Privacy notice for Unexplored Scotland
Unexplored Scotland takes your privacy seriously. We are a “controller” of the personal information that you provide to us and this privacy notice sets out how, why and for how long we will use your personal data, as well as who it is shared with. It also explains your legal rights as a data subject and how to exercise them.
What we need from you
When you book a tour or course with Unexplored Scotland (including if you are booking on behalf of a young person aged 16 or under), we may ask you for some or all of the following personal information:
- Contact details – eg. name, address, email address and phone number.
- Age – Eligibility for tours and courses.
- Payment details – bank account number, sort code, card details (held by payment gateways only not by Unexplored Scotland).
- Participation details – previous experience in the outdoors
- Safety and emergency details – eg. next of kin, relevant health conditions.
- Personal measurements – height, weight, cloths size
If you do not provide us with all of the personal information that we need this may affect our ability to provide an effective service at our courses and tours.
Why we need your personal information – contractual purposes
We need to collect our customers’ personal information so that we can manage your relationship with us. We may use our members’ personal information to:
- Provide you with core services, including confirmation of booking.
- Set up an online account enabling you to manage your account and communication preferences.
- Provide you with kit lists, joining instructions and other benefits when booking a course or tour.
Why we need your personal information – legitimate purposes
We also process your personal information in pursuit of our legitimate interests to:
- Provide you with benefits like discounts of Unexplored Scotland and 3rd party providers.
- Raise awareness of Unexplored Scotland’s activities by capturing photos, videos, or live streaming at events. We will use this for promotion, education and development purposes.
- Respond to and investigate your questions, comments, support needs, complaints, concerns or allegations.
Why we need your personal information – legal obligations
We are under a legal obligation to process certain personal information relating to our members for the purposes of complying with obligations under:
- The Protection of Vulnerable Groups (Scotland) Act 2007, which requires us to check that our coaches are able to undertake regulated work with children and vulnerable adults.
- The Equality Act 2010, which requires us to process personal information to make reasonable adjustments where necessary.
- Proof income to HM Customs & Revenue.
Why we need your personal information – equality monitoring
We use aggregated and anonymised reports of our members’ personal information for equality monitoring purposes, enabling us to evaluate and promote equality of opportunity within our sport.
Other uses of your personal information
We may ask you if we can process your personal information for other purposes. Where we do so, we will provide you with an additional privacy notice explaining how we will use your information for these purposes.
Who we share your personal information with
We may be required to share personal information with statutory or regulatory authorities to comply with statutory obligations. Such organisations include the Health & Safety Executive, Disclosure Scotland, and Police Scotland for the purposes of safeguarding children. We may also share personal information with professional and legal advisors for the purpose of obtaining advice.
Third party suppliers with access to members’ personal data
In the event that we share personal information with external third parties, we only share such information strictly required for the specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes.
- HSBC UK Plc, GoCardless and Strip process payment transactions securely on our behalf.
- Mailchimp distribute some of our email communications. Their servers are based in the US and they uphold the EU Privacy Shield to certify their data security.
- Instructors, coaches and event organisers receive details of training or competition participants.
How we protect your personal information
Your personal information is accessed by our staff only for the purposes set out above. It is stored by us on a TCL encrypted server on the internet and a password protected personal computer behind a firewall and protected by AntiVirus software. All data on the personal computer is backed up regularly.
How long we keep your personal information
We only keep your personal information for as long as necessary to provide you with our services. Unless you ask us not to, we will review and delete your age, participation details, personal measurements, safety and emergency details after 2 years and contact and payment details after 7 years.
You have a right to:
- Change your communication preferences or restrict the processing of your personal data for specific purposes.
- Request that we correct your personal data if you believe it is inaccurate or incomplete.
- Request that we delete your personal information.
- Access the personal data that we hold about you through a “subject access request”.
You can contact us at firstname.lastname@example.org
If you are dissatisfied, you have a right to raise a complaint with the Information Commissioner’s Office at www.ico.org.uk