Privacy policy

Scottish Communities Climate Action Network CIC

27 High Street, Dunbar EH42 1EN

SCCAN Privacy Policy
last updated 18 May 2018

Also available to download here: Privacy Policy updated 18 May 2018

The Scottish Communities Climate Action Network (SCCAN) and our established working groups (e.g. Transition Scotland hub) and task groups (e.g. those planning an annual gathering) take your privacy seriously.  We never pass your personal data to anyone else.

If you have any concerns, you have a right to:

  • Request that we correct your personal data if you believe it is inaccurate / incomplete
  • Request that we delete your personal data
  • Change your communication preferences or restrict processing of your personal data
  • Access the personal data that we hold about you through a “subject access request”.

Please contact us at for any of these purposes.

Under data protection legislation we are a “controller” of personal data you share with us.  We have undertaken a Data Audit and this Policy provides notice on how and why we process your data and for how long we will keep your personal data, and where it is held.

We retain your data in different ways depending on the application:

1.   Group and Individual Membership

What we do with your data:  We use your data to provide both group and individual membership services, including e-newsletters, communications regarding relevant collaborations, events, SCCAN proposals and decisions, include your organisation’s description and website in our online database.

Data held:  Organisation name, address, website, phone number, email, description; names, email addresses, phone numbers of two contact people; any other data on organisation activities you supply us with. Similarly with individual member data.

Legal basis for processing data:  Legitimate interest – as you have signed up.

Storage:  Data is held in a password protected database accessed only by SCCAN directors.  Email addresses are also held on our Mailchimp account to enable us to circulate newsletter to contacts.  Restricted data of those contributing to sub groups is held on specific service provider like Buddypress and Slack where used with agreement of each individual – to facilitate active collaboration.

Retention:  We keep your personal data only to provide you with membership services. We update or delete your data on request or on termination of membership.

2.   Mailing list subscribers

What we do with your data:  We send you an e-newsletter and other occasional mailings about relevant events or projects.

Data held:  First name, Last name and email address, community organisation (optional)

Legal basis for processing data:  Consent.

Storage: Data is held on our Mailchimp account.  Their servers are based in the US and they uphold the EU Privacy Shield to certify their data security.

Retention:  We will keep you on this mailing list until you request amendment or deletion. You can unsubscribe any time you want by following the link at the bottom of each mailing.

3.   Event attendees

What we do with your data:  When you attend an event we organise, we collect data to demonstrate trends to funders or for internal monitoring and evaluation purposes.  We may also take photos for documentation or to be used in our future communications.

Data collected:  Name, email, address, date of birth, gender, photo.

Legal basis for processing data:  Consent.

Storage:  Data is held in a password protected database accessed only by SCCAN directors.

Retention:  We keep your details for as long as needed for reporting purposes, maximum 5 years.

4.   Contracted work

What we do with your data:  We are required to use your data to enter into contract and to remunerate those who do paid work.

Data collected: Name, address, phone number, email, bank account details.

Legal basis for processing data:  Contract.

Storage:  Correspondence is held in password protected folder.  Bank details are also stored in our online bank account with our bank, to enable them to processes payment transactions securely on our behalf.

Retention: 7 years or as required under current legislation.

5.   Website visitors

Like most other organisations we use Google Analytics on our websites.  This software captures data about website visitors in a form of an advanced web server log.  It records:

  • What website you came from; • How long you stay for; and • the kind of computer used.

This helps us to understand the kind of people who come to our sites and what content they’re reading and enables us to make better decisions about design and writing.

We occasionally compile aggregate statistics about numbers of site visitors and browsers being used.  No personal data is included in this type of reporting and all this activity falls within the bounds of the Google Analytics Terms of Service.

6. Your rights

If you have any concerns, which are not resolved by communicating with us, you can raise a complaint with the Information Commissioner’s Office at

7. Other uses of your personal information

We may ask you if we can process your personal information for other purposes. Where we do so, we will provide you with an additional privacy notice explaining how we will use your information for these purposes.

8. Who we share your personal information with

We do not share your personal information with anyone.

9. Third party suppliers with access to members’ personal data

We may use third party suppliers to provide services. These suppliers may process personal data on our behalf as “processors” and are subject to contractual conditions to only process that personal information under our instructions and to protect it.

In the event that we share personal information with external third parties, we only share such information strictly required for the specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes.

  • The Co-operative Bank process payment transactions securely on our behalf.
  • Mailchimp distribute some of our email communications. Their servers are based in the US and they uphold the EU Privacy Shield to certify their data security.
  • We use Eventbrite’s ticketing service for some of our events. They comply with GDPR, see their privacy policy here
  • Instructors, coaches and event organisers receive details of training participants.