(Updated 8 June 2018)
Scottish Tourist Guides Association, incorporating Guide Training Ltd
Personal Information (data)
This refers to information that can be used to identify an individual (the data subject). We only hold and process personal data that is provided by you (current and potential members, staff, clients, and suppliers) in the course of your transactions or employment with us.
The personal data that we hold includes some or all of the following as appropriate:
- name, address, telephone and email contact details, and (in the case of payments) bank details
- student and guide photographs
- audio and visual records of student practice and assessment
- additionally, staff and potential students provide information on the right to work in the UK, staff and students provide information on criminal convictions, staff provide payroll data.
Our lawful basis for processing your data is the fulfilment of our contracts with you as members, staff, clients, and suppliers.
Processing Personal Data
We process data for the following purposes:
- maintaining and managing records
- processing payments to and from the association, and payroll transactions
- communicating about the association; seeking information and feedback
- recruitment, training and assessment of future guides
- providing individual guide pages on the website; booking guides for tours
- providing insurance cover
- dealing with complaints and other personal issues
- analysis of website usage – the data collected is anonymous and is used to ensure the continuing provision of professional guiding services and to improve our business processes
Retention and Disposal of Data
Personal data is held for the duration of your relationship with us and for up to 5 years thereafter.
In the case of successful students who do not become full or associate members – 1 year.
In the case of unsuccessful job and course applicants, trainees and students – 6 months.
Data is then disposed of securely.
Sharing your data
These organisations include:
- HMRC (staff), the bank and on-line payment processors
- other on-line processors (eg for bulk e-mails to members; anonymous analytics)
- our website designer and host
- clients using the booking service
Some of the above may have servers located in countries not in the EU.
We will never sell, rent or trade your data.
Log data and cookies
Like many website operators, we collect data whenever you visit our site. This log data may include information such as your computer’s Internet Protocol (IP) address, browser type and version, the pages of the site that you visit, and other similar statistics.
Keeping your data secure
We employ a range of methods to keep your data secure – encryption, access controls, and training.
This ensures that staff and directors are aware of the need to protect data and how to do that; access to your data is controlled; in the unlikely event of a breach, encrypted data cannot be used by others.
While most data is held and processed electronically, there are occasions when hard copies are required. These are stored securely in locked cabinets with restricted access.
You have the right to:
- be informed about how we collect and use your data – this policy fulfils that function
- obtain a copy of the personal data we hold
- have inaccurate data rectified, or completed if it is incomplete
- receive your data in a structured, commonly-used and machine-readable format
Further information on your rights can be obtained from the Information Commissioner’s Office:
This policy was last updated on the 8h June 2018 and takes account of the General Data Protection Regulations 2018 (GDPR).