Sight Scotland is Scotland’s largest vision impairment organisation, providing care, education and alternative formats to people with sight loss of all ages. Our sister charity is Sight Scotland Veterans, which provides free support to vision impaired veterans, whether they lost their sight during or after service.
This privacy notice applies to personal information processed by or on behalf of the Sight Scotland and Sight Scotland Veterans.
Changes to this privacy notice
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website.
Data Protection Officer
We are Sight Scotland and Sight Scotland Veterans of 2a Robertson Avenue, Edinburgh, EH11 1PZ. We are two charities registered in Scotland (Sight Scotland is a registered charity No SC017167, Sight Scotland Veterans is a Scottish Charitable Incorporated Organisation, Charity No SC047192 ). We are a data controller of your personal data and we are registered with the Information Commissioner’s Office (Ref: Royal Blind Asylum and School - Z5603032 & Scottish War Blinded – ZA370709).
We have a data protection officer (“DPO”) who you can contact by e-mailing the most relevant service:
Sight Scotland Veterans - email@example.com
All other Sight Scotland services including marketing and fundraising - firstname.lastname@example.org
Or by writing to the aforementioned address, marking it for the attention of the DPO.
- Personal information that we may process in connection with all of our services, if relevant, includes:
- Personal and contact details, such as title, full name, contact details and contact details history
- Your date of birth, gender and/or age
- Your nationality
- Family members
- Records of your contact with us such as via phone, e-mail or post and, if you get in touch with us online using our online services, details such as your mobile phone, IP address (numerical identifier for each computer using the Internet Protocol to communicate over a network) and MAC address (media access control address of a device which is another unique identifier assigned to network interface controllers for communications at the data link layer of a network)
- Services we provide you with, as well as those you have been interested in, have held and the associated payment methods used
- Information about your use of services
- Information about your health or if you are vulnerable
- Records of any donations or other support provided
- Marketing to you and analysing data, including history of those communications, whether you open them or click on links, information about services we think you may be interested in, and analysing data to help target information that we think is of interest or relevance to you
- Insights about you gained from analysis or profiling of customers
- We may collect personal information from the following general sources:
- From you directly, and any information from family members, associates or beneficiaries of services
- Information generated about you when you use our services
- From a third party who refers you to us or other intermediary who we work with to provide services
- If you already use one of our services, have applied for one or have previously made use of our services
- From other sources such as publically available directories and information (for example, telephone directory, social media, internet, news articles), other organisations to assist in prevention and detection of crime, police and law enforcement agencies
We use your personal data, including any of the personal data listed in section 1 above, for the following purposes:
- Assessing an application for a service
- Managing the service you have with us
- Updating your records
- Managing any aspect of the service
- To make decisions on whether to offer you a service
- To perform and/or test the performance of our services and internal processes
- To improve the operation of our business
- To follow guidance and best practice under the change to rules of governmental and regulatory bodies
- For management and auditing of our business operations including accounting
- To monitor and to retain records of our communications with you and our staff
- To administer good governance requirements, such as internal reporting and compliance obligations or administration required
- For market research, analysis and developing statistics
- For direct marketing communications and related profiling to help us to offer you relevant products and services. We may send marketing to you by SMS, email, phone, post, social media and digital channels (for example, using Facebook, Twitter, Instagram or LinkedIn). Communication may relate to any of our services, fundraising and any other services and advice we think may be of interest
- To provide personalised services to you, such as tailoring our services, our digital customer experience and offerings, and deciding which promotions to show you
- To develop new services
- To comply with legal and regulatory obligations, requirements and guidance
- To provide insight and analysis of our customers for the benefit of providing services, helping us improve services, or to assess or improve the operating of our businesses
- To enable our others services to perform any of the aforementioned purposes
We rely on the following legal bases to use your personal data:
- Where it is needed to provide you with our services, such as:
a) To assess an application for a service you have requested, including consideration of whether to offer you the service, the payment methods available and the conditions
b) Managing services you participate in with us, applied for
c) Ensuring your records are up-to-date & accurate
d) Sharing your personal information with other Royal Blind and Scottish War Blinded service providers when you apply for a service
e) All stages and activities relevant to managing the service including enquiry, application, administration and delivery
- Where it is in our legitimate interests to do so, such as:
a) Managing the services you use, communicating with you about them and updating your records
b) To perform and/or test the performance of our services and internal processes
c) To follow guidance and recommended best practice of government and regulatory bodies
d) For management and audit of our business operations including accounting
e) To carry out monitoring and to keep records of our communications with you and our staff
f) To administer our good governance requirements and those of other members of our Group, such as internal reporting and compliance obligations
g) For market research, analysis and developing statistics
h) For direct marketing communications and related profiling to help us to offer you relevant services and fundraising communication, including deciding whether to offer you a certain service. We may send marketing to you by SMS, email, phone, post and social media and digital channels
i) Subject to the appropriate controls, to provide insight and analysis of our customers to other group services either as part of providing services, helping us improve services and to assess or to improve the operating of our businesses
j) Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations
- To comply with our legal obligations
- With your consent or explicit consent for:
a) Direct marketing communications that you have opted in to
b) Our profiling
c) Our processing of special categories of personal data such as your health, if you are a vulnerable service user or criminal records information
- For a public interest, such as:
a) Processing of your special categories of personal data such as about your health, criminal records information (including alleged offences), or if you are a vulnerable service user
We may share information with the following third parties for the purposes listed above:
- Other services within the Sight Scotland and Sight Scotland Veterans.
- Professional bodies or otherwise as required by law (e.g. for pension purposes), regulation, codes of practice or our policies
- Healthcare professionals and organisations involved in the provision of care when required
- Other organisations and businesses who provide services to us such as back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions
- Market research organisations who help us to develop and improve our services
- Insurers or Accountants as requested and as part of our statutory obligations
In all cases we will ensure that adequate arrangements are in place to protect the confidentiality of the information.
Where we are relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details in the Contact Us Section on the final page of this document.
Your personal information will not normally be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.
You should inform us so that we can update our records using the contact details details in the Contact Us Section on the final page of this document.
We are unable to provide you with our services if you do not provide certain information to us. In cases where providing some personal information is optional, we will make this clear.
In this section monitoring consists of: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.
- Unless we explain otherwise, we will retain your personal information based on the following criteria:
- For as long as we have a reasonable business need, such as managing our relationship with you and managing our operations
- For as long as we provide services to you and then for as long as someone could bring a claim against us; or as long as our insurers require us to validate our policies; and/or
- Retention periods in line with legal and regulatory requirements or guidance.
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we will explain at that time if they are engaged or not.
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information (“data portability”)
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. However, you can also contact us using the details below.
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us to exercise these rights or by emailing the Data Protection Officer as outlined in Section 1.
We may use your home address, phone numbers, email address and social media or digital channels to contact you according to your marketing preferences. You can stop our marketing at any time by contacting us using the details in the Contact Us section on the last page of this document or by following the instructions in the communication.
Most browsers will allow you to turn off cookies. Please note however that turning off cookies will restrict your use of our website.
We use the following cookies on our site:
· _utma - Unique visitor cookie | Used by Google Analytics to identify unique visitors vs. returning visitors. It is used by most sites and does not track or store personal data. It expires after 2 years.
· _utmb - Session cookie | Used by Google analytics for general visitor page visit tracking. It is used by most sites and does not track or store personal data. It expires after 30 minutes
· _utmc - Session cookie | Used by Google Analytics to identify unique visitors vs. returning visitors. It is used by most sites and does not track or store personal data. The cookie is cleared when a browser is closed
· _utmt - _utmt Cookie | This cookie is set by Google Analytics. According to their documentation it is used to throttle the request rate for the service - limiting the collection of data on high traffic sites. It expires after 10 minutes
· _utmz - Campaign cookie | Used by Google Analytics for tracking source visits (ie where the user came from such as a search engine result, or direct link). It is used by most sites and does not track or store personal data. It expires after 6 months.