a
M

Privacy Policy

Overview

The General Data Protection Regulations (GDPR) regulates how data must be held to ensure data security and protect against unauthorised use of your personal data. GDPR are directly applicable to all organisations holding or processing personal data – this includes the Highland Community Planning Partnership (HCPP). HCPP is a data controller in terms of the regulations, and as such must comply with GDPR in how it processes and manages contacts’ personal data.

HCPP will process and share your data only in accordance with GDPR and where there is a legal basis and a clear purpose for us to do so. We are committed to protecting the personal data and respecting the privacy of our contacts and customers.

 

HCPP will only access your personal data:

  • With your consent
  • For our own legitimate interest and the interest of our partners
  • To comply with a legal obligation

 

In this Privacy Policy you can find out:

  • What types of personal data we collect
  • How we collect your personal data
  • How we use your personal data
  • How long we keep personal data for
  • The rights and choices you have with regards to your personal data

 

What types of personal data do we collect?

The information stored may include:

  • Name
  • Address
  • Email address
  • Phone number

For subscribers to the mailing list (Mailchimp or alternative) should one be set up, the only data stored is name and email address.

 

How do we collect your personal data?

We collect your personal data when you:

  • Join the mailing list
  • Take part in a survey
  • Join a Board Meeting, Delivery Group meeting or any other Sub-Group meetings organised by HCPP
  • Request to receive meeting invitations and papers
  • Subscribe to information bulletins
  • Contact the HCPP

 

How do we use your personal data?

HCPP stores contact details of its contacts for the purposes of informing of upcoming meetings, sharing information, advertising events and such like. Specifically, contacts are contacted in connection with:

  1. Upcoming meetings, events & learning courses
  2. Distribution of newsletters and bulletins

 

What is our legal reason for holding personal data?

We will hold and process personal data where it is necessary to serve the legitimate interests of HCPP and the interest of our partners and contacts and only for so long as is necessary. The legitimate interests of HCPP are:

• To communicate meeting details, news, events and activities of the HCPP to those who have given their consent and joined our mailing list

We will hold personal data lawfully, fairly and transparently. We will obtain contact’s consent to store and use their personal data and we will delete data which is excessive, inaccurate or out of date or where you ask us to.

 

What are your rights?

As a contact of HCPP you have the following rights under the data protection laws. You have the:

  • Right to access your data
  • Right to have your data rectified if it is incorrect or incomplete
  • Right to have your data erased
  • Right to data portability (to obtain and reuse your data for your own purpose across different services)
  • Right to be informed about our processing of your data
  • Right to restrict processing of your personal data
  • Right to object processing of your personal data

 

How long do we keep your personal data?

We hold data for each contact until the participant no longer wishes to subscribe. Specifically:

  1. Contacts of the HCPP: if you no longer wish to receive information you can contact us and we will remove your details.
  2. Subscribers to the mailing list should one be established: Mailchimp (or alternative software) functionality ensures that any contacts who no longer wish to be included on the mailing list can automatically unsubscribe. Mailchimp also notifies us when email addresses are no longer available so that that contact details can be removed.

 

Who do we share your personal data with?

We will not pass your data onto third parties unless they have a legitimate interest and we are satisfied that the third party are HCPP compliant. For example, if a new HCPP partner is elected chair of a sub-group then contact details will be handed over securely.

 

How do we protect your personal data?

All personal data is kept confidential and secure with password protection and only accessible by authorised personnel. HCPP partner staff receive training in data protection from their respective employers.

We use two factor authentication wherever possible.

Secret Link