Privacy and Cookie Policies
Portsoy Community Enterprise is committed to protecting and safeguarding any personal data you give us. We want you to be confident that your data is secure with us and understand how we process your personal data.
- The information we collect
- How we will use it
- Where we collect it from
- How long we store it
- Our legal basis for processing your personal data
- Your rights and how you can see, update or delete your personal data
- Securing your data
Who are we?
Portsoy Community Enterprise (PCE) is a social enterprise, driven by the enthusiasm and passion of volunteers who bring together an array of assets, events and offerings, which keep alive the ingrained heritage and cultures of the north east of Scotland.
Our portfolio consists of:
- The Scottish Traditional Boat Festival
- The Salmon Bothy
- The Boatshed
- Portsoy Links Caravan Park
- The Sail Loft Bunkhouse
Working collaboratively, the whole organisation is aimed at providing economic benefit from tourism for the town of Portsoy and surrounding area, with all of PCE’s assets belong to the community.
Portsoy Community Enterprise is a Company Limited by Guarantee in Scotland. Reg. No. SC298908. Registered Office: Salmon Bothy, Links Road, Portsoy, Banff, AB45 2SS.
Recognised as a Charity by the Inland Revenue No. SC037542.
PCE is the controller and responsible for your personal data.
If you have any questions about this Policy, including any requests to exercise your legal rights, please contact PCE at: firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
What information do we collect and what do we use it for?
Personal data or information means any information that can be used to identify you. For example, it can include information such as your name, date of birth, email address, postal address, telephone number, payment details as well as information relating to health & safety requirements in relation to the traditional boat building courses
We will use your data to:
- Provide you with the services, products or information you asked for – for example process your accommodation booking
- Register you as a volunteer (emergency contact details will be required)
- Process payments for our products and services
- Apply for courses such as boat building and music programmes
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
- Where we need to comply with a legal or regulatory obligation
- Where we need to perform the contract, we are about to enter into or have entered into with you
- Keep a record of your relationship with us including permission slips for those under 16yrs
- Ensure we know how you prefer to be contacted
- Understand how we can improve our services or information
- To keep you updated on our products and services
Where do we collect your information from?
We collect your personal information through a number of different sources:
- Via our website
- Paper forms including contact forms, applications, visitor books etc.
- Through transactions made by phone, via our website or in person
- When you give consent to receiving marketing (Mailchimp)
Each PCE division has its own website, all accessible via www.portsoy.org (hosted and maintained by Pro Tech North. The website is built in WordPress and includes eCommerce plugins to provide online purchasing for the Scottish Traditional Boat Festival (tickets) and The Bothy (merchandise).
Your credit card data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
We log visitors’ domain and IP address automatically; this information does not identify you as an individual, but only the computer that is being used to view the site.
This data is used to see where the site is being used in the world to ensure coverage, and for click stream analysis to help better understand site usage, so that we can improve our service to you. We do not link information automatically logged by such means with personal data about specific individuals.
Find out how to manage cookies on popular browsers:
- Google Chrome
- Microsoft Edge
- Mozilla Firefox
- Microsoft Internet Explorer
- Apple Safari
To find information relating to other browsers, visit the browser developer’s website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
Our website contains social media features such as Facebook, Twitter, Google+ and Instagram that have their own privacy notices. Please make sure you read their terms and conditions and privacy notice carefully before providing any personal data as we do not accept any responsibility or liability for these features.
eNewsletters | Marketing
We will send you marketing emails and newsletters to keep you updated on our products and services. When you book or register with us we will ask if you would like to receive marketing communications. You can change your marketing preferences online, over the phone, using the ‘unsubscribe’ link in our marketing emails
- For business customers, our lawful basis is legitimate interest as it’s necessary to inform business customers and stakeholders about our products/services to grow their business offering and ours. Your information will be securely destroyed 3 years after your last interaction with PCE
- For consumers, our lawful basis is consent and will be securely destroyed 1 month after consent is withdrawn.
For some events and visits we may ask you to complete visitor surveys either online through Survey Monkey or in person where we record the data you provide on paper forms.
SurveyMonkey Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield. SurveyMonkey is committed to subjecting all personal information and data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/ or visit (https://www.surveymonkey.co.uk/mp/legal/privacy-policy).
In most cases the information collected will be anonymised and you can choose whether you provide your personal details and contact information for future news and offers.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, volunteers, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain services, you are responsible for keeping this password confidential.
- Using Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive information, such as credit card details
- Limiting access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities are allowed access)
- Putting in place physical, electronic, and procedural safeguards in line with industry standards
Under the General Data Protection Regulations, you have rights as an individual which you can exercise in relation to the information we hold about you.
We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.
In some situations, you may have the;
- Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
- Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.
- Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
- Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
- Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.
- Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
- Right to portability. You may transfer the data that we hold on you for your own purposes.
- Right to request the transfer. You have the right to request the transfer of your personal information to another party.
Individuals can find out if we hold any personal information by making a ‘right of access’ request. More information can be found at https://ico.org.uk.
If we do hold information about you, we will:
- Give you a description of it;
- Tell you why we are holding it;
- Tell how long we keep in for and the lawful basis for doing so;
- Tell you who it could be disclosed to; and
- Let you have a copy of the information in an a commonly used electronic format, unless the individual requests otherwise.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
We may retain your personal data for a longer period where such retention is necessary for compliance with a legal obligation to which we are subject (The Act of Limitation), or in order to protect your vital interests or the vital interests of another natural person, or in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Changes to our Notice
Last update: November 2018