Governance

Data Protection Policy

Policy for handling and protecting data

The Society of Antiquaries of Scotland is committed to protecting your personal data.

The Society of Antiquaries of Scotland is registered with the Information Commissioner’s Office (ICO) as a Data Controller under the Data Protection Act (ref Z1108226) and EU GDPR (see below).

To deliver the Society of Antiquaries of Scotland’s core functions as a membership based charity (SC010440) registered in Scotland with the Office of Scottish Charity Regulation (OSCR) the Society must collect personal data and process it in various ways, such as, but not limited to, processing subscriptions, maintaining a database of members’ (Fellows’) information and preferences for delivering services to those Fellows, passing personal data on to third parties who undertake our mailings, claiming Gift Aid, fundraising, providing for the election of new Fellows and Council members as well as facilitating communication between Fellows.  Because the Society is a global organisation with Fellows outside the European Economic Area (EEA) we may from time to time pass your personal data to other countries.  At all times the Society will respect data protection law and will ensure your personal data is protected and is used only for Society purposes.

The Society holds personal data (on paper, or computer or other media) on Fellows of the Society and non-Fellows (for example employees, grants and awards applicants and holders, meeting and conference delegates, customers and services suppliers) including contact details and preferences, names, address, telephone number and email address. We ensure this personal information is stored and processed in accordance with legal requirements and best practice.  Other personal data may be captured when using our web presence, please see our website Terms and Conditions.

The Society holds this data only as long as is legally required (for staff employment and pension provision for example) or required for the purpose for which it is initially captured.  However, Fellows should be aware that the list of Fellows elected to the Society is published in the Proceedings of the Society of Antiquaries of Scotland and the report on the Anniversary Meeting or Annual General Meeting of the Society, and thus held in perpetuity as a record of the Society.

Removal of Personal Data

Should you wish the Society to remove your personal data please do not hesitate to contact us at fellowship@socantscot.org.  We will ask what data (specific or all) you wish to have removed, confirm with you what we can legally remove and then delete that information from our membership database within 6 weeks of your initial request.

Information on the Data Protection Act can be found at:

http://www.ico.org.uk/for_organisations/data_protection/the_guide/key_definitions#personal-data

Legislation

The UK Data Protection Act 1998 (http://www.legislation.gov.uk/ukpga/1998/29/contents) requires organisations to comply with the eight data protection principles. These state that data must:

– Be processed fairly and lawfully
– Be obtained only for specific, lawful purposes
– Be adequate, relevant and not excessive
– Be accurate and kept up to date
– Not be held for any longer than necessary
– Be processed in accordance with the rights of data subjects
– Be protected in appropriate ways
– Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of data protection

On 25 May 2018 new legislation in the form of the EU General Data Protection Regulations (GDPR) 2018 was brought in. The main change relevant to the Society’s business is that organisations in the UK, including charities like the Society, will need to demonstrate they have ‘opt-in’ approval to store and process personal data and a legal basis for doing so.  To comply with the new GDPR legislative requirements the Society will operate under 6(1)(f) where our capture and use of personal data is considered necessary for the purposes of legitimate interests pursued by the controller (the Society) or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

More information on this legislative reform is available at https://ico.org.uk/for-organisations/data-protection-reform/.  The Society will ensure it complies with this regulation and the five principles enshrined in Article 5 of the GDPR which require that personal data shall be:

(a) processed lawfully, fairly and in a transparent manner in relation to individuals;

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

In order to reflect any legislative changes and/or feedback we may change our Data Protection Policy, Privacy Notice and/or website Terms and Conditions from time-to-time. Future revisions to either document will be posted on the Society’s website as soon as practicable and Fellows’ attention drawn to the changes.

Image of Society Seal