Data Protection and Privacy Policy

The new Privacy Notice for people using the service under the new General Data Protection Regulation (GDPR)

Introduction:

Who we are

Our full legal information is held under the name Money Advice Scotland, a charity registered in Scotland SC005563 and Registered Company Limited by Guarantee, Company No SC137717.

Our contact details are

5 Redwood Crescent, East Kilbride, G74 5PA

0141 572 0237

[email protected]

Within this policy, any references to the words we, our, us or the organisation refer to Money Advice Scotland and any of our services. This will include all our services with their own titles – MATRICS, Financial Wellbeing, Advisor Wellbeing, Policy and Communications.

What Personal Data Do We Process?

Money Advice Scotland collects, stores, and uses information on:

Individuals who use or ask about using our services
Individuals who use our Website and Social Media
Individuals who make donations
Volunteers
Employees and prospective employees
Individuals who sign up for our newsletters or other marketing information
Individuals who visit our premises (Visitors Signing In log)
Professionals and Organisations
Individuals making a complaint or who have been involved in an accident or incident within the organisation or at one of our external events
Students on placement within the organisation
Suppliers
Funders

A separate notice is provided to our employees.

We deal with all personal data in a fair and transparent manner. We ensure that all data is kept secure. This Privacy Policy details how we collect, store, and process any personal information we hold about you. We want you to feel confident that we treat your information and confidentiality seriously and manage all personal information carefully and respectfully and within the law.

This policy applies to the organisation’s legal responsibilities under the Data Protection Act 1998 (DPA) and with effect from 25th May 2018, the General Data Protection Regulations (GDPR). Throughout this document, we will refer to these as the ‘regulations’. The regulations influence how we collect, store, and use your personal data. The regulations relate to the following:

Any websites we operate. Currently https://www.moneyadvicescotland.org.uk/
The organisation’s use of emails, text messages and direct mail for marketing purposes
The organisation’s use of personal information held to provide services
The organisation’s use of information we hold on volunteers and employees
The Organisation’s use of personal information in relation to fundraising, donations and sale of items
Any other procedures and systems we use for processing personal, sensitive information

This policy details what personal information we collect, why we need to collect it, what we do with that information, what rights you have in relation to your personal information and also what we will not do with your personal data.

Why we use your personal information

Money Advice Scotland collects and uses data so that we are able to provide our training, raise funds, collect donations and organise and run events. The personal data you give us helps us to contact you to arrange services for you and to allow us to provide you with a service which is tailored to meet your individual needs.

If you feel you do not wish to provide us with any personal information, you have the choice not to do so.

If you have any questions about your personal data and how Money Advice Scotland use your information you can speak to any members of staff you currently work with or contact the office and ask to speak to our Chief Operating Officer, Michael Donnelly who will be able to explain in more detail what we do with your information.

You have the right to see the data we hold about you and to object to us using your data and to ask us to not hold your information and have it deleted.

The organisation may make changes to this policy from time to time. Any changes made will be publicised on our websites, other social media and in our written copies of the policy and will be effective from the date that we post the changes. Any changes made would not be a change in how we use your information.

All of the information you share with us will be for a specific reason, for example to access training, volunteer with us, make a donation, take part in an event. If we want to do anything with your information which is different from the reasons you initially chose to share your information with us, we will contact you and ask for your consent.

What is personal data/information?

Personal data is information that can be used to help identify you as an individual and includes information like your name, address, personal phone number, email address, date of birth and other information about you which may be gathered during your contact with the organisation. It will also include includes digital identifiers that are linked to you, such as an ‘IP’ address when using online methods of communication.

Some personal information belongs in specific categories which have additional protection due to being particularly sensitive. This can include information in relation to race, religion, sexual orientation, or information about health conditions.

What are the regulations around using your information?

The ‘regulations’ only allow our organisation to collect and use your data if the reasons we are collecting and using your information fall within the reasons cited in the regulations, referred to as “lawful bases”.

Money Advice Scotland will process your personal information under the following “lawful bases”. For reference, processing your personal data covers everything from collecting your information to storing it and also deleting it.

Contract: We will process your data under the lawful basis of a contract when you have requested us to provide you with a service (e.g. to take part in a training activity or event or donate). We will collect and process personal data to enable us to provide you with the service you have asked to receive. We cannot use this reason to process ‘special categories’ of data.

Consent: We may ask for your permission to use your information, for example to add your details to a mailing list for future communication. To have consent, you will be required to take an action to give your consent which may be ticking a box, subscribing to an online list, or verbally agreeing to our request. Once your consent has been given, you can withdraw your consent at any time by contacting us or unsubscribing from an electronic mailing list.

Vital Interests: We will process your data if it is in your or someone else’s vital interests which would mean that using the data may be lifesaving, for example if someone is presenting with a risk to harming themselves or a child protection issue, we may process your information to advise medical, emergency services or social work services as per our confidentiality agreement. Information which would fall under the category of special information would only be processed under this lawful basis if for some reason you are either legally or physically unable to give your consent.

Legitimate Interests: We are allowed to process your information if it is a legitimate business need or that of another organisation acting on our behalf, however if information is provided that there is a good reason to protect your personal data which overrides our organisation’s interests we would not process this information. This lawful basis cannot be used to process information which falls under the special categories.

Legal Purposes: At times it may be necessary for us to process your data if it is necessary for us to comply with a legal obligation to share information. This lawful basis would include personal information which falls under the special categories.

Employment: For employees, the organisation is entitled to process information including special categories, for the purposes of employment of staff and compliance with Employment Legislation.

Who will see my information?

Your information will only be seen by relevant staff who need to see it in order to provide the service you have requested or make contact with you in relation to a service, donation or purchase you have enquired about, unless there is a valid reason to share it with other staff members – for example where a member of staff would like to discuss your request with another member of staff to enable us to enhance the level of service e.g. training we can offer you.

Your information may also be shared with others in specific circumstance which are detailed in the section entitled Sharing Your Information.

Sharing your information

Sometimes we will share information you have given us with others for specific reasons such as:

It is necessary to share information to provide the service you have requested from us and you would expect us to have to share your information in this way
If we are legally required to do so, for example by a statutory agency legitimately exercising a power to receive the information for example information mandated by a Court
If a situation arises where the organisation believes it is necessary to share information to protect our rights, property, or the personal safety of visitors to our premises or social media platforms
If we are providing services in partnership with another agency who are carrying out work on our behalf. Examples of these partners may be another voluntary agency we have commissioned for a specific project/service, an independent consultant working on our behalf, payment processors, IT professionals, regulating bodies, marketing agencies. We only choose partners we can trust and we’ will only pass personal data to them if they have signed an agreement that requires them to:
- Adhere to the legal requirements of the GDPR
- treat your information and confidentiality as carefully as we do
- only use the information for the purposes it was supplied and never for their own purpose or any other external organisation or person
- allow us to monitor their compliance with this agreement

If our’ relationship with you involves payments we may on occasion have to share your information with financial organisations including auditors/ accountants; credit reference organisations, debt collection agencies.

Sharing Information for Safety

If you share information with us that raises our concern for the safety of yourself or someone else, or relates to an actual or intended crime, we may be obliged to share this information with the relevant authorities and statutory agencies.

Using your personal information for marketing purposes

We distribute marketing information to enable us to tell people about our service, raise awareness of campaigns, gain financial support for the charity and to advertise events and any goods/services we may sell. We will only send you marketing information if you have given us consent to do so, and the format in which you would like to receive information, for example by post, email, sms message.

You can remove your consent for marketing information, or change how you receive this information from us at any time by looking for the unsubscribe link in any of our marketing emails or contacting the office on 0141 572 0237, email us at [email protected] or writing to us at Money Advice Scotland, 5 Redwood Crescent, East Kilbride, G74 5PA.

If you have not yet requested information from us but would like to do so, again please contact us using the information in the previous paragraph.

Storing your information

Information is stored by us on our computer systems, within paper files held within secure filing cabinets on our premises and within secure online services.

To protect the information, we hold we also utilise online backup services for disaster contingency planning in the event of a problem with our own internal systems.

Under the regulations we must not keep your information for any longer than necessary. ‘Our Data Retention Policy details how long we will keep your information for. Our retention timescales are influenced by guidance from public bodies, legal requirement and guidance and experience from individuals who have used our services and what they have told us meets their needs in relation to retaining personal information.

You have the right at any time to request that your information is deleted or no longer used.

Keeping your information secure

We take the storing and security of your personal data and confidentiality very seriously. The organisation has specific security measures in place to protect your information against the risk of being lost, stolen, misused, or altered in any way. For example, only authorised staff will have access to your information, and we use security access levels on all our electronic systems. Whilst we cannot ensure or guarantee that misuse, loss, or alteration of your information will never occur within our systems we have taken every measure possible to ensure the safety and security of your information.

When we no longer need information or you have requested that we no longer hold or use your information, we’ will delete it provided this does not breach any legislative requirements to retain the information

If we are disposing of personal, sensitive information we ensure this is done securely to prevent anyone else from gaining access to the information, For example paper files will be shredded and disposed of using a confidential waste disposal expert, and we use specialist companies to dispose of computers and other electronic data storage equipment.

What we won’t do with your information

we will never sell or share your information to other individuals or organisations to use for their own purposes.

Media Recordings and Footage

‘We´ hold a record of photographs, recordings, film footage and other media taken by us or supplied by any other individuals or organisations working on behalf of Money Advice Scotland.

Most of these media files will be from events and activities organised by us. This information is used to help us to tell others about our services, record progress within the organisation and gather pictorial/audio/video testimony and celebrate individual and organisational successes.

We will never use any media footage which would be personal to you without your consent.

There may be instances at public events and activities where photography or videoing may be taking place and it would not be possible to receive individual consent from all individuals in attendance. In these circumstances, we would take steps to ensure that notices and other methods were used to advise all in attendance that photography or filming or recording was taking place along with guidance on who to contact/approach should you object to your image/voice being used.

We would always advise that before consenting to the use of any images/recordings/footage which would identify you that give careful consideration about how you may feel about this footage being available in the future.

Media footage is used by us in many formats including websites, social media platforms such as Facebook, Twitter, Instagram, Linked in, local press such as radio, TV and newspapers, brochures, reports and newsletters.

We will never use photos, videos or audio footage that feature you without your consent, outwith the exclusion above of public events.

We will never sell or share media footage of you to other individuals or organisations for their own purposes.

If you change your mind at a later point about media content you have consented to us publishing we will make every endeavour to remove this where feasible, however there may be situations where this would not be immediately possible, for example if it would be costly to locate, withdraw and reprint brochures from various sources, information that has been shared with other organisations, information that has been published on the internet on websites that are not our intellectual property. For this reason we would ask that you give this consideration before consenting to taking part in any collection of media footage.

Evaluation and Feedback Information

‘We´ keep a record of evaluation information and individual feedback to help us adapt and improve services. This feedback enables us as an organisation to review practices and procedures to improve but also provides an opportunity for individuals to share their personal experiences and journeys to support others.

All feedback we share to promote services is done so anonymously but you should be aware that if you have given consent for us to use your feedback that this may appear in several formats, for example in brochures/posters, on our website/social media platforms, in marketing and advertising materials.

If with redaction your experience may still personally identify you, we will only ever publish your feedback with your consent. Again, you may withdraw your consent at any time in the future.

Your privacy on other websites

Our websites and social media platforms may link to other websites. Please note this privacy policy only applies to any websites and domains owned by Money Advice Scotland.

Your rights

GDPR gives you the following rights over your information and how we use it:

Access. You have the right to enquire if we hold any personal information about you and to gain access to any personal information, we hold on you.
Right to Rectification: If we hold incorrect information about you, you have the right to have this corrected and to provide additional information if the information we hold is incomplete.
Right to Erasure: In certain cases, where we are not bound by any legislative requirements, you will have the right to ask for the data we hold about you to be erased.
Right to Restrict Processing. In circumstances where there is no legislative requirement, you have the right to ask us to stop using your data.
Right to Data Portability. You have the right to ask for a copy of the information we hold on you and to ask us to transfer that information to you or another organisation.
Right to Object. In certain cases, you have the right to object to us using your personal information. You may also object to the use of your information where it has been collected for direct marketing purposes.
Right to be Not Subject to Automated Individual Decision-Making. You have the right to prevent us from making decisions about you that are based solely on rules used by automatic processors.

More information on individual rights can be found at www.ico.org.uk For more information about your rights go to the website of the Information Commissioner’s Office at ico.org.uk.

Latest

Delegate Pack: Responding to Economic Abuse: A National Debt & Money Advice Conference
Wellbeing Blog: Why Workforce Wellbeing Should Be Built With Staff, Not For Staff

Our Workforce Wellbeing Officer, Chris, discusses how wellbeing strategies are often developed for staff rather than with them and how organisations can strengthen workforce wellbeing by building meaningful commitments with employees.
CHAI (Community Help and Advice Initiative)
Student Webinars