Who we are
We are Glasgow & West of Scotland Family History Society, Charity Number SC 010866
Purpose of this Notice
This Privacy Notice outlines the way in which the Society will use personal information provided to us. Personal information includes any information that identifies you personally, such as your name, address, email address or telephone number.
The Society recognises the importance of your privacy and personal information and we have therefore outlined below how we use, disclose and protect this information. The Council of the Society is the data controller, because we decide how your data are processed and for what purpose. Contact details for us are provided below.
How we use information
We use the information you give to us:
- to administer membership records;
- to provide you with information about news, events, and activities via the Society Magazine/Journal;
- to provide you with information about news, events, and activities via the Society Enews (if you have provided an email address);
- to fulfill contractual or other legal obligations;
- to maintain our accounts and records (including the processing of Gift Aid applications);
Disclosure of information
The Society will only share your personal information where this is necessary for the purposes set out above. Information will not be shared with any third party without your consent unless we are obliged or permitted to do so by law.
Basis for processing personal information
The Society processes your information in the course of its legitimate activities, with appropriate safeguards in place, as a not-for-profit body and on the basis that our processing relates solely to members, former members or people who have regular contact with us, and that this information is not disclosed to any third party without your consent.
We also process information where this is necessary for compliance with our legal obligations; where processing is necessary for the purposes of our legitimate interests and such interests are not overridden by your interests or fundamental rights and freedoms; and where you have given consent to the processing of your information for a particular purpose.
Storage and security of personal information
The Society will strive to ensure that personal information is accurate and held in a secure and confidential environment. We will keep your personal information for as long as you are a member or so long as we are obliged to keep it by law or may need it in order to respond to any questions or complaints or to show that we treated you fairly. We may also keep it for statistical purposes but if so we will only use it for that purpose. When the information is no longer needed it will be securely destroyed or permanently rendered anonymous. A copy of our data retention policy is attached to this Notice.
Getting a copy of your personal information
You can obtain details of the personal information which the Society holds about you by logging on to the members’ only area of our website or by contacting us using the contact details given below.
Inaccuracies and Objections
If you believe that any information the Society holds about you is incorrect or incomplete or if you do not wish your personal information to be held or used by us please let us know. Any information found to be incorrect will be corrected as quickly as possible.
You have the right to object to our use of your personal information, or to ask us to remove or stop using your personal information if there is no need for us to keep it. There may be legal or other reasons why we need to keep or use your data, but please tell us if you think that we should not be using it.
If we are processing your data on the basis of your explicit consent, you can withdraw your consent at any time. Please contact us if you want to do so.
The Membership Secretary
Glasgow & West of Scotland Family History Society
Unit 13, 32 Mansfield Street,
Glasgow G11 5QP
How to complain
You have the right to complain to the Information Commissioner’s Office about anything relating to the processing of your personal information by the Society You can contact the ICO via its website at www.ico.org.uk or at The Information Commissioner’s Office – Scotland, 45 Melville Street, Edinburgh EH3 7HL.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Data Retention Policy
1.1. The Society gathers personal information from individuals and external organisations as well as generating a wide range of personal data, all of which is recorded in documents and records, both in hard copy and electronic form.
1.2. Examples of the types of information accumulated and generated are set out in Appendix 1 of this policy but is not exhaustive.
1.3. In certain circumstances it will be necessary to retain documents to meet legal requirements and for operational needs. Document retention is also required to evidence agreements or events and to preserve information.
1.4. It is however not practical or appropriate for The Society to retain all records. Additionally, data protection principles require information to be as up to date and accurate as possible. It is therefore important that The Society has in place systems for the timely and secure disposal of documents that are no longer required.
1.5. This Data Retention Policy was adopted by the Society on 17th May 2018 and will be implemented on a day to day basis.
2. Roles and Responsibilities
2.1. The Council will adopt the retention and disposal guidance at Appendix 1 of this policy and strive to keep records up to date.
3. Retention and Disposal Policy
3.1. Decisions relating to the retention and disposal of data should be guided by:-
3.1.1. Appendix 1 – Document Retention Schedule – Guidance on the recommended and statutory minimum retention periods for specific types of documents and records.
3.1.2. Appendix 2 – Quick Guide to document retention.
3.2. In circumstances where the retention period for a specific document or category of documents has expired, a review should be carried out prior to disposal and consideration should be given to the method of disposal.
4.1. Documents containing confidential or personal information should be disposed of by shredding. Such documentation is likely to include financial details, contact lists with names and addresses.
4.2. Documents other than those containing confidential or personal information may be disposed of by recycling or binning.
4.3. Electronic communications including email, Facebook pages, twitter accounts etc and all information stored digitally should also be reviewed and if no longer required, closed and/or deleted so as to be put beyond use. This should not be done simply by archiving, which is not the same as deletion. It will often be sufficient simply to delete the information, with no intention of ever using or accessing it again, despite the fact that it may still exist in the electronic ether. Information will be deemed to be put beyond use if the Society is not able, or will not attempt, to use it to inform any decision in respect of any individual or in a manner that affects the individual in any way and does not give any other organisation access to it.
4.4. Deletion can also be effected by using one of the following methods of disposal:-
• Using secure deletion software which can overwrite data;
• Using the function of “restore to factory settings” (where information is not stored in a removeable format);
• Sending the device to a specialist who will securely delete the data.
Illustrative Data Retention Schedule
This Schedule is provided as a guide to common types of documents but is not exhaustive.
Avoid retaining information if there is no reason for doing so. Consult with the Council if you are unsure.
|Minutes of meetings||6 years|
|Confidentiality Agreements||100 years|
|Complaints concerning people||100 years|
|Employee records including: contracts, time records etc.||Duration of employment + 6 years|
|Volunteer records||Duration of placement + 6 years|
|Databases for mailing lists/distribution||Reviewed annually, delete out of date information|
|Miscellaneous contact information||Delete once there is no longer a requirement to hold such information|
|Documents relating to litigation or potential litigation||Until matter is concluded plus 6 years|
|Hazardous material exposures||30 years|
|Payroll Records||Minimum, 6 years. No maximum|
|Contracts||6 years following expiration|
|Fixed Asset Records||Permanent|
|Application for charitable and/or tax-exempt status||Permanent|
|Audit and review workpapers||5 years from the end of the period in which the audit or review was concluded|
|OSCR filings||5 years from date of filing|
|Records of financial donations||6 years|
|Accounts Payable and Receivables ledgers and schedules and all associated bookkeeping records||6 years|
|Annual audit reports and financial statements||Permanent|
|Electronic fund transfer documents||6 years|
|Tax records||Minimum 6 years|
|Insurance claims/ applications||Permanent|
|Insurance disbursements and denials||Permanent|
|Insurance contracts and policies (Directors and Officers, General Liability, Property, Workers’ Compensation)||Permanent|
|Leases||6 years after expiration|
|Warranties||Duration of warranty + 6 years|
|Records relating to potential, or actual, legal proceedings||Conclusion of any tribunal or litigation proceedings + 6 years|