WHAT IS OUR LEGAL BASIS FOR USING YOUR INFORMATION?
There are a number of lawful reasons for us to process your personal data.
One of these is called ‘legitimate interest’ and means that we can process your personal data if (i) we have a genuine and legitimate reason; and (ii) are not harming any of your rights and interests.
We will use your personal data for the purposes of Life Fit SCIO’s administration, fundraising, processing donations, and our other charitable activities.
Whenever we process your personal data for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection law.
Part of our legitimate interest is in understanding how successful applicants have benefited as a result of our financial support. We therefore occasionally carry out research against publicly available information to find out how our current and past successful applicants have progressed with their careers.
Other legal bases that we will rely on include:
If you enter into a contract with us, we may process your personal data in order to fulfil our contract with you. This includes processing your data in connection with your application so that we can consider it and, if relevant, make your award available.
If we are providing you with other e-mail communications, we will only do so with your consent. If you have given us your consent, you can withdraw your consent at any time by using the details below in the ‘Contact Us’ section. When we make grant awards available to successful applicants, we request as a condition of your grant that we may keep in touch with you about your grant and your progress and about the work of Life Fit SCIO. We therefore treat acceptance of a grant as consent to maintain that email contact with you until you tell us otherwise.
Where we are required to comply with our legal obligations, to establish and defend our legal rights, or to prevent and detect crimes such as fraud.
Where we process special categories of personal data, for example, information about your health, we would ask for your explicit consent to such use (except where you have volunteered the information to us as part of your application, in which case our processing for that purpose is deemed to be already subject to your explicit consent).
Sometimes your personal data may be used for statistical purposes but only in a form that no longer identifies you.
HOW LONG WILL WE HOLD YOUR INFORMATION FOR?
We will hold your personal data on our systems for as long as is necessary to fulfil the purposes that we collected it for, including for the purposes of satisfying any legal, accounting or other reporting requirements.
By law, we are required to retain certain information for a prescribed period of time. For example, we will keep a record of donations subject to gift aid for at least seven years to comply with HMRC rules. In circumstances where there are no such legal requirements, to determine the appropriate retention period, we will consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we are processing your personal data and whether we can achieve those purposes through other means.
Therefore, some information may be kept for more or less time depending on how long we reasonably feel it is required for.
We review our retention periods for personal data on a regular basis.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
If you ask us to delete your information in accordance with your rights set out below, we will retain basic information on a suppression list to record your request and to avoid sending you unwanted materials in the future.
WHO WE MIGHT SHARE YOUR INFORMATION WITH
Our Annual Report and Accounts are published annually and are made available to the public. Other than to the extent that your information may be contained within the Annual Report and Accounts we will NOT sell your personal data to any third parties. However, it is not our normal practice to name individual grant recipients in our Annual Report and Accounts unless we are obliged to under accounting or audit regulations or under charity law.
We may share your information with selected third parties including:
Analytics and search engine providers that assist us in the improvement and optimisation of our site.
If we run an event in partnership with other named organisations, and you sign up to attend such an event, your details may need to be shared. We will be very clear what will happen to your data when you register.
If we merge with another organisation or form a new entity, your personal data may be transferred to that new entity as part of Life Fit SCIO’s historical records.
We may disclose your personal information to third parties to:
Comply with any court order or other legal obligation or when data is requested by government or law enforcement authorities;
Protect the rights, property, or safety of us, our employees, volunteers or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) for the purposes described in this policy. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
You have a number of rights. If you would like to exercise any of these rights, please contact us using the details set out below in the ‘Contact Us’ section. If you exercise any of these rights we may ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge except in exceptional circumstances.
If you wish to raise a complaint in relation to our processing of your personal data, you can contact us at firstname.lastname@example.org or by writing to us at 2 Woodside Place, Glasgow G3 7QF and marking your query for the attention of the Trustee of Life Fit SCIO. If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law you also have the right to lodge a complaint with the data protection regulator, the Information Commissioner’s Office. You can contact the Information Commissioner’s Office at: https://ico.org.uk/global/contact-us/.
Your rights include:
A right to transparency over how we use your data and to make a subject access request (right of access);
A right to have your personal data updated and corrected (right of correction/rectification);
A right to ask us to delete your information (right to be forgotten);
A right to ask us to stop processing your information (right to restriction);
A right to object to (i) processing of your information based on our legitimate interests; (ii) processing of your information for direct marketing purposes; and (iii) automated decision making and profiling (right to object);
A right to receive a copy of your information, or have this sent to a third party (right to data portability); and
A right to claim compensation for material or non-material damage caused if we breach the data protection rules (right to compensation).
If you would like to find out more about your rights, you can visit the Information Commissioner’s Office website (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr).
HOW YOU CAN ACCESS AND UPDATE YOUR INFORMATION
We strive to maintain accurate, complete, and relevant personal information for the purposes identified in this privacy statement. If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it. It is important that the personal information we hold about you is accurate and current.
SECURITY PRECAUTIONS IN PLACE TO PROTECT AGAINST THE LOSS, MISUSE OR ALTERATION OF YOUR INFORMATION
We have implemented reasonable measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration and disclosure. Details of these measures can be obtained on request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Our security measures are regularly reviewed.
If you have any questions regarding this policy or about our privacy practices, wish to exercise any of your rights or which to make a complaint, please contact us at email@example.com