Data Protection and Privacy Policy

Introduction

The Scottish Evangelical Theology Society (SETS) takes the security and privacy of personal information seriously. As part of our activities we need to gather and use personal information about members, and those who have attended one or more of our events.

This policy explains the provisions that we will adhere to when any personal data belonging to or provided by data subjects, is collected, processed, stored or transferred on behalf of the society. We expect everyone processing personal data on behalf of the society to comply with this policy in all respects.

Your personal data is data which by itself or with other data available to us can be used to identify you.

Data Protection Principles

Personal data will be collected and processed only for specified, and legitimate purposes; and be processed securely.

How personal data should be processed

Everyone who processes data on behalf of the society has responsibility for ensuring that the data they collect and store is handled appropriately, and in line with this policy.

Personal data should only be accessed by those who need it for the work they do for or on behalf of the society. Data should be used only for the specified lawful purpose for which it was obtained.

Unnecessary copies of personal data should not be made.

Using your personal data: the legal basis and purposes

In order to operate as a membership organisation, we have certain legitimate interests. Certain kinds of data make administration easier or even possible, so we ask you to provide this and consent to our holding it:

  • we collect information from you when you join, renew your membership, or attend one of our conferences

  • we keep emails and other correspondence

The legitimate interests we refer to above are:

  • for publicising and marketing the society, we ask people to provide contact details and consent to our holding them

  • we hold contact details in order to distribute the Scottish Bulletin of Evangelical Theology to members

  • we ask people speaking at our Conference to provide contact details and information about themselves, and we collect contact information from people attending our Conference

  • we keep detailed accounting records

  • to organise and manage the Society the membership secretary will from time to time supply the Secretary, or the Treasurer, or the Chairman with spreadsheets containing members’ contact details

We ask you to provide and consent to our holding:

  • contact details, if you want to subscribe to SBET or book a place at one of our conferences

  • access and dietary requirements (if these apply) for people attending events we run

  • your replies to any membership surveys we might run.

Keeping personal data secure

Personal data should not be shared with those who are not authorised to receive it.

Passwords should be kept secure, should be strong, changed regularly and not written down or shared with others.

The ‘bcc’ rather than the ‘cc’ or ‘to’ fields should be used when emailing a large number of people, unless everyone has agreed for their details to be shared amongst the group.

The membership database is stored on, and used from, an encrypted hard disk or encrypted USB pen drives or encrypted virtual hard drive vault.

Personal data should be encrypted or password-protected while it is stored and when being transferred electronically.

Sharing your personal data

This information is treated as confidential and is not shared with anyone else, with the exception of members’ details shared with Highland Theological College who need members’ contact details for distribution of the Scottish Bulletin of Evangelical Theology.

Your rights under data protection law

Under the General Data Protection Regulation, you have the following rights:

  • to be informed, automatically and immediately, usually via a privacy notice, that we will hold data we’ve asked for

  • to access the data we hold, within a month, which we will provide in electronic form

  • to have us rectify inaccurate or incomplete data, generally within a month

  • to ask us to delete your data (we will not always be able to do this and where we are not we will tell you why)

  • to restrict data processing that we do

  • to object to data processing we do even if it would normally be justified

  • not to be subject to automated decision-making and profiling by the Society — SETS does not currently do any of this.

Policy review

The Committee will be responsible for reviewing this policy from time to time and updating the society in relation to its data protection responsibilities and any risks in relation to the processing of data.

A downloadable PDF of this policy is also available.