Introduction
We really do want you to read and understand our privacy policy. We believe simplicity and openness are key, however there are some important technical terms explained in appendix 1.
Who are we?
We are Scarlett’s Stride. We organise a yearly charity walk in aid of St. John the Divine Church in Cliviger.
What data do we collect?
You may be giving or have given personal information via our website e.g. through “Contact Us” or by completing the ‘Join the Walk’ form. This may include your name, your email address, your contact number/s and other personal information.
The GDPR classes this information as personal data therefore you will be asked to consent whilst online via a “tick box” to confirm your consent. If you do not positively opt in, the system will not accept your data.
Do we use Cookies?
We also use cookies on our website to distinguish users and help to provide them with a good user experience. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. We use the following cookies:
Strictly necessary cookies
These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies
They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
What is the lawful basis for processing the data?
Our lawful basis for processing the personal data we collect via our website is “consent”.
Will data be shared with any third parties?
No. We do not share data with third any parties unless we are required to by law.
How will the information be used?
The data provided to us will be held on a computer database for the sole purpose of walk administration only and will be deleted after the walk has taken place.
We do not undertake any individual customer profiling and have no intention of sharing data with third parties for marketing purposes. If for any reason we wanted to in the future, your explicit consent will be sought first.
What will happen if you don’t opt in?
Nothing. If you do not opt in you will be unable to provide your data to us.
How do you opt out?
The fastest way to do this is to use our contact form. Alternatively you can email our G.D.P.R. Co-ordinator on caarinus@me.com to request the removal of your data.
How long will the data be stored for?
Your data will be held on a computer database (for up to 1 year) for the sole purpose of walk administration only and will be deleted after the walk you are signed up for has taken place.
Is your data safe?
Your data and any emails we keep will be held in accordance with Article 32 (Security of processing) of the G.D.P.R.. This means we apply “appropriate technical and organisational measures” to ensure security, such as storing data on a secure server which has the latest antivirus, is backed up regularly, regularly security patched, protected by a firewall and has strong password protection.
What rights does the data subject have?
You can submit a subject access request to see the data we hold or exercise your right to be forgotten by using our contact form or emailing our G.D.P.R. Co-ordinator at caarinus@me.com.
How can the data subject raise a complaint?
If you wish to complain please email the G.D.P.R. Co-ordinator on caarinus@me.com or use our contact form.
Changes to this Privacy Notice.
This Privacy Notice is effective from 16th July 2019. It will be revised as needed to fully comply with changes in the law.
Should we choose to make any significant changes to this privacy notice you will be asked to again to give your explicit consent.
Appendix 1
G.D.P.R.
The General Data Protection Regulations.
Data subject
The person who’s data is being held by the Company.
Explicit consent
Where a person has taken action to confirm consent; and are not deemed to have accepted something by simply not objecting or by clicking a pre ticked box.
The right to be forgotten
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and will depend on the circumstances.
Subject access request
A verbal or written request to an organisation for:
- confirmation that you are processing their personal data;
- a copy of their personal data;
- a copy of the organisation’s privacy notice (or equivalent information).
Organisations have to respond without undue delay or at least within 1 month of the request.