Introduction

This Privacy Notice applies to both Sight Scotland and Sight Scotland Veterans. Although the charities are separate legal entities, they share board members and corporate services and where it makes sense to do so, the charities also share policies and procedures. Therefore, any references to “the charity,” “we,” “our,” or “us” should be interpreted as meaning the charity that provides the service you are enquiring about or receive.

Both charities are registered in Scotland (Sight Scotland is a registered charity No SC017167, Sight Scotland Veterans is a Scottish Charitable Incorporated Organisation, Charity No SC047192) at 2a Robertson Avenue, Edinburgh, EH11 1PZ. We are registered with the Information Commissioner’s Office (Ref: Z5603032 & ZA370709). 

This Notice outlines how we collect and use personal information received from service users, pupils, veterans, clients, members of the public, and users of our website (sightscotland.org.uk).

We are the Data Controller over any personal data we process about you for the purposes set out in this Privacy Notice (see below). This notice outlines what personal data the charity collects and processes about you in various situations, which we have explained below. This Notice does not cover personal data we process about our staff. The categories of data subjects whose personal data is covered by this Privacy Notice include; our members, supporters, fundraisers, donors, customers, users of our website, and individuals who use or make enquiries via our website or over the phone or email.

If you have any questions about this Privacy Notice or the way the charity processes your personal data, please contact our Data Protection Officer, Thorntons Law LLC, at dpo@sightscotland.org.uk.

What is personal data?

Personal Data: means any information that relates to and could be used to identify a living individual known as a ‘data subject’. Examples of personal data include; name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a data subject.

Special Category of Data: is information about a data subject which is considered more sensitive and requires greater protection. Examples of special category data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

When we use the term ‘personal data’ we mean both personal data and special category of data.

Our Processing

Your personal data is processed in different ways dependent on your interaction with the charity.  Please see below for what personal data we process about you, where we get it from, why we use it, our lawful basis for processing your data and who we may share it with. Where we share personal data with third parties, we ensure that we have a valid contract in place which contains data sharing and/or data processing provisions, obligations and safeguards to protect your information. 

How We Use Personal Data

Personal Data

  • Name, email address, social media handle, telephone number, any information you provide to us.

Where do we get it from?

  • When you submit an enquiry on our website, use our online forms, email, telephone, post or when we meet you face to face.

Legal Basis

  • Processing is necessary for the purpose of our legitimate interests to respond to your enquiries.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services

Personal Data

  • Name, email address, telephone number, visual impairment status, health and wellbeing, address, any additional information you provide to us.

Where do we get it from?

  • From you, the data subject.
  • When you submit an enquiry on our website, use our online forms, email, telephone, post or when we meet you face to face.

Legal Basis

  • We may process your personal data where is it necessary for us to fulfil the performance of our contract with you.
  • We may process special category data where it is necessary to provide you with our services in the context of providing and managing the provision of health or social care or treatment or the management of health and for ‘Health or Social Care Purposes.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.

Personal Data

  • Name, email address, social media handle, telephone number, any additional information you provide to us.

Where do we get it from?

  • Listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.

Legal Basis

  • Processing is necessary for the purpose of our legitimate interest to ensure the quality control and for staff training purposes.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.

Personal Data

  • Name, email address, telephone number, any information you provide to us.

Where do we get it from?

  • When you submit an enquiry on our website, use our online forms, email, telephone, post or when we meet you face to face.

Legal Basis

  • We may process your personal data where is it necessary for us to fulfil the performance of a contract to provide you with our services.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.

Personal Data

  • Name, age, address, telephone number, email address, place of birth, employment status, employment history, gender, salutation, ethnicity, religion, sexual orientation, visual impairment status, health and wellbeing, financial information including bank details, details of savings, income, liabilities, and expenditure, power of Attorney status, marital status, spouse details, health of spouse, others living at your address, next of kin, emergency contact details of next of kin, criminal convictions, housing status, sign language user, relationship to service users, military service details, verification of service from MOD.

Where do we get it from?

  • From you, the data subject
     
  • A person or organisation that you have authorised to provide this data to us.

Legal Basis

  • We may process your personal data where is it necessary for us to fulfil the performance of a contract to provide you with our services.
     
  • We may process special category data where it is necessary to provide you with our services in the context of providing and managing the provision of health or social care or treatment or the management of health and for ‘Health or Social Care Purposes’.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.
  • Partner organisations which can provide support and assistance.

Personal Data

  • Name, age, address, telephone number, email address, place of birth, employment status, employment history, gender, salutation, ethnicity, religion, sexual orientation, visual impairment status, health and wellbeing, financial information including bank details, details of savings, income, liabilities, and expenditure, power of Attorney status, marital status, spouse details, health of spouse, others living at your address, next of kin, emergency contact details of next of kin, criminal convictions, housing status, sign language user, relationship to service users, military service details, verification of service from MOD.

Where do we get it from?

  • A person or organisation that you have authorised to provide this data to us.

Legal Basis

  • We may process your personal data where is it necessary for us to fulfil the performance of a contract to provide you with our services.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.
  • Partner organisations which can provide support and assistance.

Personal Data

  • Name, address, gender, address, telephone number, email address, age, national insurance number, accommodation status, military service details, dependents details, spouse details, financial information including bank details, details of savings, income, liabilities, and expenditure, visual impairment status, health and wellbeing .

Where do we get it from?

  • From you, the data subject.

Legal basis

  • Processing is necessary for the purpose of our legitimate interest to support Sight Scotland Veterans service users by assessing their eligibility for benefits and assistance and providing financial support via our allowance and grant schemes.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.

Personal Data

  • Name, email address, social media handle, telephone number, address.

Where do we get it from?

  • From you, the data subject.

Legal Basis

  • Consent where we market to you by electronic methods.
  • Processing is necessary for the purpose of our legitimate interest to issue marketing materials to you by post.

Who may we share it with?

  • Market research companies who help us develop our products and services.

Personal Data

  • Name, email address, social media handle, telephone number.

Where do we get it from?

  • From you, the data subject.
  • Publicly available sources such as the Royal Mail’s National Change of Address database.

Legal Basis

  • Consent where we market to you by electronic methods.
  • Processing is necessary for the purpose of our legitimate interest to issue marketing materials to you by post.

Who may we share it with?

  • Market research companies who help us develop our products and services.

Personal Data

  • Name, address, email address, telephone number, financial information including bank details, details of savings, income, liabilities, and expenditure the fact you are a UK taxpayer, reason for your donation and whether it is in memory of another person.

Where do we get it from?

  • From you, the data subject.

Legal Basis

  • Processing is necessary for the purpose of our legitimate interest to process donations for benefit of charity.
  • Processing is necessary to fulfil a legal or regulatory obligation.

Who may we share it with?

  • HMRC for purposes of Gift Aid; Payment bureau provider administering the payment.

Personal Data

  • Name, address, email address, telephone number, hours volunteered, hours worked, events attendance, next of kin, emergency contact details of next of kin.

Where do we get it from?

  • From you, the data subject.

Legal Basis

  • We may process your personal data where is it necessary for us to fulfil the performance of a contract with you.

Who may we share it with?

  • Third party event organisers.

Personal Data

  • Technical data about your use of our website.           

Where do we get it from?

  • From you, the data subject.

Legal Basis

  • Processing is necessary for the purpose of our legitimate interest to use cookies to support the functionality of our website. Consent for non-essential cookies. Please visit our Cookies Policy for further information.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.

Personal Data

  • Name, email address, telephone number, date and time of visit to our premises, vehicle registration number.

Where do we get it from?

  • From you, the data subject.

Legal Basis

  • Processing is necessary for the purpose of our legitimate interest to document visitors to our premises for security and fire safety purposes.

Who may we share it with?

  • External organisations such as Police Scotland and other official authorities to fulfil a legal or regulatory obligation.

Personal Data

  • Special category data specifically information relating to your health and wellbeing.

Where do we get it from?

  • From you, the data subject.
  • From your healthcare provider.

Legal Basis

  • We may process special category data where it is necessary to provide you with our services in the context of providing and managing the provision of health or social care or treatment or the management of health and for ‘Health or Social Care Purposes’.

Who may we share it with?

  • Legal advisors, insurers, and other professional advisors.

Personal Data

  • Personal data and special category data.       

Where do we get it from?

  • From you, the data subject.

Legal Basis

  • Processing is necessary to fulfil a legal or regulatory obligation.          

Who may we share it with?

  • External organisations such as Police Scotland and other official authorities to fulfil a legal or regulatory obligation.
  • Legal advisors, insurers, and other professional advisors.

Will we share your Personal Data outside of the UK or EEA?

Your personal data will not normally be transferred outside the UK. Where we transfer, store, and process your personal data outside of the UK we will transfer any personal data to and from the UK on the basis of the adequacy decisions for the UK. Where this happens and the recipient country is not deemed inadequate by the UK Government, then we will use legally provided mechanisms to lawfully transfer data across borders.

Retention

We shall keep your personal data for as long as is necessary for a specific business purpose and in line with legal and regulatory requirements and our reporting obligations.

Data collected by us will be stored securely within our secure IT systems, and any physical copies are held in locked locations.

You have certain rights under data protection law, which are summarised below, you can exercise these by contacting our Data Protection Officer using the details below.

  • You can withdraw your consent (including for marketing) at any time, at which point we shall stop processing your personal data in that way. Please note this does not affect the legality of our processing up to the date of your withdrawal of consent.
  • You can seek to restrict our processing of your personal data, ask us to rectify any personal data we hold about you or object to us processing your personal data. Note that these rights are not absolute and there may be reasons why we cannot process your request.
  • You have the right to access personal data held by us about you, and ask us to provide you with a copy of the personal data that we hold about you.
  • In certain circumstances you have the right to ask us to erase the personal data we hold about you. We will consider any such request in line with UK GDPR. Please note this is not an absolute right and there may be circumstances where we cannot delete all of the personal data we hold about you.
  • You have rights in relation to automated decision-making, including profiling, which enable you to ask us not to use your personal data in this way.
  • You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you think that we have infringed your rights. You can find more information about reporting a matter to the ICO by visiting the Information Commissioners Office website.
  • Right to ask us to transfer information we hold about you to another organisation.

Our website Sight Scotland may contain links to other websites.  Please note that Sight Scotland has no control of websites outside our domain. The charity is not responsible for the protection and privacy of any sensitive information provided to a website linked to Sight Scotland.

We reserve the right to amend this Privacy Notice from time to time.