Privacy and Data Protection Policy
East Lothian Climate Action Network (ELCAN) takes your privacy seriously. We do not sell your personal data, and we only share it where it is necessary and lawful to do so, for example to provide the services and activities described in this policy, to meet our legal obligations, or where you have given permission. These services and activities include membership administration, communications, events, monitoring and evaluation, contracted work, and support for ELCAN Circles / Collectives. We do not collect cookies on our websites due to ethical reasons.
If you have any concerns about the data we retain or the way in which we use it, you have a right to:
- Request that we correct personal data if you believe it is inaccurate / incomplete
- Request that we delete your personal data
- Change communication preferences or restrict processing of your personal data
- Access the personal data that we hold about you via a “subject access request”.
Please contact us at hello@eastlothianclimatehub.org for any of these purposes. Or write to us c/o ELCAN, 27 High Street, Dunbar, EH42 1EN
Under data protection legislation we are a “controller” of personal data you share with us. This Policy provides notice on how and why we process your data and for how long we will keep your personal data, and where it is held.
We retain your data in different ways depending on the application:
-
Individual and Associate Membership
What we do with your data: We use your data to provide membership services, including e-newsletters, communications regarding relevant collaborations, events, ELCAN proposals and decisions, including your organisation’s description and website in our online database.
Data held: Individual and/or Organisational name, address, website, phone number, email, description; names, email addresses, phone numbers of two contact people; any other data on activities you supply us with through online forms including Circles / Collectives that you participate in. The details of Associate Organisational members may be posted on our website and shared via an online map.
We are required to maintain a register of members for charity governance and regulatory purposes. Individual member information is otherwise private and will not be given out to a third party including other members without your permission.
Legal basis for processing data: Legitimate interest – as you have signed up.
Storage: Data is held in a password protected database accessed only by paid ELCAN staff who have agreed to this Policy. Email addresses are also held on our Mailchimp account to enable us to circulate our newsletter to contacts. Restricted data of those contributing to Circles / Collectives may be held on specific service providers such as Microsoft Teams where it is used with agreement of each individual – to facilitate active collaboration.
Retention: We keep your personal data only to provide you with membership services. We will update or delete your data on request.
-
Mailing list subscribers
What we do with your data: We send you an e-newsletter and other occasional mailings about relevant events or projects.
Data held: First name, Last name & email address, and organisation (optional)
Legal basis for processing data: Consent – as you have signed up.
Storage: Data is held on our Mailchimp, Airtable, and Google Form accounts. Their servers are based in the US and they uphold the UK Extension to the EU-US Data Privacy Framework / UK-US Data Bridge to certify their data security.
Retention: We will keep you on this mailing list until you request any change. You can unsubscribe any time you want by following the link at the bottom of each mailing.
-
Event attendees
What we do with your data: When you attend an event we organise, we collect data to demonstrate trends to funders or for internal monitoring and evaluation purposes. We may also take photos for documentation or to be used in our future communications. Please tell ELCAN if you do not want to be photographed, and/or if you want a photograph of you that has been published to be permanently deleted from the public record by e-mailing hello@eastlothianclimatehub.org. That specific consent will be signposted prominently where appropriate.
Data we may collect: Name, email, address, photo.
Legal basis for processing data: Consent – as you have signed up.
Storage: Data is held in a password protected database accessed only by key staff.
Retention: We keep details only as needed for reporting purposes, maximum 5 years.
-
Contracted work
What we do with your data: We are required to use your data to enter into a contract and to remunerate those who do paid work.
Data collected: Name, address, phone number, email, bank account details. Legal basis for processing data: Contract – that you have signed.
Storage: Correspondence is held in a password protected folder. Bank details are also stored in our online bank account with our bank, to enable them to process payment transactions securely on our behalf.
Retention: 7 years or as required under current legislation.
-
Your rights
If you have any concerns, which are not resolved by communicating with us, you can raise a complaint with the Information Commissioner’s Office at www.ico.org.uk.
-
Other uses of your personal information
We may ask you if we can process your personal information for other purposes. If we do so, we will provide you with an additional privacy notice explaining how we will use your information for these purposes.
-
Third party suppliers with limited access to members’ data
We may use third party suppliers to provide services. These suppliers may process personal data on our behalf as “processors” and are subject to contractual conditions to only process that personal information under our instructions and to protect it.
If we share personal information with external third parties, we only share such information strictly required for the specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes.
- The Co-operative Bank process payment transactions securely on our behalf
- Google and Airtable store membership data as well as events’ feedback forms. Their servers are based in the US and they uphold the GDPR to certify their data security.
- Mailchimp distributes some of our email communications. Their servers are based in the US and they uphold the UK Extension to the EU-US Data Privacy Framework / UK-US Data Bridge to certify their data security.
- We use Ticket Tailor ticketing service for some of our events. They comply with GDPR, see their privacy policy online.
- Instructors, facilitators, and event organisers receive details of training participants. They will be under contract with ELCAN and will process your data based on this Privacy & Data Protection Policy
- Lower Impact Living CIC has been the host organisation of ELCAN and the East Lothian Climate Hub from 2023 – 2026. They comply with GDPR, see their privacy policy online.
East Lothian Climate Action Network (ELCAN) take privacy and data protection seriously.
Everyone handling data on our behalf, must follow these guidelines:
- Ensure passwords for files, databases, and accounts are securely stored and not shared with anyone without the consent of the ELCAN CEO.
- Do not leave your computer logged in to encrypted files / folders.
- Delete emails containing personal data and / or password information as soon as possible.
If you are unsure about any of these guidelines, please contact ELCAN at hello@eastlothianclimatehub.org