Maintaining the security of your data is a priority at WeDO Scotland, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. WeDO is also dedicated to being transparent about what data we collect about you and how we use it.
This policy, which applies whether you visit our website using your mobile device or go on line or book tickets for our events and provides you with information about:
– how we use your data;
– what personal data we collect;
– how we ensure your privacy is maintained; and
– your legal rights relating to your personal data.
WeDO Scotland uses your personal data:
– to provide goods and services to you;
– to make our website available to you;
– to manage any registered account(s) that you hold with us;
– to verify your identity;
– for crime and fraud prevention, detection and related purposes;
– to enable WeDO to manage customer service interactions with you; and
– where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
You have the right to opt out of receiving promotional communications at any time, by making use of the simple “unsubscribe” link in emails.
Sharing data with our third party payment processor, Stripe.
WeDO will not disclose your personal data to any third party, except as set out below and as controlled by you when paying for tickets via our payment processor, Stripe. We will never sell or disclose our customer or members data to other organisations for marketing purposes.
– governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so: –
– to comply with our legal obligations;
– to exercise our legal rights (for example in court cases);
– for the prevention, detection, investigation of crime or prosecution of offenders; and
– for the protection of our employees, clients and members.
How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years. If you are a subscribed member of WeDO for longer than 6 years, your information will be retained for the duration of your membership.
WHAT PERSONAL DATA DO WE COLLECT?
WeDO may collect the following information about you:
– your name;
– your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
– purchases and orders made by you;
– your on-line browsing activities on the WeDO website;
– when you make a purchase or place an order with us, your payment card details as given by your via our online card payment processor, Stripe. This information is held by Stripe and WeDO does not have access to any details of your card including card number, start & expiry dates, CVV & postcode;
– your feedback and survey responses if you have attended one of our events;
– your location;
– your correspondence and communications with WeDO; and
– other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you book a ticket for one of our events, or send an email to our support team. Other personal data is collected indirectly, for example your browsing activity via Google Analytics.
WeDO is committed to keeping your personal data safe and secure.
Our security measures include: –
– encryption of data;
– regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;
– security controls which protect the entire WeDO IT infrastructure from external attack and unauthorised access; and
– internal policies setting out our data security approach and training for employees.
WHAT YOU CAN DO TO HELP PROTECT YOUR DATA
WeDO will never ask you to confirm any debit or credit card details via email. If you receive an email claiming to be from WeDO asking you to do so, please ignore it and do not respond.
If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.
You have the following rights:
– the right to ask for a copy of personal data that we hold about you (the right of access);
– the right (in certain circumstances) to request that we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure or to be forgotten);
– the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
– the right to opt out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reasons to do so (the right to object);
– the right (in certain circumstances) to ask us to ‘restrict processing of data’; which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
– the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability).
If you wish to exercise any of the above rights, please contact us using the contact details set out below.
LEGAL BASIS FOR USING DATA
We are required to set out the legal basis for our ‘processing’ of personal data.
WeDO collects and uses customers’ personal data because is it necessary for:
– the pursuit of our legitimate interests (as set out below);
– the purposes of complying with our duties and exercising our rights under a contract for the sale of goods and/or services to a customer and our members or
– complying with our legal obligations.
Our legitimate interests
The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of WeDO including:-
– selling and supplying goods or services to our customers and members;
– protecting customers, members, employees and other individuals and maintaining their safety, health and welfare;
– promoting, marketing and advertising our products and services;
– sending promotional communications which are relevant and tailored to individual customers and members (including administering the WeDO members app);
– understanding our customers’ and members’ behaviour, activities, preferences, and needs;
– improving existing products and services and developing new products and services;
– complying with our legal and regulatory obligations;
– preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
– handling customer contacts, queries, complaints or disputes;
– managing insurance claims by customers;
– protecting WeDO, its employees, customers and members, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to WeDO;
– effectively handling any legal claims or regulatory enforcement actions taken against WeDO; and
– fulfilling our duties to our customers, members and colleagues.
What are cookies?
How are cookies managed?
The cookies stored on your computer or other device when you access our websites are designed by:
– WeDO, or on behalf of WeDO, and are necessary to enable you to a make purchases on our website;
What are cookies used for?
The main purposes for which cookies are used are: –
- For technical purposes essential to effective operation of our website, particularly in relation to on-line transactions via our card payment processor, Stripe and site navigation.
- For WeDO to market to you, particularly web banner advertisements and targeted updates.
- To enable WeDO to collect information about your browsing and shopping patterns, including to monitor the success of campaigns, competitions etc.
DATA PROTECTION OFFICER
WeDO has appointed a Data Protection Officer to ensure we protect the personal data of our customers and members and comply with data protection legislation.
If you have any questions about how WeDO uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact our Data Protection Officer by email: [email protected]
You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.
THIRD PARTY SITES
WeDO uses Stripe as our card payment processor for booking tickets for our events.
These services can be accessed online through the relevant third party’s (Stripe) website. This website is owned and operated by a third party and they are responsible for processing personal data in accordance with their own privacy policies.