1. Brief Summary:
We collect information about you for two main reasons:
- Transactional: to process donations to the Iolaire Centre Limited Charity as a single one-off payment or annual recurring membership.
- Marketing Related: to provide you with news updates regarding the Iolaire Centre.
This Policy applies to you, the User of this Web Site, and Iolaire Centre Limited, the owner and provider of this Web Site. This Policy applies to our use of any and all Data collected by us in relation to your use of the Web Site and any Services or Systems therein.
2. Who We Are:
Iolaire Centre Limited is a private limited company registered in the United Kingdom with company number SC591764.
Iolaire Centre Limited is also a registered charity in the United Kingdom with charity number SC048240.
Our registered office is:
Iolaire Centre Limited,
Stornoway, Isle of Lewis,
If you have any questions about how we look after your personal data, you can contact us:
- In writing, at the address above. Please mark your letter for the attention of the Data Protection Officer.
- By email to this address: firstname.lastname@example.org.
3. Your Rights as a Customer:
The GDPR includes the following rights for individuals:
- The right to be informed.
- The right to access any information we hold on you.
- The right to have information held by us updated.
- The right to have your information removed from our databases.
- The right to restrict processing.
- The right to object.
- The right not to be subject to automated decision-making, including profiling.
4. SECTION 1 – PERSONAL INFORMATION
‘Personal information’ refers to any information which can identify an individual – either directly or indirectly. It can refer, amongst other things, to a customer ID, or to one or more specific identifying pieces of information, such as a name, ID number, email address, postal address or telephone number.
4.1 What data do we collect from you?
When you browse our website or carry out actions such as the following:
- Create an account for membership,
- Donate to the Iolaire Centre (with an account or as a guest),
- Comment on any pages on this website,
- Sign up to our mailing list,
- Correspond with us whether by phone, email, or mail,
- Engage with us on social media.
Then, we may collect your personal information, including:
- Contact Information (email address, phone or mobile number),
- Demographic Information (postal address including postcode, preferences and interests),
- Encrypted password and payment information,
- Technical information about how you access and use our websites, including your IP address, browser type, activity, referring URL and operating system (automatically collected),
- Cookies (see section 6 below for more information).
4.2 What do we do with this data?
We use your information for the following reasons:
- To process your donations. We use relevant personal information described above (including your name, address and payment details) to process your donation or other payments, to claim Gift Aid on UK donations and to verify any financial transactions.
- To improve our website and services. We use your personal information to help analyse, understand and improve our website based on the way you use it.
- To update you with important administrative messages about your donation.
- To keep a record of your relationship with us.
- To comply with the Charities (Protection and Social Investment) Act 2016. We must also follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations.
- Fraud Prevention. To prevent or detect fraud or abuses of our site.
- Marketing. If you consent and sign up to receive communications from us, we will use your information to notify you of information relating to the Iolaire Centre and project progress.
4.3 How long is this data kept?
- Customer and donation information will be kept securely on our system until you ask us to remove it. Note: Purchase information retention is subject to regulatory mandates we must adhere to, e.g. 7-year data retention requirements for tax reporting purchases.
- Encrypted Credit Card information will be purged every 365 days.
- Mailing List Subscriptions will remain active until you opt out from specific lists.
- Cookies – please refer to section 6 below for more information on cookies and cookie duration.
5. SECTION 2 – CONSENT
5.1 How do you get my consent?
When you provide us with personal information to complete a payment for a donation, whether one-off or recurring membership, we are acting on the lawful basis of a contractual obligation to you which requires us to collect the necessary personal information.
If we ask for your personal information for marketing purposes, e.g. to email you with news updates, we will request your permission explicitly, if not already granted.
5.2 How do I withdraw my consent?
If you change your mind after you’ve opted in, you can withdraw your consent to marketing communications. Marketing will be terminated and any data specifically used for marketing purposes alone will be deleted.
Financial transaction data will be maintained as required by law.
You may opt-out by clicking the unsubscribe link on our emails or by emailing us at email@example.com.
6. SECTION 3 – DISCLOSURE
We may disclose your personal information if we are required by law to do so or if required to fulfil our obligations under our agreement with you.
7. SECTION 4 – THIRD-PARTY SERVICES
In general, the third-party providers we use will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
We currently use the following companies who will process your personal data as part of their contracts with us :
- WooCommerce (to manage and store donations),
- WorldPay (to process payments),
- Google (to collect technical information for trends, excluding IP address),
- MailChimp (to manage email marketing).
Certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies with respect to the information we are required to provide to them for your purchase-related transactions.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider other legal obligations may be placed upon them by the laws of their jurisdiction.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
8. SECTION 5 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
Any debit or credit card details which we receive on our website are passed securely to WorldPay, our payment processing partners, according to the Payment Card Industry Data Security Standards.
Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured and encrypted using secure socket layer technology (SSL).
9. SECTION 6 – COOKIES
A Cookie is a small file that resides on your computer’s hard drive and often contains an anonymous unique identifier and is accessible only by the web site that placed it there, not any other sites.
Cookies are not computer programs, and can’t read other information saved on your hard drive. They cannot be used to disseminate viruses or get a user’s email address etc. They only contain and transfer to the website as much information as the users themselves have disclosed to that website.
You may delete Cookies, however, you may lose any information that enables you to access the Web Site more quickly or enjoy a custom experience.
You can choose to enable or disable Cookies in your web browser. By default, your browser will accept Cookies, however, this can be altered. For further details, please consult the help menu in your browser.
From 26th May 2012 and in line with EU Cookie Directive, you can view details of types of Cookies that may be used on our website by clicking the “Lock” symbol to the left of the URL and choosing “Cookies”.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
11. Questions and Contact Information
In compliance with The EU GDPR Directive 25th May 2018, if you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact our Data Protection Officer by email or post at the address given in the ‘Who We Are’ section above.
This notice was last updated on 18/11/2019.