Skip navigation

Privacy Policy

Welcome to the privacy policy of Scottish Council for Development and Industry (Company Number: SC024724) (“we”, ”our”, “us”, “SCDI”). This privacy policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you. Please also use the Glossary to understand the meaning of some of the terms used in this privacy policy. We may revise this privacy policy at any time by amending this page. You are expected to visit this page from time to time to note any changes we make, as they affect you.

The General Section of the privacy policy applies to the use of all personal information gathered by us. Please read this section carefully. Following the general section are specific sections that will or will not apply to you depending on how you interact with us. Please read the relevant sections that apply to you.

  • General Section: For anyone that interacts with SCDI.
  • Website Section: If you visit our website and/or contact us through our website.
  • Member Section: If you are a Member of SCDI or are applying for Membership.
  • Event Section: If you attend one of our events.
  • Marketing Section: If you receive marketing communications or updates from us.
  • Policy Section: If you interact with our policy team.
  • YESC Section: If you are a teacher, student, or volunteer who is involved with Young Engineers and Science Clubs Scotland.
  • Recruitment Section: If you apply to an open vacancy at SCDI.
  • Consultant and Speaker Section: If you provide consultancy services to us or speak at one of our events.
  • Partnering Organisations and Funders: We partner with organisations to provide events and will hold business contact details of particular contacts of those organisations.
  • Suppliers and Service Provider Section: If you are a sole trader or contractor and provide services or supplies to us.
  • Scottish Cities Alliance Section: If you interact with the Scottish Cities Alliance.

Please expand the sections below for further information.

1. General Section

1.1 Glossary

When we refer to Data Protection Legislation we mean the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and the Data Protection Act 2018.

Criminal conviction data means personal data relating to the alleged commission of offences by you; or proceedings for an offence committed or alleged to have been committed by you or the disposal of such proceedings, including sentencing.

A data controller is someone who decides why personal data is to be collected and how it will be used and treated.

Personal information/data is information that can be used to identify or contact a specific individual, such as a name, address, telephone number, email address, etc., and also online identifiers and location data such as IP addresses and mobile device IDs.

Special category data means personal information revealing your racial or ethnic origin; political opinions; religious or philosophical beliefs; or trade union membership; genetic data; biometric data; data related to your health or data concerning your sex life or sexual orientation.

Website means www.scdi.org.uk.

1.2 About Us

Founded in 1931, The Scottish Council for Development and Industry (SCDI) is an independent membership network – representing a cross-section of the private, public and social economy sectors – which seeks to engage civic Scotland and influence Government and key stakeholders to ensure sustainable inclusive economic growth and flourishing communities, everywhere in Scotland. We are a non-political, not-for-profit organisation, involving senior representatives and leaders across Scotland’s economy.

Funded by our members’ subscriptions, this unique network of knowledge, expertise and experience provides a dynamic and creative force for change.  SCDI is an independent and inclusive economic development network which seeks to influence and inspire Government and key stakeholders with our ambitious vision to create sustainable economic growth for Scotland.

You can find out more about SCDI here: www.scdi.org.uk/about.

Unless otherwise stated, SCDI is the controller for the personal information, we or our service providers, collect and process.

1.3 Contact Us

If you have any questions regarding this privacy policy you can contact us at:

Address: 1 Cadogan Square, Cadogan Street, Glasgow G2 7HF

Telephone: 0141 243 2667

Email: enquiries@scdi.org.uk

1.4 Your Rights

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
  • Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You can exercise your rights by contacting us at the contact details noted above in section 1.3.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We may not always be able to comply with your request to exercise your rights for specific legal reasons which will be notified to you.

Further details about your rights can be found on the ICO’s website at www.ico.org.uk.

1.5 Your Right To Complain

You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

1.6 Do We Share Personal Information?

We will not sell, trade or lease your personal information to others.

Service providers

We contract with third-party service providers and suppliers to deliver certain services. Our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. Our service providers change from time to time and we will inform you if this is the case by updating this privacy policy:

  • TSG currently provide our IT support.
  • Microsoft currently hosts our email and web-based file storage services that we use.
  • Amazon currently hosts our YESC contact database.
  • We currently use Sage for our accounting software which is hosted internally at SCDI, but Sage also provide maintenance services which involve access to our system.
  • We use Dropbox to file and share certain documentation.
  • If you sign-up to one of our events, you may be asked to do so via Eventbrite.
  • We may use MailChimp to send email communications.
  • We may use SurveyMonkey to host and manage feedback forms and questionnaires.
  • We may use third-party caterers for our events or for meetings organised by us.
  • We currently use ChangeWorks Recycling for our confidential waste destruction.
  • We currently use Guardian Removals and Storage for secure offsite document retention.
  • We currently use WorldPay to process payment card data.

Regulatory

We will also provide your personal information to third parties where there is a legal obligation to do so, for example to regulators, government departments, law enforcement authorities, tax authorities and any relevant dispute resolution body or the courts.

Other

We may also provide your personal information to third parties in connection with any sale, merger, acquisition, disposal, reorganisation or similar change in our business.

We will provide information about you to any other person who is authorised by you to act on your behalf.

There may be additional parties who have access to your personal data depending on how you interact with us. We have discussed these parties within the specific sections.

1.7 Where Do We Store Your Information?

The data that we collect from you will usually be stored inside the UK or the European Economic Area (EEA).

However, if you live or work outside of the UK or the EEA, we may need to transfer your personal data outside of the UK or the EEA to correspond with you.  Where this applies, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

We also may transfer data outside the UK or the EEA where our, service providers host, process, or store data outside the UK or the EEA. Where we do this, we will ensure that the transfer is to a country covered by a decision of the Commission of the European Union or is otherwise made in circumstances where we have put appropriate safeguards are in place to protect your data in accordance with the Data Protection Legislation.

SurveyMonkey, MailChimp, Amazon, Dropbox and Eventbrite may transfer data to their respective US entities. Where this is the case those US entities are registered with the EU-US Privacy Shield which is an adequate measure under the Data Protection Legislation (and means that your personal data will be treated according to UK standards).

1.8 How Long Do  We Keep Your Personal Information?

We will not hold your personal information for any longer than is necessary for the uses outlined above unless we are required to keep your personal data longer to comply with the law and any regulatory requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We have discussed specific retention periods under the specific sections.

1.9 How Do We Keep Your Personal Information Up-To-Date?

Please contact us at the contact details noted above in section 1.3 as soon as possible after there is any change to your personal details, including your contact details.

1.10 Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and offline.

2. Website Section

2.1 How We Collect Your Personal Data

We collect personal information about you when you complete our online Contact Form.

2.2 Use Of Your Data

2.3 Cookies

We use cookies on our Website. You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please seewww.scdi.org.uk/cookie-policy/.

2.4 Analytics

When you visit our website,  we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of our website. This information is only processed in a way that does not identify anyone. We do not make – and do not allow Google to make – any attempt to find out the identities of those visiting our website.

2.5 Search Engine

Searches on our website are logged anonymously to help us improve our website and search functionality. We use Google Analytics to do this. No identifiable personal information is collected by us or our provider.

2.6 Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

2.7 Hosting And Maintenance Of Our Website

Our website is currently hosted (in the UK) and operated by Pulsant.  After Digital currently provides maintenance services for our website.

3. Member Section

3.1 How We Collect Your Personal Data

We collect personal information about you from the following sources:

  • Direct: You, when you correspond with us by email, phone or letter or when you complete our Member Application Form or Renewal Forms.
  • Indirect: Your colleagues, when they provide your contact details when completing correspond with us by email, phone or letter or when you complete our Member Application Form or Renewal Forms.

3.2 Effect Of Failing To Provide Information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as providing Member benefits), or we may be prevented from complying with our legal obligations.

3.3 Retention Period

We will retain your personal details for as long as you and your organisation remain a Member of SCDI and for a period of 7 years after your Membership ceases, before deleting these. Basic organisation data will be kept after seven years.

3.4 Use Of Your Data

4. Event Section

4.1 How We Collect Your Personal Data

We collect personal information about you when you register for an event (by emailing us, completing and returning one of our paper forms, or through Eventbrite) or when you correspond with us by email, phone or letter.

If your colleague registers for an event on your behalf, then we will receive your personal details indirectly.  You will be asked for explicit permissions related to the use of any data at an event.

4.2 Effect Of Failing To Provide Information

If you fail to provide certain information when requested, we may not be able to issue your event ticket to you or to complete your transaction.

4.3 Retention Periods

We apply the following retention periods:

  • Member event data will be held in our secure CRM system indefinitely.
  • Non-member data will be held for 13 months before being anonymised.
  • All hard copies materials related to the event will be deleted within 3 working days, post-event.

4.4 Use Of Your Data

4.5 Joint Events

We may partner with other organisations to provide events. When this occurs, we will both collect and use your personal data.  Please ask our partner for their privacy notice explaining how they will use your information.

5. Marketing Section

If you provide us with a telephone number or postal address, we may send you non-electronic forms of communication (post and live calls), based on our legitimate interests. If you provide a business email address, then we may use this to provide you with electronic communications based our legitimate interests. If you provide a personal email address, we require your consent to market to this email.

You will always have the option to unsubscribe from any of our marketing communications at any time by contacting us at the contact details in section 1.3 or by selecting the unsubscribe link at the bottom of our emails.

6. Policy Section

6.1 How We Collect  Your Personal Data

We hold business contact details of those involved in our policy forums for our legitimate interests (Member and Non-Member).  We may initially receive your contact details by searching for organisations with specific policy interests via a search engine, a specific website or our membership database.  Alternatively, you may have been recommended to us by one of our connections. Thereafter, we will ask you to complete our forms or we will collect information from you when you correspond with us by email, phone or letter.

6.2 How We Use Your Data

We may ask organisations to provide opinions on certain policy issues.  These opinions will be provided at an organisational level and not at an individual level.   We are an apolitical policy-driven business membership organisation and we do not actively collect information in relation to political opinion.

6.3 Our Partnering Organisations

Due to the nature of some of the organisations that we partner with for policy projects, we may ask you to provide additional information on behalf of the partnering organisation.  We are not a controller in relation to this additional information and we are merely collecting this on behalf of the partnering organisation.

7. YESC Section

Young Engineers and Science Clubs Scotland (YESC) is a Scotland-wide primary and secondary school education programme run by SCDI and supported by many of SCDI’s Members.

7.1 Our Partnering Organisations

Due to the nature of some of the organisations that we partner with for YESC events, we may ask you to provide additional information on behalf of the partnering organisation. For example, some of our partners require to know your shoe size so that they can issue you with appropriate safety clothing when you visit their site. Others operate in the defence industry and are subject to higher security requirements and therefore they may require to know your date of birth and nationality. Additionally, if you require to park a vehicle at one of our partnering sites they may wish to have details of your car type and registration number for security purposes also. We are not a controller in relation to this additional information and we are merely collecting this on behalf of the partnering organisation.

7.2 If You Are a Teacher

We collect personal information from you when you complete our online registration form, our evaluation forms and/or when you correspond with us.

If you fail to provide certain information when requested, we may not be able to register your school for an event.

We update our teacher contact information on an annual basis, and we will retain teacher information indefinitely unless you leave the school or otherwise ask us to remove your information.

Use Of Your Data

7.3 If You Are A Student

Teachers and parents should read this section, as well as students.

Your teacher may provide us with certain dietary information about you. We may also collect personal data from you directly when you complete our evaluation forms or when we take your photograph at events.

We apply the following retention periods to student data:

  • Any individual dietary data held within our CRM will be deleted within 3 working days, post project/event.
  • All hard copies materials related to the project/event will be deleted within 3 working days, post project/event.
  • Evaluation forms and photographs will be stored within our secure IT systems indefinitely.

Use Of Your Data

7.4 If You Are A Volunteer

We collect personal information from you when corresponding with us. We may also receive your information indirectly if you are a STEM Ambassador.

We apply the following retention periods to volunteer data:

  • Any personal data held within our CRM will be deleted within 3 working days, post project/event.
  • All hard copies materials related to the project/event will be deleted within 3 working days, post project/event.

Use Of Your Data

7.5 If You Are A Parent

We do not actively collect personal data from parents as we coordinate our events with schools.

8. Recruitment Section

Please note that we do not accept speculative CVs that are sent to us.  These are deleted upon receipt and no personal data is held in our systems.

8.1 How We Collect Your Personal Data

We will collect personal data about applicants through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider.  We may also collect additional information from third parties including former employers, credit reference agencies or other background check agencies.

8.2 Retention Period

We will only retain applicants’ personal data for 6 months post the vacancy being filled.  This data may be used to fulfill the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  In some circumstances, we may anonymise personal information so that it can no longer be associated with individual applicants.  In these cases, we may use such information without further notice to applicants.

8.3 Use Of Your Data

9. Consultant And Speaker Section

9.1 How We Collect Your Personal Data

We may initially receive your contact details by searching for an individual with your skills via a search engine, a specific website or our membership database.  Alternatively, you may have been recommended to us by one of our connections. Thereafter, we will ask you to complete our forms or we will collect information from you when you correspond with us by email, phone or letter.

9.2 Effect Of Failing To Provide Information

If you fail to provide certain information when requested, we may not be able to engage you as a consultant/speaker.

9.3 Retention Period

We will keep your data on our CRM system indefinitely or until you contact us to as for it to be deleted.  You can contact us via the contact details in section 1.3.

9.4 Use Of Your Data

10. Partnering Organisations and Funders Section

We hold business contact details of those from our partnering organisations and funders on the basis of our legitimate interests.

11. Suppliers and Service Providers Section

11.1 How We Collect Your Personal Data

We may initially receive your contact details by searching for an individual with your skills via a search engine, a specific website or our membership database.  Alternatively, you may have been recommended to us by one of our connections. Thereafter, we will ask you to complete our forms or we will collect information from you when you correspond with us by email, phone or letter.

11.2 Effect Of Failing To Provide Information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you for your services), or we may be prevented from complying with our legal obligations.

11.3 Use Of Your Data

12. Scottish Cities Alliance Section

Scottish Cities Alliance (SCA) is governed in partnership by The Scottish Government and the 7 Scottish city local authorities.  SCDI acts as a partner by hosting SCA employees and providing HR and payroll administration services. We are joint controllers – with The Scottish Government and the 7 local authorities – for the purposes of SCA employee HR and payroll personal data.

If you interact with SCA, please view their privacy policy and procedures at www.scottishcities.org.uk/privacy.

Last updated: February 2019