such as, but not limited to, maintaining a database of subscriber information and preferences and passing personal data on to MailChimp who undertake our electronic mailings or Eventbrite who “sell” tickets for our events. At all times, the Scottish Heritage Social Media Group will respect data protection law and will ensure your personal data is protected to fullest extent possible and is used only for Scottish Heritage Social Media Group purposes.
The Scottish Heritage Social Media Group holds personal data (on paper, or computer or other media) such as contact details and preferences, names, and email address. We ensure this personal information is stored and processed in accordance with legal requirements and best practice. Other personal data may be captured when using our website, please see our Terms and Conditions.
The Scottish Heritage Social Media Group holds this data only as long as is legally required or required for the purpose for which it is initially captured.
Should you wish Scottish Heritage Social Media Group to remove your personal data please do not hesitate to contact us at scotheritagesmg@outlook.com. We will ask what data (specific or all) you wish to have removed, confirm with you what we can legally remove and then delete that information from our database within one month of your initial request.
Information on the Data Protection Act can be found at:
http://www.ico.org.uk/for_organisations/data_protection/the_guide/key_definitions#personal-data
Legislation
The UK Data Protection Act 1998 (http://www.legislation.gov.uk/ukpga/1998/29/contents) requires organisations to comply with the eight data protection principles. These state that data must:
- Be processed fairly and lawfully
- Be obtained only for specific, lawful purposes
- Be adequate, relevant and not excessive
- Be accurate and kept up to date
- Not be held for any longer than necessary
- Be processed in accordance with the rights of data subjects
- Be protected in appropriate ways
- Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of data protection
On 25 May 2018 new legislation in the form of the EU General Data Protection Regulations (GDPR) 2018 will be brought in. The UK Government has stated that it will comply with this regulation after leaving the EU. The main change relevant to the Scottish Heritage Social Media Group is that organisations in the UK will need to demonstrate they have ‘opt-in’ approval to store and process personal data and a legal basis for doing so. To comply with the new GDPR legislative requirements Scottish Heritage Social Media Group will operate under 6(1)(f) where our capture and use of personal data is considered necessary for the purposes of legitimate interests pursued by the controller (the Scottish Heritage Social Media Group) or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
More information on this legislative reform is available at https://ico.org.uk/for-organisations/data-protection-reform/. The Scottish Heritage Social Media Group will ensure it complies with this new regulation and the five principles enshrined in Article 5 of the GDPR which require that personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to individuals;
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
In order to reflect any legislative changes and/or feedback we may change our Data Protection Policy and Privacy Notice from time-to-time. Future revisions to either document will be posted on the Scottish Heritage Social Media Group website as soon as practicable and users’ attention drawn to the changes.
SHSMG 