The Scottish Police & Community Choir, (SPCC) understands that its use of your information requires your trust. SPCC is committed to the highest standards of data privacy and will only use your information for clearly described purposes and in accordance with your data protection rights.
The company covered by the statement is the Scottish Police & Community Choir.
SPCC is responsible for and is the Data Controller of your personal information that it receives through the company website and from information supplied to us through application for membership.
The main ways we collect your personal information include:
The following types of personal information about you may be collected:
Use of personal information under EU data protection laws (also known as GDPR) must be justified under one of a number of legal grounds and we are required to set out the grounds in respect of each use in this policy.
The main uses of your information are:
Support and Emails
SPCC will use your information to respond to enquiries and to bring you news and offers, keeping you up to date.
SPCC uses your personal data for customer care and for personalised communication of the choir.
In order to ensure that you receive relevant and personalised communications, we will use your data to create an individual customer profile. We will not share your information with anyone else.
To improve our products and services, SPCC may use any of the information that it receives for product and service quality assurance and development purposes. Before any such use is undertaken your information will be de-personalised so it cannot be directly linked back to you.
To comply with our legal obligations to law enforcement, regulators and the court service, we may be legally required to provide your information to law enforcement agencies, regulators and courts and third party litigants in connection with proceedings or investigations anywhere in the world. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Legal grounds for processing of your personal information
The use of your information set out above is permitted under EU data protection law on the basis of these principal legal grounds:
Where you have consented to the use (you will have been presented with a consent form in relation to any such use and may withdraw your consent at any time through:
Sending an email to firstname.lastname@example.org
Where necessary to enter into or perform our contract with you;
Where we need to use it to comply with our legal obligations;
Where we use it to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights (our legitimate interests include promoting SPCC.
Where necessary for us to defend, prosecute or make a claim against you, a third party or us.
There may be uses that are permitted on the basis of other grounds; where this is the case we will use reasonable endeavours to identify the ground and communicate it you as soon as possible after becoming aware of the new basis.
We will not transfer your data to any third parties without your consent. We use a variety of security measures, including encryption and authentication tools, to help protect and maintain security, integrity and availability of your information. Although data transmission over the Internet or website cannot be guaranteed to be secure, we and our business partners work hard to maintain physical, electronic and procedural safeguards to protect your information in accordance with applicable data protection requirements. Our main security measures are:
Tightly restricted personal access to your data on a ‘need to know’ basis and for the communicated purpose only
Transferred collected data only in encrypted form
Firewalled IT systems to prohibit unauthorised access e.g. from hackers
Permanently monitored access to IT systems to detect and stop misuse of personal data.
If you have a personal password which enables you to access certain parts of our websites or any other portal, app or service we operate, do not forget your responsibility for keeping this password confidential. We ask you not to share your password with anyone.
We retain your information only as long as is necessary for the purpose for which we obtained them and any other permitted linked purposes. If information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires. We restrict access to your information to only those persons who need to use it for the relevant purpose. Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised or destroyed securely.
Use to perform a contract:
In relation to your information used to perform any contractual obligation with you we may retain that data whilst the contract remains in force plus one year to deal with any queries or claims thereafter. This only relates to choir business.
Where claims are contemplated:
In relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that data for as long as that claim could be pursued.
You can change your preferences, or withdraw your consent in relation to how SPCC use your personal information in one of the following ways:
Sending an email to email@example.com
You are also able to request information about your data stored at SPCC as well as request the correction, deletion or restriction of your personal data for analytics and/or marketing use.
What are cookies?
Cookies are small text files that are placed on your computer, smartphone or other device when you access the internet.
Why are cookies essential to our website?
None of the cookies we use collect your personal information and they can’t be used to identify you.
Types of cookies.
The length of time a cookie stays on your device depends on its type. We use one type of cookie on our website.
Session cookies are temporary cookies which only exist during the time you use the website (or more strictly, until you close the browser after using the website). Session cookies are used to ensure that page content accessed after an authorised login are accessible only to the user who has logged in using an authenticated login and password.
The session id is sent to the user when his session is created. It is stored in a cookie (called, by default, PHPSESSID ) that cookie is sent by the browser to the server with each request. The server (PHP) uses that cookie, containing the session_id, to know which file corresponds to that user.
When you leave the website and close the browser, this session cookie should be removed by your browser.
Browser “Remember Password” Cookies
When browsing the internet, username and passwords are required to access private areas. Web browsers will prompt the user before saving these passwords. Once the password is saved, it will automatically appear and only a single click to login is required. Anyone with access to your login will have access to these secure websites.
When browsing the internet, a small amount of text containing some information, as defined by web sites that you visit, is saved. This is called a cookie. It is designed to aid in your browsing, but it can be benign and/or malicious. Clearing cookies is optional, but please be aware that this occurs.
How to control and delete browser cookies
If you want to restrict or block these cookies, you can do this through your browser settings. The ‘help’ function within your browser should tell you how.
Alternatively, you could visit www.aboutcookies.org, which contains comprehensive information on cookies on a wide variety of browsers. You’ll also find details on how to delete cookies from your computer. To learn about controlling cookies on the browser of your mobile device please refer to your handset manual
If you have any questions in relation to our use of your information you should first contact SPCC in one of the following ways:
Sending an email to firstname.lastname@example.org
Under certain conditions you have the right to require us to:
Provide you with further detail on the use we make of your information;
Provide you with a copy of your information;
Update any inaccuracies in the information we hold about you;
Delete any information about you that we no longer have a lawful ground to use;
Remove you from any direct marketing lists when you object or withdraw your consent;
Provide you with your personal information in a usable electronic format and transmit it to a third party (right to data portability);
Restrict our use of your personal information;
Cease carrying out certain processing activities based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) and the rights of third parties.
If you are dissatisfied with our use of your information or our response to any exercise of these rights you have the right to complain to your data protection authority, this in the UK is the Information Commissioner’s Office (click ICO for more information).