Privacy notice

St John Scotland takes your privacy very seriously and will never disclose, share or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purposes specified in this notice. Where you have consented to us contacting you with publicity or fundraising information, you are free to withdraw consent at any time.

The purposes and reasons for collecting and processing your personal data are:

• Our volunteers are, with your consent, providing transport to take you to and from hospital during your ongoing treatment
• You have made a donation St John Scotland which may or may not be subject to Gift Aid
• You have previously expressed an interest in, or benefited from, the works of the St John Scotland or the Order and wish to remain informed about our work and fundraising
• The performance of the contract between you, as an Order Member, and the Order (where applicable)
• Fulfilling our legal obligation for compliance, business accounting and tax purposes.

We collect information using the following methods:

• Paper forms
• Telephone calls
• Email
• Face to face

Our website collects website usage information via Cookies.

St John Scotland processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than already specified in this notice.

The personal data we collect varies depending on your relationship with us.

Typically, this will be as follows:

Volunteer

• Name
• Date of Birth
• Gender
• Contact Address(es)
• Contact Email(s)
• Contact Telephone Number(s)
• Consent information
• Passport Number
• Driver’s License Number
• PVG outcome
• Contact preferences
• Contact history
• Dietary requirements
• Accessibility requirements
• Activity preferences

Donor 

• Name
• Contact Address(es)
• Contact Email(s)
• Contact Telephone Number(s)
• Contact preferences
• Contact history
• Consent information
• Benefit received
• Bank account number & sort code
• Legal entity registration number

Personal beneficiary 

• Name
• Gender
• Contact Address(es)
• Contact Email(s)
• Contact Telephone Number(s)
• Contact preferences
• Contact history
• Consent information
• Service used
• Destination hospital
• Unit visited in hospital

Event attendee 

• Name
• Gender
• Contact Address(es)
• Relationship to Member or Volunteer
• Dietary requirements
• Accessibility requirements
• Events attended

Corporate beneficiary 

• Name
• Home Address
• Contact Email(s)
• Consent information
• Tax status
• Bank account number & sort code
• Contact preferences
• Contact history
• Amounts donated
• Gift aid recovery

Order Member 

• Name
• Date of Birth
• Gender
• Contact Address(es)
• Contact Email(s)
• Contact Telephone Number(s)
• Consent information
• Passport Number
• Bank account number & sort code
• Rank & promotions
• Investiture dates
• Spouse & guests
• Contact preferences
• Contact history
• Dietary requirements
• Accessibility requirements
• Special skills
• Oblations & subscriptions paid
• Events attended and your guests

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Member and Volunteer data is processed on the basis of consent. We will seek your consent to hold and process your data using the form appended to this Privacy Notice.

Donor data is processed on the basis of fulfilling a legal obligation where that donation has been made under Gift Aid. For other donors we may process your personal data for the purposes of our legitimate interests, provided that these uses aren’t outweighed by your rights or interests; you may opt out by contacting us.

Beneficiary data is processed on the basis of fulfilling a legal obligation and legitimate interest.

Event attendee data is processed on the basis of fulfilling a legal obligation and legitimate interest; we wish to ensure, among other things, that you are both able to gain access to the event you are attending and have any special dietary needs met.

You have the right to access any personal information that St John Scotland processes about you and to request information about:

• What personal data we hold about you
• The purposes of the processing
• The categories of personal data concerned
• The recipients to whom the personal data has/will be disclosed
• How long we intend to store your personal data for
• If we did not collect the data directly from you, information about the source.

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

You also have the right to request erasure of your personal data or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.

We may disclose your data to our affiliated organisations and subsidiaries, and to service providers who render services to us or you on our behalf (all of which are contractually obligated to act only on our instructions and in accordance with applicable laws, including GDPR). We also may disclose your information if required by law, requested by law enforcement authorities or to enforce our legal rights, such as pursuant to a subpoena or to HMRC when you claim Gift Aid. We may share your information in connection with a sale or reorganisation of JustGiving, but in any such case, the terms of this Policy will continue to apply.

Our service providers include:

• Auditors – we are obliged to have an audit of our financial statements each year
• Business consulting – we obtain business support for governance, risk management and compliance
• Communication providers – to assist us with the processing and delivery of email, bulk email and other communications
• Housing Management Services – for Archibald Russell Court are outsourced to Bield Housing Association
• Information Technology services are supported by an outsource IT provider and we use a CRM system to hold and maintain your personal data
• Legal services – occasionally it is necessary to share data about specific individuals to ensure that their or our needs are properly addressed or protected
• Online donation services – these are used by many contributors to make donations to us.

We take your privacy seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place.

You are not obligated to provide your personal information to us however, as this information is required for us to provide you with our services/deliver your products/legitimate interests, we will not be able to offer some/all of our products or services without it.

We only ever retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. The length of time we keep your data for varies depending on your relationship with us. Typically, this will be one of the following:

• Volunteer - Two years beyond the date of your last volunteering activity
• Donor - Six years beyond the date of last donation
• Personal beneficiary - Six months beyond the receipt of service
• Event attendee - Where attached to an Order Member, in accordance with the Order Member retention. Otherwise, six months beyond the date of the event
• Corporate beneficiary - Six years beyond the receipt of benefit
• Order Member - Your name, addresses, date of birth, rank, promotions, and other chivalric data will be held indefinitely. All other data will be securely destroyed six years following the date of cessation of membership.

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Owing to the nature of our purpose and the charitable benefit that we offer, St John Scotland sometimes need to request sensitive personal information from you to ensure that you are properly supported when attending a meeting, an event or function, or when someone is being conveyed as a part of our Patient Transport Service. Where we collect sensitive personal data, we will only request the information required for the specified purpose and always ask for your explicit consent through a signature. You can modify or remove consent at any time, which we will act on immediately, unless there is a legitimate interest or legal reason for not doing so.

St John Scotland only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you may lodge a complaint in writing or by telephone.

You also have the right to lodge a complaint with the supervisory authority.

Our details:

Gordon Swan

Data Protection Lead

gordon.swan@stjohnscotland.org.uk

0131 556 8711
 

St John Scotland

St John's House

21 St John Street

Edinburgh

EH8 8DG

Information Commissioner’s details:

45 Melville St

Edinburgh

EH3 7HL

0131 244 9001