Who we are
This notice explains how the Committee of Management of the Gardens of Lord Moray’s Feuars (the “Committee”) uses and protects the personal information that is held about Feuars and Outside Subscribers to the Gardens. Contact details for the Committee are set out at the end of this notice.
The Committee is a “controller” for the purposes of the data protection laws. The current data protection laws are set out in the Data Protection Act 1998. This will be replaced by new data protection laws with effect from 25 May 2018. We refer to both the current and the new data protection laws as the “Data Protection Laws” in this privacy notice.
What is personal information?
Personal information broadly means information that identifies (or which could, with other information that we hold or are likely to hold, identify) a living individual.
This includes any information provided to us by or on behalf of you as a Feuar or an Outside Subscriber to the Gardens.
Where do we collect information from and what types of personal information might we hold about you?
We will collect and process the information about you that you provide by filling in forms and by corresponding with us or our Secretaries by telephone, email or otherwise.
We will typically hold names and addresses. We may also hold bank account details, marital status, email addresses, phone numbers, details of any correspondence with us and financial information (eg bank details).
Why do we hold this information?
We will use your personal information to manage the Gardens. For example, we may use it to:
- provide you with information such as newsletters or details of specific events;
- collect annual rates and communicate you regarding this; and
- communicate with you regarding your use of the Gardens.
In some cases, we are also obliged to retain your personal data to comply with legal or statutory obligations (for example, to keep records of contractual or financial matters).
For the avoidance of doubt, the Committee does not use personal information for automated decision-making which produces legal effects or similarly significantly affects individuals.
Using your information in accordance with Data Protection Laws
Data Protection Laws require us to meet certain conditions before we are allowed to use your personal information in the way described in this privacy notice.
We rely on a condition known as “legitimate interests” in order to use this information in the way described in this privacy notice. We have a legitimate interest in collecting and processing your personal information as we need this to manage the Gardens.
We will only process “sensitive” or “special categories” of personal information under the Data Protection Laws (e.g. information about your health, for example wheel chair use) where you have explicitly consented to this or where there is an alternative legal basis for processing this information under the Data Protection Laws. This may mean that you will be asked to sign consent forms in the future. Once you have given your consent, you can withdraw it at any time by writing to us using the contact details below.
Whom do we share your personal information with?
We share information with our Secretaries, Whitelaw Wells.
Our Secretaries are “controllers” of your personal information upon receipt and you should refer to their privacy statements if you would like further information on how they process your personal information. This is available on request from our Secretaries.
We may also share personal information with professional advisors under particular circumstances.
In the event that we do share personal information with external third parties, we will only share such personal information strictly required for the specific purposes and take reasonable steps to ensure that recipients shall only process the disclosed personal information in accordance with those purposes.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
We use google analytics to track the browser user agents so we can monitor the web site’s performance .
For how long do we retain your personal information?
We will only keep your personal information for as long as necessary to comply with our obligations and to safeguard the Committee and our service providers in the event of any claims, complaints, litigation, enquiries and investigations during our management of the Gardens.
Our Secretaries will review and possibly delete your personal information following a period of at least six years after we have ceased to engage them to provide services.
How do we keep your personal information safe and who has access to it?
We are committed to ensuring that there are appropriate technical controls in place to protect your personal information, including protection from misuse and unauthorised access.
Your information is only accessible by staff, volunteers and contractors who are careful to protect it.
Holding personal information outside the EEA
Our Secretaries may occasionally use services such as Dropbox, who use servers that are located outwith the EEA. We understand these providers have obtained privacy shield certification or other security measures and we believe these are appropriate safeguards to comply with the GDPR requirements.
You can exercise any of the following rights by writing to our Secretaries, Whitelaw Wells, at 9 Ainslie Place, Edinburgh, EH3 6AT or emailing them at email@example.com
Your rights in relation to your personal information are:
- to request access to the personal information that we hold about you;
- to rectify your data if it is inaccurate or incomplete;
- in certain circumstances, to restrict the processing of your data;
- in certain circumstances, to have your data deleted or removed;
- to obtain and reuse your data for your own purposes across different services; and
- to claim compensation for damages caused by a breach of the Data Protection Laws.
We will aim to respond to any request received from you within one month.
If you are not happy with the way in which your personal information is held or processed, please contact us using the details above. You also have the right to complain about data protection matters to the Information Commissioner’s Office (ICO).
The ICO is the UK’s independent body set up to uphold information rights. You can find out more about the ICO on its website (https://ico.org.uk/). The ICO can be contacted by calling 0303 123 1113.
Changes to our privacy statement
We keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained by request from our Secretaries, Whitelaw Wells, 9 Ainslie Place, Edinburgh, EH3 6AT.
This privacy notice is current as at May 2018.