Privacy Policy

(Updated 8 June 2018)

Organisation Details:
Scottish Tourist Guides Association, incorporating Guide Training Ltd

Contact details:
Norie’s House, 18b Broad Street, Stirling, FK8 1EF
Tel: 01786 447784
Email: info@stga.co.uk
Website: https://www.stga.co.uk

 

Personal Information (data)
This refers to information that can be used to identify an individual (the data subject).  We only hold and process personal data that is provided by you (current and potential members, staff, clients, and suppliers) in the course of your transactions or employment with us.

The personal data that we hold includes some or all of the following as appropriate:

  • name, address, telephone and email contact details, and (in the case of payments) bank details
  • student and guide photographs
  • audio and visual records of student practice and assessment
  • additionally, staff and potential students provide information on the right to work in the UK, staff and students provide information on criminal convictions, staff provide payroll data.

 

Lawful Basis
Our lawful basis for processing your data is the fulfilment of our contracts with you as members, staff, clients, and suppliers.

 

Processing Personal Data
We process data for the following purposes:

  • maintaining and managing records
  • processing payments to and from the association, and payroll transactions
  • communicating about the association; seeking information and feedback
  • recruitment, training and assessment of future guides
  • providing individual guide pages on the website; booking guides for tours
  • providing insurance cover
  • dealing with complaints and other personal issues
  • analysis of website usage – the data collected is anonymous and is used to ensure the continuing provision of professional guiding services and to improve our business processes

 

Retention and Disposal of Data
Personal data is held for the duration of your relationship with us and for up to 5 years thereafter.
In the case of successful students who do not become full or associate members – 1 year.
In the case of unsuccessful job and course applicants, trainees and students – 6 months.
Data is then disposed of securely.

 

Sharing your data
We share your data only as necessary for the particular processing purposes required for the transactions you have with us or as required by law. Data is only shared with organisations that have a privacy policy in line with the GDPR and (where applicable) the USA Privacy Shield.

These organisations include:

  • HMRC (staff), the bank and on-line payment processors
  • other on-line processors (eg for bulk e-mails to members; anonymous analytics)
  • our website designer and host
  • clients using the booking service

Some of the above may have servers located in countries not in the EU.

We will never sell, rent or trade your data.

 

Log data and cookies
Like many website operators, we collect data whenever you visit our site.  This log data may include information such as your computer’s Internet Protocol (IP) address, browser type and version, the pages of the site that you visit, and other similar statistics.

We also use cookies – small files, which may include an anonymous unique identifier, sent to your browser from a website and stored on your hard drive to collect anonymous information.  You can instruct your browser to refuse cookies, however you should be aware that doing so may restrict your use of the site.

 

Keeping your data secure
We employ a range of methods to keep your data secure – encryption, access controls, and training.

This ensures that staff and directors are aware of the need to protect data and how to do that; access to your data is controlled; in the unlikely event of a breach, encrypted data cannot be used by others.

While most data is held and processed electronically, there are occasions when hard copies are required.  These are stored securely in locked cabinets with restricted access.

 

Your rights
You have the right to:

  • be informed about how we collect and use your data – this policy fulfils that function
  • obtain a copy of the personal data we hold
  • have inaccurate data rectified, or completed if it is incomplete
  • receive your data in a structured, commonly-used and machine-readable format

Further information on your rights can be obtained from the Information Commissioner’s Office:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

This policy was last updated on the 8h June 2018 and takes account of the General Data Protection Regulations 2018 (GDPR).