THE ST. JOHNSTONE COMMUNITY TRUST PRIVACY POLICY

Introduction

This is our Privacy Statement. It explains how the The St. Johnstone Community Trust (“the Trust”, “we”, “us”, “our”) obtains, uses and keeps your personal data safe and secure.

We are a Scottish Charitable Incorporated Organisation (SCIO), registration number SCO46478, and our registered office address is McDiarmid Park, Crieff Road, Perth, PH1 2SJ.

We are committed to protecting the privacy of any personal data we hold for you and we will comply with all relevant General Data Protection Regulation (GDPR) legislation.

For the purposes of GDPR, The St Johnstone Community Trust is the data controller and we are registered with the Information Commissioner’s Office (ICO) in the UK.

We may update our Privacy Statement occasionally. Please check this page regularly for any updates.

By engaging with our services, you are agreeing to be bound by this notice.

Any questions regarding our privacy practices should be sent by email to: admin@saintsinthecommunity.co.uk.

How we collect personal data

We primarily collect your personal data directly from yourself or from your parent/guardian. In some circumstances it can be collected via third parties e.g. schools, local authority.

It is our policy that children under 16 years old must have their registration form completed by a parent/guardian and by submitting these details, the parent/guardian gives consent to process their child’s details.

We use your information to allow you, or the individual you are registering, to participate in our activities.

We ask our participants to share only the minimum personal data required for the agreed purposes.

Where we need to process personal data about third parties connected with you, we ask that you share this privacy notice with those concerned (e.g. family members).

The Trust will endeavour to undertake an annual review to ensure data accuracy.

What personal data will we collect?

To register you, or your child, with our services, we need to know

  • the participants full name

  • date of birth

  • contact details

  • emergency contact details

  • medical information.

We may also request other information such as:

  • address and postcode

  • gender

  • gift aid status.

When paying for our services, we may collect credit/debit card details, but will not hold these details anywhere for future use.

If you chose not to provide us with your personal data, it may prevent you from engaging in our services. Any data collection which is optional will be made clear at the point of collection.

How we use your personal data

We take all reasonable steps to ensure your personal data is processed securely and we will only use your personal data where:

  • we have your consent (if consent is required)

  • we need to use the information to comply with our Legal Obligations

  • is in our legitimate interests and there is no disadvantage to you – this includes contacting you about services and projects, marketing, or collaborating with others to improve our services.

Special protection is given to any medical information you provide. We will only use this information where:

  • we have a legal obligation to do so

  • it is in our legitimate interests

  • it is required when acting in your, or your child’s vital interests (e.g. a life-threatening emergency while participating in our programmes)

Who we share your personal data with

Who we share your data with is largely dependent on the programme which you are enrolled for. This includes, but is not limited to:

  • Staff employed to deliver our services;

  • Volunteers who assist and help to deliver our services;

  • The Scottish Football Association

  • SPFL Trust

  • Perth and Kinross Council

  • PayPal

  • Pay Zone

  • Other funding bodies where relevant

We may also share personal data with our suppliers who process the data which we hold (e.g. IT service providers, marketing platforms). Where our suppliers process your personal data on our behalf, we require them to put in place the appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes, in accordance with our instructions and under a GDPR compliant processing agreement.

Information security

The security of your data is important to us.

We have adopted appropriate security procedures to protect our paper-based systems and computerised databases from loss and misuse.

We have procedures to deal with any suspected personal data breach and will notify you, and any applicable regulator of a breach, where we are legally required to do so.

Where a password is required to access certain areas of our digital platforms, you are responsible for keeping your password secure and confidential. Please do not share or disclose your password to any other person.

Although we will do everything we can to protect your personal data, we cannot guarantee the security of your details transmitted to us via the internet; any transmission is at your own risk.

Our website may, from time to time, contain links to and from websites of third parties. Should you follow any such link, you should be aware that any services which may be accessible through them have their own privacy notices. We do not accept any responsibility or liability for these notices or for any personal data which may be collected through them, such as contact and location data. Please check these notices before you submit any personal data or use the services.

How long will we keep your personal data?

We will keep your personal data for as long as we consider you to be an active participant of Saints in the Community.

After you cease to be an active participant, we may keep your personal data for up to 7 years for one of these reasons:

  • To respond to any questions or complaints.

  • To show that we treated you fairly.

  • To maintain records according to rules which apply to us.

We may keep your personal data for longer than 7 years if we cannot delete it for legal, regulatory or technical reasons.

We may also keep your data for research or statistical purposes. If we do, we will make sure that your privacy is protected and anonymised where appropriate.

Marketing

We may use your personal data to tell you about relevant services, events and opportunities.

We can only use this data to send you marketing messages if

  • we have your consent

  • we believe it is within your reasonable expectations and wouldn’t have an unwarranted impact on you i.e. ‘a legitimate interest.’

You can ask us to stop sending you marketing messages by contacting us at any time. Please contact admin@saintsinthecommunity.co.uk to do this.

If you change your mind you can update your choices at any time by contacting us.

Individual rights and how to access them

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. The rights which individuals have, and how to exercise them, are detailed below.

Access to Personal Data

You have the right to ask us for a copy of the personal data we hold for you. Please email us at admin@saintsinthecommunity.co.uk to exercise this right.

These rights may be limited, for example, if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.

We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

To speed up our response, we may contact you to ask you for further information in relation to your request.

We may also need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Amendment of personal data

You have the right to correct and update the personal information which we hold for you.

It is important to us that the information we hold for our participants is current and accurate. Please email or call and we will endeavour to update this information as soon as practically possible.

Right to erasure, right to restrict, right to object

In certain circumstances you have the right to request that we erase your data. Please note this is not an absolute right and there may be circumstances where we choose to delete only some of the personal data we hold. More information about your right to erasure can be found on the ICO website.

You can also object to, or restrict, the processing of your personal data (e.g. where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).

Withdrawal of Consent

Where we process personal data based on consent, participants have a right to withdraw that consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis). To withdraw consent to the processing of your personal data please email us at admin@saintsinthecommunity.co.uk

To stop receiving emails from a Trust marketing list, please follow the opt-out instructions in the relevant email.

Please note that if you withdraw your consent, this does not affect the legality of our processing prior to that date.

To exercise any of these rights, you can submit a request to admin@saintsinthecommunity.co.uk or by writing to us at:

Information Request

The St Johnstone Community Trust

McDiarmid Park

Creiff Road

Perth

PH1 2SJ

Complaints

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to admin@saintsinthecommunity.co.uk.

By way of an internal investigation, we will consider and respond to any complaints which we receive.

You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) (the UK Data Protection Regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website.

This privacy policy was last updated on 7 February 2019.