This privacy notice lets you know what happens to any personal data that you give to us or any that we may collect from or about you. It applies to all services and instances where we collect your personal data. This privacy notice applies to personal information processed by or on behalf of Cycling Without Age Scotland (CWAS).
Changes to this Privacy Notice
We may change this privacy notice from time to time by updating this notice to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website: https://www.cyclingwithoutage.scot.
Data Protection Officer
We’re based at CWAS Offices, The Flat, Glenbervie Golf Club, Stirling Road, Larbert, FK5 4SJ. We are a Data Controller of your personal data and have a dedicated Data Protection Officer (“DPO”). You can contact the DPO by writing to the above address, marking it for the attention of the DPO.
What kinds of personal information about you do we process?
Personal information that we’ll process in connection with all our services, if relevant, includes:
- Personal and contact details, such as title, full name, contact details and contact details history;
- Your date of birth, gender and/or age;
- Records of your contact with us;
- Information we obtained from third parties;
- Information about your health or if you are a vulnerable person;
- Your residency and/or citizenship status, if relevant, such as your nationality, your length of residency in the UK and/or whether you have the permanent right to reside in UK.
What is the source of your personal information?
We’ll collect personal information from the following general sources:
- From you directly, and any information from family members;
- Information generated about you when you use our services;
- From other sources such as publicly available directories and information (for example, telephone directory, social media, internet, news articles).
What do we use your personal data for?
We use your personal data for the following purposes:
- Managing any aspect of the service;
- To improve the operation of our organisation;
- To follow guidance and best practice under the change to rules of regulatory bodies;
- For management and auditing of our organisation operations, including accounting;
- To monitor and to keep records of our communications with you and our staff (see below);
- To administer our good governance requirements – for example internal reporting and compliance obligations or administration required for Annual General Meeting (“AGM”) processes;
- To process any donations made to CWAS
What are the legal grounds for our processing of your personal information (including when we share it with others)?
We rely on the following legal bases to use your personal data. Where it is in our legitimate interests to do so, such as:
- Managing and updating your records;
- For management and audit of our organisation’s operations, including accounting;
- To carry out monitoring and to keep records of our communications with you and our staff;
- To administer our good governance requirements – for example internal reporting and compliance obligations or administration required for AGM processes;
- Where we need to share your personal information with people or organisations to run our organisation or comply with any legal and/or regulatory obligations;
- To comply with our legal obligations.
With your consent:
- For some of our processing of special categories of personal data – for example about your health, if you are a vulnerable person, or some criminal records information.
When do we share your personal information with other organisations?
We may share information with the following third parties for the purposes listed above:
- Governmental and regulatory bodies, such as the Information Commissioner’s Office;
- Other organisations who provide services to us, such as back-up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other “back office” functions.
How and when can you withdraw your consent?
Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.
What should you do if your personal information changes?
You should tell us, so that we can update our records, using the Contact Us section of our website. We’ll then update your records if we can.
Do you have to provide your personal information to us?
We will be unable to provide you with some services if you do not provide relevant information to us. In cases where providing some personal information is optional, we’ll make this clear.
Do we do any monitoring involving processing of your personal information?
In this section, “monitoring” means any: listening to, recording of, viewing of, intercepting of or taking and keeping records (as the case may be) of calls, e-mails, text messages, social media messages, in person (face-to-face) meetings and other communications. We may monitor where permitted by law, and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.
For how long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we have reasonable organisational needs, such as managing our relationship with you and managing our operations;
- For as long as we provide services to you;
- Retention periods in line with legal and regulatory requirements or guidance.
What are your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws, but they don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are appropriate or not. The right of data portability only became relevant from May 2018.
- The right to be informed about the processing of your personal information;
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
- The right to object to processing of your personal information;
- The right to restrict processing of your personal information;
- The right to have your personal information erased (the “right to be forgotten”);
- The right to request access to your personal information and to obtain information about how we process it;
- The right to move, copy or transfer your personal information (“data portability”);
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you;
- You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/
Your right to object
You have the right to object to certain purposes for processing, to data processed for direct marketing purposes and to data processed for certain reasons, even though based on our legitimate interests. You can contact us to exercise these rights.