General Data Protection Regulations Privacy Statement
What are the General Data Protection Regulations (GDPR)?
The GDPR are the updated regulations which govern the gathering, retaining, processing and transferring of personal data in the European Union. These regulations replace the Data Protection Act 1998, and go further than ever before to extend individuals rights where their own personal data is concerned.
Who are SELECT?
SELECT is the trade association for Electrical Contractors in Scotland. SELECT’s contact details are:
The Walled Garden
0131 445 5577
The Data Controllers at SELECT are Newell McGuinness / Darrell Matthews, Fiona Harper, and John McGhee.
What is this document about and why are you receiving it?
This document sets out the rights and responsibilities (of Members and of SELECT) associated with the gathering, processing, retention, and transference of personal data belonging to Members.
You are receiving it because you are a registered member of SELECT, and as such the mechanisms and safeguards described in this policy apply to the data we hold about you.
Where can I learn more about the General Data Protection Regulations?
To learn more, go to https://ico.org.uk/.
1 THE RIGHT TO BE INFORMED
What personal data is collected?
The data we collect about Members comprises:
- Phone number
- Bank details
- National Insurance Number
- Membership of Professional Body
- Reported speech from a conversation with a Member
- Date of Birth
- Educational Attainment
- Membership number
- Referee details
- Job Titles
Where does my personal data come from?
Data on our SELECT Members comes from the Member company themselves when they join, or when they update their information directly to SELECT. All of that personal information is collected and collated and stored by SELECT.
Members are not under any statutory obligation to provide this personal data, but if you choose not to, we will be unable to discharge a membership contract between your business and SELECT.
What are the legal bases for processing my personal data?
SELECT collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation, because the data is for legitimate business purposes, necessary to discharge a contract, or is gathered, processed and stored to protect your vital interests, or with your explicit consent.
What is my personal data used for?
We use members’ data for the administration of your membership; the communication of information, and the organisation of events. We also use this information to provide qualification and apprenticeship information to employers and to the SJIB.
The information is also anonymised and used to compile management information reports. These help us to understand the value of certain aspects of our membership offer, and ensure that it remains competitive. There is no automated decision-making or profiling built into our systems or website.
How is my personal data stored?
This information is mainly stored in digital form in a bespoke database, and in pass-worded files on computers, but may also be stored physically in paper records which are kept in locked cabinets. When it is necessary for members of staff to transport physical documents, these are transported in locked bags.
For how long is my personal data stored?
SELECT only stores and uses the information it needs for legitimate business purposes, to discharge a contract, to protect your vital interests, or with your explicit consent.
Under what circumstances would the data be deleted?
Upon receiving notification of the cancellation of a membership from a Member, the Member will be asked if they would consent to having their details held on record in case they would like to re-join at a later date. If this is the case, the details will be held in a separate system, unconnected to the live database. However, we will delete entirely any former Member’s details on request.
Who has access to my personal data?
Employees of SELECT have access to members’ data in order for them to carry out their legitimate tasks for SELECT. Their job titles may include but are not limited to:
- Head of Function
- Managing Director
We will only respond to email where personal data is to be transferred if the email address in question has been verified as valid.
When responding to phone calls, we will seek to verify through checking two pieces of personal data that the identity of the caller is as purported before divulging any personal information.
Who is my personal data shared with?
Some of your data will be available for use by external bodies acting as a Data Processors on our behalf. They are not free to pass this on to other organisations that are not connected with SELECT.
Your personal data may be passed on to or processed by the following organisations in order for us to fulfil our contract with you, and in the pursuit of legitimate business activities.
- Local Authorities / Councils
- Scottish Building Standards
- Members of the public
- External training providers
- Pensions / Insurance providers
- Connect Publications (CABLETalk publisher)
How is the transfer of my personal data (digitally or physically) carried out?
SELECT carry out the digital transfer of personal data using secure email servers and password encrypted laptops and pen-drives. SELECT carry out the physical transfer of documents containing personal data using the Royal Mail, and lockable bags.
Who is responsible for the safekeeping of my personal data?
Under the GDPR (General Data Protection Regulation) SELECT does not have a statutory requirement to have a Data Protection Officer. The people who are responsible for ensuring SELECT discharges its obligations under the GDPR are Newell McGuinness / Darrell Matthews, Fiona Harper, and John McGhee.
2 THE RIGHT OF ACCESS
How can I check what data SELECT process about me?
If you would like to see the personal data SELECT holds about you, please contact SELECT and let us know you’d like to make a Subject Access Request. You may contact us in person, by phone, by email, or by post.
If you are interested in any particular aspects of said data, specifying them will help us to provide you with what you need quickly and efficiently. We are required to provide this to you within one month.
There is not usually a fee for this, though we can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.
3 THE RIGHT TO RECTIFICATION
How can I correct or make complete any data held about me?
If you believe any aspect of the data that SELECT hold about you to be inaccurate, or incomplete, please contact us specifying what aspect of the data we hold needs to be changed. In some circumstances, SELECT may ask for proof of the veracity of the updated details.
You may contact us in person, by phone, by email, or by post. We are required to provide this to you within one month.
4 THE RIGHT TO ERASURE
How can I delete my business from SELECT’s records altogether?
The GDPR introduces a right for Data Subjects to have Personal Data erased; also known as ‘the right to be forgotten’.
If you would like SELECT to erase all personal details pertaining to your membership, you can make this request in person, on the phone, by email, or by post. We are required to provide this to you within one month. The right is not absolute and only applies in certain circumstances.
The data that we hold is the absolute minimum which we require in order to discharge the duties of the contract that we hold with Members, and to allow us to deliver the service which our Members pay for.
In order for a Member’s data to be removed entirely from our records and database, it would be necessary for that Member to cancel their membership and terminate the contract they have with SELECT.
5 THE RIGHT TO RESTRICT PROCESSING
Members have the right to request the restriction or suppression of their personal data. When processing is restricted, organisations are permitted to store the personal data, but not use it in the way which has been specified.
If you would like SELECT to restrict or suppress your personal data for any reason, you can make this request in person, on the phone, by email, or by post. We are required to provide this to you within one month.
6 THE RIGHT TO DATA PORTABILITY
The right to data portability allows Data Subjects to obtain and reuse their personal data for their own purposes across different services.
It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
It enables consumers to take advantage of applications and services which can use this data to find them a better deal, or help them understand their spending habits.
7 THE RIGHT TO OBJECT
Data Subjects have the right to object to processing based on legitimate interests. This could include marketing in various forms.
8 RIGHTS IN RELATION TO AUTOMATED DECISION-MAKING AND PROFILING
The GDPR has provisions on automated individual decision-making (making a decision solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about a Data Subject).
SELECT does not use automated decision-making in any of its systems or website, and does not profile its members.
Does SELECT collect any “special” data?
The GDPR refers to sensitive personal data as “special categories of personal data”. We do not record any such special data in these categories.
- ethnic origin
- political opinions
- philosophical beliefs
- trade union membership
- genetic data
- biometric data
- health data
- sexual orientation
How can I lodge a complaint with the Information Commissioner’s Office (ICO)?
You have the right to lodge a complaint with the ICO if you feel that your personal data has been handled outwith GDPR rules. In order to do so, please call the ICO helpline on 0303 123 1113 to discuss the matter and receive advice on next steps.
What contact does SELECT have with personal data relating to children?
SELECT does not gather, process, retain or transfer any personal data relating Membership of persons under the age of 16.