Who we are
Our website address is: https://greatcauses.scot and we are an Edinburgh, United Kingdom based organisation that engage charities and the public in fundraising activities through this site. We aim to be fully compliant with the General Data Protection Regulation by ensuring transparency about processing any data, that you are are aware of your rights regarding your personal data and by limiting our use of personal data to only what is necessary for us to operate within our area of legitimate interest – which is promoting charities and fundraising events to support those charities.
What personal data we collect and why we collect it
Contact forms on this site are designed only to collect data that is relevant to your needs and nothing more. We do not share or sell this data, except as outlined in Who we share your data with below. Examples of personal data we might collect are email address, telephone number and social media handles. We may ask you your age, address, dietary requirements or about your fitness if an event we are running requires this information.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Google Analytics cookies collect information about your use of our website (including your IP address). This information will be stored by Google on servers in the USA. Google will use this information to evaluate activity on our website, creating reports on website activity and providing other services relating to website activity and internet usage.
Google may also pass this information to third parties if they’re legally required to do so, or where such third parties process the information on Google’s behalf. Google does not associate your IP address with any other data held by Google.
Who we share your data with
GreatCauses.Scot shares only relevant data provided by you with the charities and their promoted events for the purpose of engaging you in those events. Your data is not shared with anyone other than the charities or event organisers you choose. We may support you to fundraise through third party sites, for example justgving.com. In this event we may direct you or pass your details to the relevant site but we will always seek your explicit content to do this.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register for events, we also store the personal information they provide for the purpose of managing their event experience and inviting them to similar events in the future. Personal data of this type will be deleted 3 years after last contact or on request by the registrant.
What rights you have over your data
Under the GDPR, you have rights as an individual which you can exercise in relation to the information we hold about you. You can for example request that we rectify, restrict or delete your personal data and unsubscribe you from communications. You can read more about these rights here.
If you have an account on this site, or have left comments or filled in a form, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes, for example if you were currently entered in an event with us we would be obliged to maintain details relevant to that event. You can use any method of contact published on this website or through social media to make this request so long as we can be sure that it is you. In line with the GDPR we will respond to these “Subject Access Requests” within 30 days.
For further information or to raise any concerns please do contact us here via the links on at the base of the page, or our team listed individually from the home page.
How we protect your data
This website is secured by and hosted by 1&1 Internet Limited who manage regular updates to ensure the security of this site, they are GDPR compliant and their privacy notice is available here. An SSL (https) certificate is provided to ensure data transferred via our forms is done so securely.
A database is maintained of entrants and past entrants and charity contacts relevant to specific events and charities. This data is stored in Office365 and secured by Microsoft and only staff that need access are provided secure links to do so. See Microsoft’s Privacy Notice.
Your data is held only in Office 365 to ensure that if it is to be removed, updated or repaired, it can be done with confidence.
What data breach procedures we have in place
We may suspect a data breach for example if a password was been disclosed or we are informed by WordPress, 1&1 Internet Limited or Microsoft that our data has been exposed to a third party. We will investigate and in any instance where we believe that your data may have been exposed and mitigation was not adequate, we will tell you. We may also report the breach to the Information Commissioner’s Office subject to requirements under the GDPR.
What third parties we receive data from
We receive data from the charitable organisations we support in line with their privacy notices for the purpose of managing events we run on their behalf. This data is limited to only what is needed to manage the event effectively and produce the best experience for the event attendees.
What automated decision making and/or profiling we do with user data
We do no automated decision making or profiling of user data.
Complaints or queries about your personal data
GreatCauses.Scot tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with transparency and clarity in mind. It does not provide exhaustive detail of all aspects of GreatCauses.Scot’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If you want to make a complaint about the way we have processed your personal information, you can contact us, or the statutory body which oversees data protection law – https://ico.org.uk/for-the-public/raising-concerns
This policy was last updated 12/6/2018