Privacy policy

At the Scottish Seabird Centre, we treat your privacy very seriously. We promise to ensure it is stored securely and privately. It will only be handled and used according to the consent that you have explicitly given us. If you have any questions about our privacy policy, please do not hesitate to get in touch: info@seabird.org

Who controls your data?

The Scottish Seabird Centre is a charity registered in Scotland (charity no. SC025837). Our registered address is The Harbour, North Berwick, EH39 4SS.

In this privacy policy ‘we’, ‘us’ and ‘our’ means the Scottish Seabird Centre.

It is important to us that we keep your data as secure as possible. On most occasions we will be the Data Controller responsible for storing and handling your data.

On some occasions, for particular transactions, we will need to provide data to our trusted partners in order to be able to process the service / product you have requested.

Examples include: storing your data securely in a cloud-based (internet-hosted) database; using a financial services company to complete a Direct Debit or transaction.

In each case, we have selected these trusted partners because they have a robust privacy policy and are able to provide secure services which we are unable to deliver within our own resources.

If you would like more information about which of our partners is involved in processing your data, or to read their privacy policy (which will be available on their website) please get in touch.

What rights do you have?

We comply with the data protection laws in the United Kingdom and General Data Protection Regulation (GDPR). We take all possible, reasonable steps to prevent any unauthorised access to your personal data.

From time to time, we will be required to amend this privacy policy, to ensure we remain compliant with the above rules. Any changes will be published on our website.

We are only able to store, handle and use your data for the reasons you have given in your explicit consent. We will keep a note of the date and details of your consent together with your personal data. You have the right to review, alter or change your mind about this consent at any time. Please contact us if you wish to do so.

You have the right to view the information that we hold on you. You may ask to view this as reasonable intervals and we will respond within 1 month.

You have the right to know how we collect data, what we do with it and how we process it. The details are within this privacy document.

You can ask for your data, if incorrect or incomplete, to be rectified at any point.

We will only collect data from you for a specific purpose (eg to process your membership or a donation, or to sell you a product or service you have requested). You have the right to request your data be deleted if it is no longer necessary for the purpose you agreed to. You have the right to demand your data be erased if you withdraw your consent or object to the way it is being processed. We will no longer be able to use your data for any purpose (eg to process direct debits or contact you).

Please contact us regarding any of the above rights.

What if you're giving us someone else's data?

This privacy policy contains the detail about how we use your data.

If you are providing us with someone else’s data, please ask them to read this policy, or make sure they have it explained to them (eg children, vulnerable adults). By giving us information about other people, you are confirming that they have given you their consent to share their data with us.

How we use your data

We need to store and handle specific personal data in order to provide the services you have requested. We are only able to do this with your explicit consent.

Financial data

We will use the financial data you have provided to:

Contact data

Where you have consented, we will use your contact details to:

Thank you for donations or other support you have given us

Let you know how we will record your support / donation

Keep you updated with details of our vital education and conservation work eg via our members’ magazine or enewsletters

Let you know about opportunities to get involved with our charity eg upcoming events, volunteering programmes, fundraising appeals

When you give us consent to contact you, you will be able to choose the following options:

*We will only telephone you if there is something very important and we cannot get hold of you another way eg to alert you to a change of banking processes or other details.

Keeping track

It is important to us that we keep a note of any changes to your details and preferences, so that we can continue to provide you with the best possible service. To do this, we will keep a record of our contact and transactions with you and any relevant information you give us, eg a change in address / circumstances / preferences.

All of the above data will be stored securely and privately and not shared with any third parties for marketing or other purposes. All data stored will be appropriate, relevant and not excessive.

We may use third parties to process personal information on our behalf. We will only do this where we are unable to provide the service ourselves eg processing Direct Debits.

Where third parties process your personal information on our behalf, we will ensure that they have the necessary high standards of security in place, so that your data is kept secure and only used in accordance with this Privacy Policy.

How we store your data

We make every effort to ensure your data is stored as privately and securely as possible.

Access to your data is strictly limited, restricted to those people involved in delivering the services you have requested. Examples include: password protected databases, computers/offices secured when unstaffed.

Specific, senior staff members are allocated particular areas of activity eg fundraising, membership, marketing. This includes being responsible for ensuring your data is stored and handled securely and privately.

The Scottish Seabird Centre has a GDPR committee who are responsible for ensuring we continue to comply with data protection laws.

What happens if there's a data breach?

It is our responsibility to inform the Data Protection authority as soon as we become aware of a data breach (within 72 hours).

It is also our responsibility to contact everyone affected by the data breach before we contact the Data Protection authority.

Should we have reason to suspect a data breach, we will contact you with the nature of the data affected, how many people are impacted, the potential consequences and the measure we have in place to correct this.

If you have any questions about our privacy policy and practices, please do not hesitate to get in touch.