Data privacy notice

Introduction: About this document

ACIE is committed to protecting the privacy and security of the personal information of the people (Data Subjects) we deal with in the course pursuing our charitable purpose; This document describes how we collect and use personal information about Data Subjects in accordance with the General Data Protection Regulation (GDPR).



1.  Your personal data - what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller's possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the "GDPR").


2.  Who are we?

ACIE is the Data Controller (contact details below). This means it decides how your personal data is processed and for what purposes.


3.  What kind of information do we hold about Data Subjects?

Personal data means any information about an individual from which that person can be

identified.

We collect, store and use the following categories of personal information about Data Subjects.
email and phone number for contact purposes
mailing address as a backstop, and to aid in venue choice
Date of Birth to perform demographic analysis
Gift Aid Status.
Your qualifications in order to tailor our training programme.


4. How do we process your personal data?

ACIE complies with its obligations under the "GDPR" by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to it, and by ensuring that appropriate technical measures are in place to protect personal data.


We use your personal data for the following purposes: to contact you, and to tailor our training.


5.  What is the legal basis for processing your personal data?

Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)



6.  Where your data is stored

The data that we collect from you is transferred to, and stored at, a destination outside the European Economic Area (“EEA”) due to our use of third party providers for the services we provide.   By submitting your personal data, you agree to this transfer, storing or processing.  We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Data Notice.   Your data is stored within a CRM database provided by Wild Apricot, a Canadian based company which uses servers operated by Amazon Web Services (AWS).  These cloud servers may be located in a destination outside the EEA, but the hosts are committed to GDPR compliance.  If you object to this transfer, storing or processing of your data, please contact us.


7.  Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other members of ACIE in order to carry out a service to other members or for purposes connected with the ACIE.  We will not sure your data with third parties outside of the organisation without prior notification.


8.  How long do we keep your personal data?

When someone ceases to be a member we keep their data for seven years.  We do so because the Charity regulators from across the UK recommend keeping accounting records for six fiscal years plus one.  Since the majority of ACIE members are directly involved in charity accounting.  ACIE needs to be able to assist the regulators if they are investigating the work of a charity or a specific examiner. After seven years, personal data will be safely deleted and destroyed. Gift Aid records are also retained for six fiscal years plus one and will be safely deleted and destroyed after that time.


9. Your rights and your personal data unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -

·         The right to request a copy of your personal data which the ACIE holds about you;

·         The right to request that the ACIE corrects any personal data if it is found to be;

·         The right to request your personal data is erased where it is no longer necessary for the;

·         The right to withdraw your consent to the processing at any time;

·         The right, where there is a dispute in relation to the accuracy or processing of your;

·         The right to lodge a complaint with the Information Commissioner's Office.


10.  Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.


11.  Contact Details

To exercise all relevant rights, queries of complaints please in the first instance contact the ACIE at info@acie.org.uk, phone 0131 659 9751 or by post ACIE, 19 Windsor Place, Edinburgh EH16 2AJ.


You can contact the Information Commissioner's Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/ernail/or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.#



Powered by Wild Apricot Membership Software