Privacy & Cookie Policy

The Garioch Partnership (TGP) is committed to protecting and safeguarding any personal data you give us. We may be required by law to collect certain personal information about you or as a consequence of any contractual relationship we have with you. We want you to be confident that your data is secure with us and that you understand how we process it.

Your privacy matters to us, so please do take the time to read our Privacy Policy which explains:

• The information we collect
• How we will use it
• Where we collect it from
• How long we store it
• Our legal basis for processing your personal data
• Your rights and how you can see, update or delete your personal data
• Securing your data

Who Are We / Controller

For the purpose of the General Data Protection Regulations (GDPR), the controller responsible for your personal data is:

The Garioch Partnership

1st Floor, Wyness Hall, Jackson Street, Inverurie, AB51 3QB

SCIO Registered in Scotland Charity Number: SC043548

What information do we collect and what do we use it for?

Personal data or information means any information that can be used to identify you. For example, it can include information such as your name, date of birth, email address, postal address, telephone number, payment details as well as information relating to health & safety requirements

We will use your data to:

• Provide you with the services or information you asked for
• Register you as a member of staff or contractor (emergency contact details will be required)
• Process payments for our services
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
• Where we need to comply with a legal or regulatory obligation
• Where we need to perform the contract, we are about to enter into or have entered into with you
• Ensure we know how you prefer to be contacted
• Understand how we can improve our services or information
• To keep you updated on our products and services

Where do we collect your information from?

We collect your personal information through a number of different sources:

• Via our website
• Paper forms including contact forms, applications etc.
• Through transactions made by phone, by email, via our website or in person
• When you give consent to receiving marketing information

Digital

Website

The Garioch Partnership website is accessible via www.gariochpartnership.org.uk (hosted and maintained by Yep Digital). The website is built in Craft.

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

The Garioch Partnership website may contain direct links or hyperlinks to and from affiliate, partner or advertiser websites. If you follow a link to any of these sites you are leaving The Garioch partnership site and we do not accept any liability or responsibility for these sites, please see their respective privacy policies.

Cookies

We log visitors' domain and IP address automatically; this information does not identify you as an individual, but only the computer that is being used to view the site.

This data is used to see where the site is being used in the world to ensure coverage, and for click stream analysis to help better understand site usage, so that we can improve our service to you. We do not link information automatically logged by such means with personal data about specific individuals.

Information on deleting or controlling cookies is also available at www.allaboutcookies.org. Please note that by deleting our cookies (or disabling future cookies) you may not be able to access certain areas or features of the site.

Social Media

Our website contains social media features such as Facebook, Twitter and You Tube that have their own privacy notices. Please make sure you read their terms and conditions and privacy notice carefully before providing any personal data as we do not accept any responsibility or liability for these features.

eNewsletters | Marketing

We will send you marketing emails and newsletters to keep you updated on our services, news and events. When you engage with us we will ask if you would like to receive marketing communications. You can change your marketing preferences online, over the phone, using the ‘unsubscribe’ link in our marketing emails

1. For business customers, our lawful basis is legitimate interest as it’s necessary to inform business customers and stakeholders about our products/services to grow their business offering and ours. Your information will be securely destroyed 3 years after your last interaction with TGP
2. For consumers, our lawful basis is consent and will be securely destroyed 1 month after consent is withdrawn.

The Garioch Partnership uses third party eNewsletter software, Mailchimp, to manage subscriptions and as a delivery mechanism. Their privacy policy is monitored by TRUSTe, and they have certified their compliance with the EU-U.S./Swiss-U.S. Privacy Shield Frameworks. For further information, please view Mailchimp’s Privacy Policy.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, volunteers, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain services, you are responsible for keeping this password confidential.

• Using Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive information, such as credit card details
• Limiting access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities are allowed access)
• Putting in place physical, electronic, and procedural safeguards in line with industry standards

Your Rights

Under the General Data Protection Regulations, you have rights as an individual which you can exercise in relation to the information we hold about you.

We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.

In some situations, you may have the;

• Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
• Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.
• Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
• Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
• Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.
• Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
• Right to portability. You may transfer the data that we hold on you for your own purposes.
• Right to request the transfer. You have the right to request the transfer of your personal information to another party.

Individuals can find out if we hold any personal information by making a 'right of access' request. More information can be found at https://ico.org.uk

If we do hold information about you, we will:

• Give you a description of it;
• Tell you why we are holding it;
• Tell how long we keep in for and the lawful basis for doing so;
• Tell you who it could be disclosed to; and
• Let you have a copy of the information in an a commonly used electronic format, unless the individual requests otherwise.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

We may retain your personal data for a longer period where such retention is necessary for compliance with a legal obligation to which we are subject (The Act of Limitation), or in order to protect your vital interests or the vital interests of another natural person, or in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Changes to our Notice

This Privacy Policy replaces all previous versions. We may change the Policy at any time so please check it regularly on our website for any updates. If the changes are significant, we will provide a prominent notice on our website including, if we believe it is appropriate, electronic notification of Privacy Policy changes.

Contact

If you have any questions about this Policy, including any requests to exercise your legal rights, please contact: info@gariochpartnership.org.uk

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

The Garioch Partnership

Last update: December 2020