1.2 The AHSS is a Scottish charity registered under the number SC007554REG and a company limited by guarantee, registered in Scotland (SC356726) at 15 Rutland Square Edinburgh EH1 2BE. The AHSS is the ‘data controller’ of your personal data and is subject to the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulation (the “GDPR”).
2. How we collect your information
2.1 We may collect your personal information in a few limited ways, namely:
2.1.1 Directly from you, when you fill in an application for membership, when you make enquiries on our website, or when you interact with us during your time as a member in various other ways (for example, where you attend our AGM or an event organised by us);
2.1.2 Directly from you, when you provide your email address to us for the purpose of keeping you informed about our campaigns, events and newsletters;
2.1.3 From someone else who has bought membership on your behalf (for example where they have bought AHSS membership for you as a gift and provided us with your contact details for that purpose).
3. The types of information we collect
3.1 We may collect the following types of personal data about you (and your family members, where relevant):
3.1.1 Contact and communications information, including your contact details (including email address(es), telephone numbers and postal address(es)) and records of communications and interactions we have had with you;
3.2 We may also collect limited data concerning your mobility, special needs or dietary requirements, where you have volunteered this, for example so that we can cater for you when you attend an AHSS event.
3.3 We hold no information on your bank accounts or payment cards.
4. How we use personal information
4.1 Personal information provided to us will be used for the purposes outlined at the time of collection or application in accordance with the preferences you express.
4.2 Personal data collected and processed by us may be used for the following purposes:
4.2.1 administration of membership(s);
4.2.2 fulfilment of orders for goods and services;
4.2.3 where this is necessary for the performance of a contract (including the Terms of Membership) with you;
4.2.4 communication about our work, membership, and other activities that we think may be of interest to you;
4.2.5 administration of donations and legacies;
where this is necessary for our legitimate interests (meaning our interests in growing the work of the AHSS and supporting all our members).
5. Your location
5.1 Our website does not use geolocation data.
6. Your marketing preferences
6.1 The AHSS will always act upon your wishes in respect of the type of communications you want to receive and how you want to receive them. There are some communications, however, that we need to send you regardless of your marketing preferences. These are what we would describe as essential communications to fulfil our obligations to you as a member of the AHSS. Examples of this type of communication would be:
6.1.1 transaction notifications, such as payment receipts or Direct Debit confirmations;
6.1.2 Membership-related mailings such as your renewal reminder, our regular magazine and AGM notices.
6.2 You are always in control of how we communicate with you. You can update your choices and/or your contact details by contacting us at firstname.lastname@example.org
7. Sharing your information with others
7.1 We do not share your personal information for other organisations to use, other than as set out below.
7.2 Personal data collected and processed by us may be shared with the following groups where necessary:
7.2.1 AHSS employees and volunteers, for the purposes of administering your membership and giving you access to the full range of membership benefits to which you are entitled.
7.2.2 Also, under strict obligations of confidentiality and with other appropriate protections in place:
188.8.131.52 our Contractors (such as our membership administrators, Hall McCartney Ltd).
184.108.40.206 our Advisors
7.3 When we allow such third parties access to your information, we will always have complete control of what they see, what they allowed to do with it and how long they can use it.
8. How long is your information kept?
8.1 We hold your information only as long as necessary for each purpose for which we use it. For most membership data, this means we retain it for so long as you have a valid AHSS membership and for a period of six years after your last interaction with us (for accounting, tax reporting and record-keeping purposes).
9. Your rights
9.1 You have the right to ask us, in writing, for a copy of all the personal data held about you (this is known as a ‘subject access request’). A copy will be sent to you as soon as possible and this will be no later than one month after your request.
9.2 If you would like to access your personal data held by us, please apply in writing to our membership team:
AHSS – Subject Access Request, PO Box 21, Baldock SG7 5SH.
9.3 Under the GDPR, you have the following rights:
9.3.1 To require us not to send you marketing communications;
9.3.2 To require that we cease processing your personal data if the processing is causing you damage or distress.
9.3.3 To require us to correct the personal data we hold about you if it is inaccurate;
9.3.4 To request that we erase your personal data;
9.3.5 To request that we restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
9.3.6 To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller; and
9.3.7 To object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.
10. Contact and complaints
or by post: AHSS, 15 Rutland Square, Edinburgh EH1 2BE.
10.2 If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner. You can find out more about your rights under applicable data protection legislation from the Information Commissioner’s Office website available at ico.org.uk.