Privacy statement
Privacy Policy
Policy version: 3 [2024]
We are Girls Club of Glasgow CIC, a company incorporated in Scotland with registered number SC480468 and having our registered office address at 505 Great Western Road, Glasgow, Scotland, G12 8HN (“we”, “our” or “us”).. We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are a controller for the purposes of the UK GDPR, the Data Protection Act 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) and related data protection legislation.
Our Websites and Apps are provided by Girls Club of Glasgow CIC. We are the controller of personal data obtained via our website, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.
We take your privacy very seriously. Please read this Privacy Policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data) in connection with your use of our services (“Services”) or your use of our website (www.glasgowgirlsclub.org) or any other websites or apps registered or operated in our name (“Websites and Apps”). It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.
Where you are a user of our Websites and Apps through one of our customers, our customer operating the venue or organisation by which you access our Services (a “User”) will also be a controller for the purposes of the UK GDPR, the General Data Protection Regulation (Regulation (EU) 2016/679), the Data Protection Act 2018 and related data protection legislation. Our customers will also have a privacy notice setting out what personal data they collect from you and how they intend to use such personal data. You should consult the relevant customer's privacy notice for more information. We will not be held responsible or liable to you in any way with regard to how our customers process your personal data when you access the Services. This privacy notice only applies to how we process end-User personal data.
This version of our Privacy Policy is primarily written for adults, including parents and guardians of child Users. If you are a child (under 16 years old in Scotland or under 18 years old in the rest of the UK) you are welcome to read this policy if you find it useful.
This Privacy Policy is divided into the following sections:
-
What this policy applies to
-
Personal data we collect about you
-
How your personal data is collected
-
How and why we use your personal data
-
Marketing
-
Who we share your personal data with
-
How long your personal data will be kept
-
Cookies and other tracking technologies
-
Your rights
-
Keeping your personal data secure
-
How to complain
-
Changes to this privacy policy
-
How to contact us
What this policy applies to
This Privacy Policy relates to your use of our Websites and Apps and our Services. In the context of this Privacy Policy, “personal information” is defined as information which, on its own or combined with other information, can be used to identify you, in particular reference to an identifier such as your name, your address or data on location. The personal information that you provide, or that we collect from you, is held under data protection legislation. This legislation requires that we tell you that we are a data controller for your personal information, i.e. we determine the purposes for which and the manner in which any of your personal information are, or are to be, processed by us.
Our Websites and Apps may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their compliance with data protection laws or their internal privacy policy. When you leave our Websites and Apps, we encourage you to read the privacy notice of every website you visit.
Personal data we collect about you
“Personal data” means data that relates to an identified or identifiable individual, and for the avoidance of doubt means information from which a person can be identified. Where data has been amended or modified so that it no longer retains identifiable characteristics, it is no longer personal data for the purposes of this Privacy Policy (“anonymised data”).
We do not collect or process special categories of personal data in the course of providing our Services.
We may also collect, use and share "Aggregated Data" such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate data to calculate the percentage of individuals accessing a specific feature of our Websites and Apps, or to analyse how individuals use our Services. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Sometimes you can choose if you want to give us your personal data and let us use it. We will also tell you whether declining to share that personal data will have any effect on your use of the Websites and Apps or our Services. Where we need to collect personal data by law, to provide our Services, or under the terms of a contract we have with you (or are trying to enter into with you) and you fail to provide that data when requested, we may not be able to perform the contract or perform our Services. In this case, we may have to cancel the affected contract (but we will notify you if this is the case at the time) and/or be unable to provide our Services.
We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below.
How your personal data is collected
We collect personal data from you:
-
directly, if and when you enter or send us information, such as when you use our Websites and Apps, complete a form on our Websites and Apps, fill in online forms on our Websites and Apps and when you email or otherwise contact us directly; and
-
indirectly, such as your browsing activity while on our website; we sometimes collect information indirectly using the technologies explain in the section on ‘Cookies and other tracking technologies’ below
We also collect personal data about you from other sources as follows:
-
you or your organisation negotiate and/or enter into a contract with us;
-
you or your organisation provide services or products to us or your or your organisation receive Services from us;
-
you provide us with your data voluntarily;
-
you may give us your identity, contact and other business related personal data in the process of investing in Girls Club of Glasgow CIC or where you communicate with us as a shareholder in Girls Club of Glasgow CIC;
-
we may receive personal data about you from various third parties and public sources as set out below:
-
where you are a business contact, your organisation or business may provide us with your identity and contact data;
-
where you are a client-related individual, your organisation or business may provide us with your identity and contact data;
-
we may obtain identity and contact data from publicly available sources such as social media (such as LinkedIn or Twitter), Companies House or other organisations’ websites; and
-
we may obtain technical data (relating to the use of our Websites and Apps and Services) from analytics providers or search information providers.
-
How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason, including but not limited to:
-
where you have given consent
-
to comply with our legal and regulatory obligations
-
for the performance of a contract with you or to take steps at your request before entering into a contract, or
-
for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).
We will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at info@glasgowgirlsclub.org.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
The following information explains what we use your personal data for and why.
Providing Services to you
To perform our contract with you or to take steps at your request before entering into a contract
To enforce legal rights or defend or undertake legal proceedings
Depending on the circumstances:
—to comply with our legal and regulatory obligations
—in other cases, for our legitimate interests, i.e. to protect our business, interests and/or rights
Customise our Websites and Apps and the content therein to your particular preferences based on a record of your selected preferences or on your use of our website
Depending on the circumstances:
—your consent as gathered by cookies and other tracking technologies used on our Websites and Apps or as part of our Services,
—where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you
If you have provided such a consent you may withdraw it at any time (this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn)
Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our Websites and Apps and Services are working as intended
Depending on the circumstances:
—your consent as gathered by cookies and other tracking technologies used on our Websites and Apps or as part of our Services
—where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you
If you have provided such a consent you may withdraw it at any time by changing the cookies settings or app permissions in the Websites and Apps (this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn)
Communications with you not related to marketing, including about changes to our terms or policies or changes to the Services or other important notices
Depending on the circumstances:
—to comply with our legal and regulatory obligations
—in other cases, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you and respond to general and specific queries as well as answering complaints and receiving feedback
Protecting the security of systems and data used to provide the services
To comply with our legal and regulatory obligations
We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us
Statistical analysis to help us understand our user base
For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you in your use of our Websites and Apps
Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g. to record and demonstrate evidence of your consents where relevant
To comply with our legal and regulatory obligations
Marketing our services to existing and former customers
For our legitimate interests, i.e. to promote our business to existing and former customers
See ‘Marketing’ below for further information
SMS Link Services
Based on your request we may use a free keyword shortcode SMS service to send you a link to our Services, including our Websites and Apps. When you provide your mobile number for this purpose, we only use it to send the link directly to you and do not retain or process your number for any other purpose.
How and why we use your personal data—sharing
See ‘Who we share your personal data with’ for further information on the steps we will take to protect your personal data where we need to share it with others.
Marketing
If you are an individual consumer or end User and have consented to receiving marketing communications from us, we will use your personal data to send you updates (by email) about our Services.
We may ask you to confirm or update your marketing preferences if you ask us to provide further Services in the future, or if there are changes in the law, regulation, or the structure of our business.
If you represent another business or organisation, we may provide you with direct marketing communications where we feel that this may be relevant to your business (provided that you have not opted out of such communications). When we use your personal data for such purposes, we do so on the basis that it is in our legitimate interests to pursue direct marketing, provided that it constitutes fair processing of your personal data to do so.
You have the right to opt out of receiving marketing communications at any time by contacting us at info@glasgowgirlsclub.org.
For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.
Who we share your personal data with
There may be circumstances where we need to share your personal data with certain third parties. Any sharing of personal data with third parties will be on a strictly confidential basis and will only take place where we are legally obliged to do so, where it is necessary for the performance of a contract with you or where it is in our legitimate interests to do so, including but not limited to, the following reasons:
-
to maintain network and information security;
-
to provide Services to our clients;
-
to develop and improve our Services in order to remain competitive;
-
to establish, protect and defend our legal rights; or
-
to pursue our commercial objectives where this does not override your rights and freedoms as a data subject.
Third parties with whom we may share your personal data include (but are not limited to):
-
your business or organisation, for the purpose of providing our Services to your business or organisation, or receiving products or services from your business or organisation;
-
our corporate customers where you are an end User of our Websites and Apps;
-
service providers acting as processors who provide IT and system administration services;
-
professional advisers including lawyers, bankers, accountants, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
-
any relevant accreditation body or trade association;
-
any relevant regulatory authority or law enforcement agency, including HM Revenue & Customs, courts or tribunals who require reporting of processing activities in certain circumstances; or
-
third parties to whom we may choose to transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Who we share your personal data with—further information
If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).
How long your personal data will be kept
We will not keep your personal data for longer than we need it for the purpose for which it is used. For example, personal data relating to Websites and Apps Users, end Users and business contacts will generally not be retained for longer than 12 months unless such data is relevant to ongoing Services, while personal data relating to individual Users and client-related Users will generally not be held for more than 7 years after the conclusion of the relevant Services unless such data is relevant to any legal, accounting or reporting requirements.
Different retention periods apply for different types of personal data. Further details on this are available by contacting us at info@glasgowgirlsclub.org.
Transferring your personal data out of the UK and EEA
Countries outside of the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.
It is sometimes necessary for us to transfer your personal data to countries outside the UK. In those cases we will comply with applicable UK laws designed to ensure the privacy of your personal data.
Under data protection laws, we can only transfer your personal data to a country outside the UK where:
-
you have given your explicit consent to do so; or
-
in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR. or
-
in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR. or
-
In the case of transfers to providers based in the USA, they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the European Union and the USA. For further details, see European Commission: EU-US Privacy Shield (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en).
-
there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
-
a specific exception applies under relevant data protection law.
Your rights
You generally have the following rights, which you can usually exercise free of charge:
Access to a copy of your personal data
The right to be provided with a copy of your personal data
Correction (also known as rectification)
The right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten)
The right to require us to delete your personal data—in certain situations
Restriction of use
The right to require us to restrict use of your personal data in certain circumstances, eg if you contest the accuracy of the data
Data portability
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object to use
The right to object:
—at any time to your personal data being used for direct marketing (including profiling)
—in certain other situations to our continued use of your personal data, eg where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
Not to be subject to decisions without human involvement
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
We do not make any such decisions based on data collected by our Websites and Apps
The right to withdraw consents
If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time
Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn
For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.
If you would like to exercise any of those rights, please email us at info@glasgowgirlsclub.org—see below: ‘How to contact us’. When contacting us please:
-
provide enough information to identify yourself and any additional identity information we may reasonably request from you, and
-
let us know which right(s) you want to exercise and the information to which your request relates.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You also have the right to complain to the Information Commissioner's Office, which regulates the processing of personal data in the UK, about how we are processing your personal data.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your personal data and other information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
How to complain
Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with the Information Commissioner in the UK.
The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.
Changes to this privacy policy
We may change this Privacy Policy from time to time if necessary for legal reasons, or to reflect changes to our Websites and Apps or Services. In any case, the provisions of this Privacy Policy may be changed without prejudice to your rights. When our Privacy Policy is changed, there will be an updated Privacy Policy available to access. Once we change our Privacy Policy, after 30 days of publishing this it will become legally binding on you. During these 30 days, we welcome you to contact us regarding any questions about the changes. If you do not agree with the changes to the Privacy Policy, then we may need to restrict or limit your use of the parts of our Websites and Apps or Services that require personal information to comply with any requirements imposed by your withheld consent.
How to contact us
You can contact us by post or email if you have any questions about this Privacy Policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.
Our contact details are shown below:
Our contact details
By post: 505 Great Western Road, Glasgow, Scotland, G12 8HN.
By email: info@glasgowgirlsclub.org
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please do contact us in the first instance.