This Privacy Policy was last updated on 5/10/2022.
This is the Privacy Policy for the Shieling Project Community Interest Company, including www.theshielingproject.org (the “site”). The site is operated by or on behalf of The Shieling Project Community Interest Company (“we”, “us” and “our”). Our registered company number is SC455760, and our registered office is located at Dunmaglass, Struy, Beauly, Inverness-shire, IV4 7JX.
We are committed to protecting and respecting your privacy including when booking with us online. We appreciate that you do not want your personal data distributed indiscriminately and this Privacy Policy (together with our Terms and Conditions and any other documents referred to on it) sets out the basis on which any personal data that we collect from you, or that you provide to us, will be collected and processed by us and what controls you have. Please read the following Privacy Policy carefully to understand our views and practices regarding your personal data and how we will collect, process, protect and treat it.
Summary:
Please read on for more detail
For the purpose of the Data Protection Act 2018 (the Act) and the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR), the data controller is the Shieling Project Community Interest Company.
By booking to visit the Shieling Project, including using the site, you agree to the collection and use of your personal data in accordance with this Privacy Policy.
You are under no obligation to provide any such personal data. However, should you choose to withhold the requested personal data, we may not be able to host you at the project as there are key pieces of information we require to ensure your safety.
We reserve the right to change this Privacy Policy from time to time by changing it on the site or by updating it on the application.
1. PERSONAL DATA WE MAY COLLECT FROM YOU
For the purpose of this Privacy Policy, “personal data” shall have the meaning defined by Article 1 of the Act and Article 4 of the GDPR.
1.1 If you contact The Shieling Project for any reason, we will note certain personal information about you, such as your name, email address, and possibly phone number if you give it to us. We will use this information to respond to you, on the basis of our legitimate interest under Article 6 of the GDPR.
1.2 Collection of personal data related to booking an experience at the Shieling Project:
When booking to come to the Shieling Project (either yourself or your child) there are pieces of information we require to keep you safe, these include:
Your contact details:
Mobile phone number;
First name;
Last name;
Email address;
Address
Date of Birth; and
Gender
If you are coming on a visit to the Shieling Project we will also need a second contact – to call in the case of an emergency
We will need:
Dietary information
Any relevant health issues
If you are booking a child on a visit to the Shieling Project we will need the following:
A second contact to call if you are unavailable in the event we need to speak to a parent / guardian
First name;
Last name;
Date of Birth
Pronoun preferences
Dietary information
Any relevant health issues
When you book you can opt out of being part of any photography. Photographs are used to report on our work at the Shieling Project through our website and social media and to our funders.
All this information, gathered at the point of booking is stored in our secure database on our website
We will retain this information for up to five years to cover an insurance issues we may need to. At this point your data will be forgotten, unless you continue to use our services!
When you book you will be asked to pay through Stripe. This is a very large and reputable online payment system used by companies like Booking.com, Amazon and eBay. Stripe is responsible for saving and protecting your card information – we do not have access to it – and they have a dedicated team constantly working to maintain their security. This is a much safer system for you than the Shieling Project taking payments directly.
1.3 Collection of personal data related to our customers and prospective customers:
If you subscribe to our newsletter, we will send you regular marketing emails to keep you informed about our products and services. You can unsubscribe at any time, by clicking on the unsubscribe link. We will use a third party email platform called MailChimp to send these emails. The only data MailChimp keeps is your name and e-mail address.
1.4 Collection of personal data related to our staff and prospective staff:
We will collect your first name, last name, email, phone number, address, resume/CV, cover letter, entitlement to work in the country, salary expectations and date of availability when you apply for an open position through our “Careers” section (processing based on our legitimate interest underArticle 6 of the GDPR).
If you are invited to an interview, we may make interview notes in order to support your application and to decide on the best hire for the job we have available. We do not keep this information for any longer than is necessary if your application is unsuccessful.
If you are offered a job, it will be subject to pre-employment checks such as work history, education history, and PVG criminal background check. We rely on the legal basis of legitimate interest to carry out these checks.
We maintain files on our staff during their employment, such as annual leave, sick leave, employment contract, performance appraisals etc. We maintain these files to uphold our legal obligations, for the performance of a contract and to protect your vital interests. If you leave our employment, we will retain this information in accordance with statutory retention periods.
To the extent that we process personal data about you that falls under the bracket of “special categories”, we will process it under the condition of Employment, social security and social protection (Schedule 1 of the Act).
We will process your bank account details and tax information for the purposes of paying you your salary, on the legal basis of our legal obligations and performance of a contract.
2. WHERE AND HOW WE STORE YOUR PERSONAL DATA
2.1 We make our best efforts to ensure your personal data is kept secure and protected from accidental loss or unauthorized access, use or alteration, through the following structural and technical measures:
Maintaining ISO 27001 Certification.
Confidentiality clauses in all of our employment and service agreements with natural or legal persons having access to personal data;
Computers and email accounts of all of our employees being password protected;
Encryption of the personal data while in transport through the https protocol;
Encryption of the personal data while at rest;
Encryption of the backups including personal data;
Personal data stored on secured servers and infrastructures;
Permissions of access to documents including personal data regularly reviewed and monitored; and
Regular monitoring of the usefulness of stored personal data and deletion of all personal data no longer required for the purpose for which it was collected.
Using data processors which carry security certification such as ISO 27001.
2.2 Unfortunately, and despite our efforts, the transmission of information via the internet is not completely secure. Although we will take reasonable precautions to protect your personal data, we cannot guarantee the security of your data transmitted to the site or application; please note that any such transmission is at your own risk. Once we have received your personal data, we will use our procedures and security features to try to prevent any unauthorised access.
2.3 All personal data you provide to us is stored on our secure servers.
2.4 It is advisable to close your browser when you have finished your user session to help ensure others do not access your personal data if you use a shared computer or a computer in a public place.
3. USES MADE OF THE PERSONAL DATA
3.1 Please find below a description of the purposes for which we use the personal data you may provide us while using the site or visiting the Shieling Project.
3.2 The personal data provided may be used for the following purposes:
Authentication and administration of your account, confirming your booking;
Gathering payment for your visit;
Communicating with you about your or your child’s trip;
Making sure you or your child are safe and properly catered for on your visit to the project;
Letting you know about other opportunities at the Shieling Project (if you opt in to the newsletter)
3.3 The personal data provided while subscribing to our newsletter may be used for the following purposes:
Send our newsletter;
Address an unsubscription request.
3.4 We may contact you by electronic means (e-mail), phone or post.
4. DISCLOSURE OF YOUR PERSONAL DATA
4.1 We will not disclose your personal data to anyone outside of the staff and management of the Shieling Project. The exceptions to this are very limited information provided to MailChimp and Stripe – see above.
5. MONITORING
5.1 We may monitor and/or record our communications with you, on whatever channel, for quality, training, fraud detection and compliance purposes.
6. YOUR RIGHTS
6.1 You have a certain number of rights in relation to our processing of your personal data which are being summarized in this clause.
Provided it is applicable, you should do the following in order to exercise this right: contact us through the website. You will be asked to prove your identity. Please specify the personal data which you want to erase.
In order to exercise this right, you should: contact us through the website. You will be asked to prove your identity. Please specify the personal data which you want to erase.
In order to exercise this right, you should: contact us through the website. You will be asked to prove your identity.
7. CHANGES TO OUR PRIVACY POLICY
7.1 Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.
7.2 You should check our Privacy Policy on a regular basis to ensure you are aware of its most recent version, as it is the latest available version of this Privacy Policy that shall apply each time you access the site or application.
8. CONTACT
8.1 Questions, comments and requests regarding this Privacy Policy are welcome and should be addressed by email to sam@theshielingproject.org or by post to our registered address mentioned above.
9. THE SHIELING PROJECT USE OF COOKIES
9.1 When you interact with the site, we try to make that experience simple and meaningful. When you visit the site, a web server sends a cookie or other similar technology to your computer or mobile device (as the case may be). Cookies are small pieces of information which are issued to your computer or mobile device (as the case may be) when you visit a website or access to a mobile application and which store and sometimes track information. A number of cookies we use last only for the duration of your web session and expire when you close your browser or exit the application. Other cookies are used to remember you when you return to the site or application and will last for longer.
9.2 We use cookies for the following purposes:
9.3 We may store information about you using cookies which we can access when you visit our site or use the application in the future.
9.4 Cookies do not usually include personal data, however they may contain the type and version of internet browser you use, the type, manufacturer and model of the computer or mobile device you use, any website from which you have come to the site or application, your IP address, the operating system of your computer or mobile device and internet log information.
9.5 If you want to delete any cookies that are already on your device, please refer to the instructions for your file management software to locate the file or directory that stores cookies.
9.6 Information on deleting or controlling cookies is available at www.AboutCookies.org . Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our site.
9.7 We work with external suppliers who may also post cookies on the dashboard, such as:
Google analytics
This list may evolve in the future, in which case this Privacy Policy will be updated accordingly.
9.8 These external suppliers are responsible for the cookies they post on the dashboard and, for more information about these cookies, you should refer to their specific privacy policies.