Introduction

This Privacy Notice applies to both Sight Scotland and Sight Scotland Veterans. Although the charities are separate legal entities, they share board members and corporate services and where it makes sense to do so, the charities also share policies and procedures. Therefore, any references to “the charity,” “we,” “our,” or “us” should be interpreted as meaning the charity that provides the service you are enquiring about or receive.

Both charities are registered in Scotland (Sight Scotland is a registered charity No SC017167, Sight Scotland Veterans is a Scottish Charitable Incorporated Organisation, Charity No SC047192) at 2a Robertson Avenue, Edinburgh, EH11 1PZ. We are registered with the Information Commissioner’s Office (Ref: Z5603032 & ZA370709). 

This Notice outlines how we collect and use personal information received from service users, pupils, veterans, clients, members of the public, and users of our website (sightscotland.org.uk).

We are the Data Controller over any personal data we process about you for the purposes set out in this Privacy Notice (see below). This notice outlines what personal data the charity collects and processes about you in various situations, which we have explained below. This Notice does not cover personal data we process about our staff. The categories of data subjects whose personal data is covered by this Privacy Notice include; our members, supporters, fundraisers, donors, customers, users of our website, and individuals who use or make enquiries via our website or over the phone or email.

If you have any questions about this Privacy Notice or the way the charity processes your personal data, please contact our Data Protection Officer, Thorntons Law LLC, at dpo@sightscotland.org.uk.

What is personal data?

Personal Data: means any information that relates to and could be used to identify a living individual known as a ‘data subject’. Examples of personal data include; name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a data subject.

Special Category of Data: is information about a data subject which is considered more sensitive and requires greater protection. Examples of special category data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

When we use the term ‘personal data’ we mean both personal data and special category of data.

Our Processing

Your personal data is processed in different ways dependent on your interaction with the charity.  Please see below for what personal data we process about you, where we get it from, why we use it, our lawful basis for processing your data and who we may share it with. Where we share personal data with third parties, we ensure that we have a valid contract in place which contains data sharing and/or data processing provisions, obligations and safeguards to protect your information. 

How We Use Personal Data

Personal Data

  • Name, email address, social media handle, telephone number, any information you provide to us.

Where do we get it from?

  • When you submit an enquiry on our website, use our online forms, email, telephone, post or when we meet you face to face.

Legal Basis

  • Processing is necessary for the purpose of our legitimate interests to respond to your enquiries.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services

Personal Data

  • Name, email address, telephone number, visual impairment status, health and wellbeing, address, any additional information you provide to us.

Where do we get it from?

  • From you, the data subject.
  • When you submit an enquiry on our website, use our online forms, email, telephone, post or when we meet you face to face.

Legal Basis

  • We may process your personal data where is it necessary for us to fulfil the performance of our contract with you.
  • We may process special category data where it is necessary to provide you with our services in the context of providing and managing the provision of health or social care or treatment or the management of health and for ‘Health or Social Care Purposes.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.

Personal Data

  • Name, email address, social media handle, telephone number, any additional information you provide to us.

Where do we get it from?

  • Listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.

Legal Basis

  • Processing is necessary for the purpose of our legitimate interest to ensure the quality control and for staff training purposes.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.

Personal Data

  • Name, email address, telephone number, any information you provide to us.

Where do we get it from?

  • When you submit an enquiry on our website, use our online forms, email, telephone, post or when we meet you face to face.

Legal Basis

  • We may process your personal data where is it necessary for us to fulfil the performance of a contract to provide you with our services.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.

Personal Data

  • Name, age, address, telephone number, email address, place of birth, employment status, employment history, gender, salutation, ethnicity, religion, sexual orientation, visual impairment status, health and wellbeing, financial information including bank details, details of savings, income, liabilities, and expenditure, power of Attorney status, marital status, spouse details, health of spouse, others living at your address, next of kin, emergency contact details of next of kin, criminal convictions, housing status, sign language user, relationship to service users, military service details, verification of service from MOD.

Where do we get it from?

  • From you, the data subject
     
  • A person or organisation that you have authorised to provide this data to us.

Legal Basis

  • We may process your personal data where is it necessary for us to fulfil the performance of a contract to provide you with our services.
     
  • We may process special category data where it is necessary to provide you with our services in the context of providing and managing the provision of health or social care or treatment or the management of health and for ‘Health or Social Care Purposes’.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.
  • Partner organisations which can provide support and assistance.

Personal Data

  • Name, age, address, telephone number, email address, place of birth, employment status, employment history, gender, salutation, ethnicity, religion, sexual orientation, visual impairment status, health and wellbeing, financial information including bank details, details of savings, income, liabilities, and expenditure, power of Attorney status, marital status, spouse details, health of spouse, others living at your address, next of kin, emergency contact details of next of kin, criminal convictions, housing status, sign language user, relationship to service users, military service details, verification of service from MOD.

Where do we get it from?

  • A person or organisation that you have authorised to provide this data to us.

Legal Basis

  • We may process your personal data where is it necessary for us to fulfil the performance of a contract to provide you with our services.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.
  • Partner organisations which can provide support and assistance.

Personal Data

  • Name, address, gender, address, telephone number, email address, age, national insurance number, accommodation status, military service details, dependents details, spouse details, financial information including bank details, details of savings, income, liabilities, and expenditure, visual impairment status, health and wellbeing .

Where do we get it from?

  • From you, the data subject.

Legal basis

  • Processing is necessary for the purpose of our legitimate interest to support Sight Scotland Veterans service users by assessing their eligibility for benefits and assistance and providing financial support via our allowance and grant schemes.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.

Personal Data

  • Name, email address, social media handle, telephone number, address.

Where do we get it from?

  • From you, the data subject.
  • Trusted third party specialist companies that collate and analyse information from public registers.
  • Publicly available sources such as the Royal Mail’s National Change of Address database.

Legal Basis

  • Consent where we market to you by email, phone, and text.
  • Processing is necessary for the purpose of our legitimate interest to issue marketing materials to you by post.
  • Processing is necessary for the purpose of our legitimate interest to improve the effectiveness of our marketing and fundraising, which directly funds our charitable objectives and enables us to better serve our beneficiaries.

Who may we share it with?

  • Market research companies who help us develop our products and services.

Sight Scotland and Sight Scotland Veterans use social media platforms such as Facebook, Instagram and LinkedIn to share updates, raise awareness of our work and reach new supporters. To make our advertising more relevant, cost-effective and respectful of our supporters’ time, we use tools provided by these platforms, including custom and lookalike audiences, as well as social media cookies.

  • Custom audiences: When you share your email address with us/give us consent to use your email address, we may securely share this in a hashed and encrypted format with social media platforms. This enables us to deliver adverts tailored to your interests.
  • Lookalike audiences: Using the characteristics of our existing supporters, social media platforms can identify other users who may share similar interests or behaviours. These users may then see adverts about our work. No personally identifiable data is shared in this process.
  • Suppression data: We take steps to ensure our advertising is respectful and efficient by excluding individuals from campaigns where the content would not be relevant. For example, we may use suppression data to avoid sending donation appeals to people who already have a regular giving arrangement with us. This helps us use our supporters’ contributions wisely and effectively.

In addition, if you have completed a form or otherwise contacted us to register or enquire about an event or activity, or to sign up to one of our campaigns, we will consider this as a request to send you details about the event, activity or campaign.

Where you provide contact details, we will provide information and support by post, phone, mobile messaging, email, via social media, and any other channels for which you have provided your details. When you have asked for details of an event, we will send you information including, where relevant, ideas for fundraising and reminders on key information about the activity.

We may also receive information through event organisers or through third party giving platforms or websites, so we know you are fundraising for us.

Where appropriate, we will use the information you provide to us or to a third party (see above) to identify any help we can offer, specific to the activity you have signed up for and to provide necessary information to event organisers.

Personal Data

  • Name, email address, social media handle, telephone number.

Where do we get it from?

  • From you, the data subject.
  • Publicly available sources such as the Royal Mail’s National Change of Address database.

Legal Basis

  • Consent where we market to you by email, phone, and text.
  • Processing is necessary for the purpose of our legitimate interest to issue marketing materials to you by post.
  • Processing is necessary for the purpose of our legitimate interest to improve the effectiveness of our marketing and fundraising, which directly funds our charitable objectives and enables us to better serve our beneficiaries.

Who may we share it with?

  • Market research companies who help us develop our products and services.

We may analyse the details you have provided to us along with further information about you that we have obtained from public and/or private sources (e.g. LinkedIn, Companies House) and AI tools, with human intervention. If we do this, we will make sure it is compliant with UK GDPR. In some instances, we may make use of additional factors such as demographic information and measures of wealth.

We do this to help us understand why people are motivated to support us and to help us create a fuller and better picture of our supporters. This enables us to communicate with our supporters more effectively and to reach out to individuals who may wish to give additional support with a further monetary gift. We may on occasion use third party suppliers to undertake these activities on our behalf and provide them with your information to the extent required, but this will only be done where we have a legitimate legal basis to do so. If you would rather that we didn’t undertake this screening, please contact us and ask to opt-out. All of our suppliers are UK GDPR compliant.

We may also carry out research to identify individuals who may have an affinity to our cause, and capacity to support us at a higher level, but with whom we are not already in touch. Before contacting, we may use data analysis and AI tools, with human intervention, to interpret your data and predict how likely you are to be interested in or responsive to a particular campaign or fundraising message. In order to do this we may collect information about you, and combine, analyse and compile that information into a profile of you in order to assist us in engaging with you in a more personalised way. In order to do this efficiently, we may use AI tools, with human intervention, and trusted third party specialist companies that collate and analyse information from public registers alongside statistical social-economic data to automate some of this work. This will only be done with UK GDPR compliant suppliers. This helps us to understand more about your interests and level of potential engagement or donation.

Personal Data

  • Name, address, email address, telephone number, financial information including bank details, details of savings, income, liabilities, and expenditure the fact you are a UK taxpayer, reason for your donation and whether it is in memory of another person.

Where do we get it from?

  • From you, the data subject.

Legal Basis

  • Processing is necessary for the purpose of our legitimate interest to process donations for benefit of charity.
  • Processing is necessary to fulfil a legal or regulatory obligation.

Who may we share it with?

  • HMRC for purposes of Gift Aid; Payment bureau provider administering the payment.

Personal Data

  • Name, address, email address, telephone number, hours volunteered, hours worked, events attendance, next of kin, emergency contact details of next of kin.

Where do we get it from?

  • From you, the data subject.

Legal Basis

  • We may process your personal data where is it necessary for us to fulfil the performance of a contract with you.

Who may we share it with?

  • Third party event organisers.

Personal Data

  • Technical data about your use of our website.           

Where do we get it from?

  • From you, the data subject.

Legal Basis

  • Processing is necessary for the purpose of our legitimate interest to use cookies to support the functionality of our website. Consent for non-essential cookies. Please visit our Cookies Policy for further information.
  • Processing is necessary for the purpose of our legitimate interest to improve the effectiveness of our marketing and fundraising, which directly funds our charitable objectives and enables us to better serve our beneficiaries.

Who may we share it with?

  • Organisations that support our day-to-day operations, including IT software, maintenance and delivery companies, and transportation services.

Our website uses cookies, including social media tracking tools, such as Meta’s pixel, to better understand how users interact with our site and our adverts. This allows us to:

  • measure the success of our campaigns.
  • deliver more relevant adverts to individuals who have shown interest in our work or similar causes.
  • ensure we are spending charity funds effectively by reducing wasted advertising.

These cookies work by placing a small piece of code on your device, which allows us and the social media platforms to understand your actions, such as visiting certain pages on our website. The data collected is anonymised and does not reveal your identity to us. Cookie preferences can be set through our website’s cookie settings and in your social media account settings, see here for further information: Cookies Policy.

Personal Data

  • Name, email address, telephone number, date and time of visit to our premises, vehicle registration number.

Where do we get it from?

  • From you, the data subject.

Legal Basis

  • Processing is necessary for the purpose of our legitimate interest to document visitors to our premises for security and fire safety purposes.

Who may we share it with?

  • External organisations such as Police Scotland and other official authorities to fulfil a legal or regulatory obligation.

Personal Data

  • Special category data specifically information relating to your health and wellbeing.

Where do we get it from?

  • From you, the data subject.
  • From your healthcare provider.

Legal Basis

  • We may process special category data where it is necessary to provide you with our services in the context of providing and managing the provision of health or social care or treatment or the management of health and for ‘Health or Social Care Purposes’.

Who may we share it with?

  • Legal advisors, insurers, and other professional advisors.

Personal Data

  • Personal data and special category data.       

Where do we get it from?

  • From you, the data subject.

Legal Basis

  • Processing is necessary to fulfil a legal or regulatory obligation.          

Who may we share it with?

  • External organisations such as Police Scotland and other official authorities to fulfil a legal or regulatory obligation.
  • Legal advisors, insurers, and other professional advisors.

Will we share your Personal Data outside of the UK or EEA?

Your personal data will not normally be transferred outside the UK. Where we transfer, store, and process your personal data outside of the UK we will transfer any personal data to and from the UK on the basis of the adequacy decisions for the UK. Where this happens and the recipient country is not deemed inadequate by the UK Government, then we will use legally provided mechanisms to lawfully transfer data across borders.

Retention

We shall keep your personal data for as long as is necessary for a specific business purpose and in line with legal and regulatory requirements and our reporting obligations.

Data collected by us will be stored securely within our secure IT systems, and any physical copies are held in locked locations.

You have certain rights under data protection law, which are summarised below, you can exercise these by contacting our Data Protection Officer using the details below.

  • You can withdraw your consent (including for marketing) at any time, at which point we shall stop processing your personal data in that way. Please note this does not affect the legality of our processing up to the date of your withdrawal of consent.
  • You can seek to restrict our processing of your personal data, ask us to rectify any personal data we hold about you or object to us processing your personal data. Note that these rights are not absolute and there may be reasons why we cannot process your request.
  • You have the right to access personal data held by us about you, and ask us to provide you with a copy of the personal data that we hold about you.
  • In certain circumstances you have the right to ask us to erase the personal data we hold about you. We will consider any such request in line with UK GDPR. Please note this is not an absolute right and there may be circumstances where we cannot delete all of the personal data we hold about you.
  • You have rights in relation to automated decision-making, including profiling, which enable you to ask us not to use your personal data in this way.
  • You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you think that we have infringed your rights. You can find more information about reporting a matter to the ICO by visiting the Information Commissioners Office website.
  • Right to ask us to transfer information we hold about you to another organisation.

Our website Sight Scotland may contain links to other websites.  Please note that Sight Scotland has no control of websites outside our domain. The charity is not responsible for the protection and privacy of any sensitive information provided to a website linked to Sight Scotland.

We reserve the right to amend this Privacy Notice from time to time.