The following notice explains Venture Scotland’s approach to protecting the personal data we hold. This includes:

• The information we hold about young people, volunteers, donors, suppliers, staff and other stakeholders
• What we do with the information
• When we share information
• Your rights with regard to the personal data we hold about you

Our pledge

Venture Scotland pledges to handle personal information in accordance with data protection legislation and best data protection practices. This means that your personal information will be:

1. Processed lawfully, fairly, and in a transparent manner
2. Collected for specified, explicit and legitimate purposes
3. Only collected so far as required for our lawful purposes
4. As accurate and up to date as possible
5. Retained for a reasonable period of time, in accordance with retention policies
6. Processed in a manner which ensures an appropriate level of security.

Your rights

To exercise any of these rights please email us at admin@venturescotland.org.uk

• Access to your information– you have the right to request a copy of the personal information about you that we hold.
• Correcting your information– We want to make sure that the personal information we hold is accurate, complete, and up to date. You can ask us to correct any personal information about you that you believe is incorrect.
• Deletion of your information– You can ask us to delete personal information about you where:
  • You consider that we no longer require the information for the purposes for which it was obtained
  • We are using that information with your consent and you have withdrawn your consent
  • Our use of your personal information is contrary to law
  • You have an objection to how we use your data (unless we have a legitimate reason to continue)
• Complain about our handling of your information – We would like a chance to resolve any complaints for you but if you are not happy with our response or want to complain directly you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), whose contact details are as follows:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone – 0303 123 1113 (local rate) or 01625 545 745
Website –https://ico.org.uk/concerns

Venture Scotland is registered as a Data Controller

We are registered as a data controller with the (ICO), registration number Z719326X. The register provides details of the purposes for which personal information may be used; types of data subjects about whom personal information may be held or processed; types of personal information that may be processed; bodies to whom the Venture Scotland may disclose information; and information about transfers of personal information.

Personal data held by Venture Scotland

Venture Scotland stores data on:

• Young people who take part in our programme and activities, including contact details, health, and personal development information
• People applying for jobs, including receipt and storage of application and equal opportunities forms
• Donors and funders, including individual contact details
• Suppliers, referrers and partner organisations including individual contact details
• People who volunteer to support our activities
• Staff
• Newsletter subscribers
• People who access our website

  We will only request and store information for which there is a genuine business or legal need. We will not use or disclose it for any purpose other than that for which it was requested and provided. We will always make it clear why we are requesting or processing personal data.

  There are two categories of information that we might need:

• General and personal information such as name, address, contact details, or your general queries
• Sensitive or special categories of data such as racial or ethnic origin, physical or mental health, political opinions; religious or similar beliefs; trade union membership; physical or mental health/condition; sexual life; genetic and biometric data and information about criminal allegations, proceedings, convictions or related security measures

How do we collect your information?

The main ways that we gather personal data are:

• Through any form provided by Venture Scotland
• By email sent to admin@venturescotland.org.uk or via staff email addresses
• Face to face interview or meeting
• Over the telephone or by post
• During events
• Direct entry on to our ‘Mychanges’ database
• Website

Why do we keep information about you?

We hold and process information about you in order to:

• confirm who you are and keep in touch
• be aware of any health considerations to allow us to support you
• understand your capabilities and needs to provide you with a programme that challenges and develops you
• plan and deliver courses and activities
• measure your progress through the programme
• share information with partner organisations such as the one that may have referred you to us
• meet our statutory obligations including a commitment to equality and diversity
• process financial transactions related to the services you receive such as grants or payments
• help us to continuously improve our services
• assess the impact of our activities
• tell other people and organisations about your achievements

Processing data

When you provide us your personal data we will hold it in order to provide you with the serviceor information that you specified to us.

Young people on our programme

If you are enrolling on a Venture Scotland activity or course, we ask you to input your own information on our secure “Mychanges” database. This includes sensitive personal data such as medical information, which is essential to make sure we support you so that you stay safe when taking part in our activities.

We also encourage you to input other sensitive personal data, such as drug use, recent offending history, housing status, well-being and lifestyle. This information allows you to set personal targets and to let you see if you are making progress. We do count the number of young people who have made positive changes in all of the sensitive areas (drugs, health, offending, etc.) but we do not keep anything that can be identified to you personally.

Job applicants

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will ask you for some personal information including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.

Volunteers

We hold medical information so that we can support you so that you stay safe on our activities. We also hold information on what you want to volunteer for, what you hope to achieve, your capabilities and qualifications to help us match you to opportunities.

Keeping you informed

We regularly produce an online newsletter, if you receive this it is because you asked to. If you want to receive the newsletter, or if you no longer want to receive the newsletter please email us at admin@venturescotland.org.uk

Sharing your information

We only share personal information when there is a legitimate interest to do so. For example, we may need to speak with referral agencies, funding bodies or qualifications authorities. All of these agencies are obliged to keep your information secure, and to use the information only to fulfil specific and agreed purposes.

Protecting your information

Venture Scotland has appropriate security measures in place for the protection of your personal information, including secure measures for its disposal to prevent the loss, misuse, alteration, unauthorised access and theft of personal information.

Staff are trained in GDPR guidelines and have an understanding of your rights. They are aware of our security standards and measures and the importance of adhering to them in relation to your personal information. Only those staff members who are authorised to access your information, and/or are required to do so as part of their regular duties, will have access to it. Volunteers on activities will have access to medical records. They will have received GDPR training.

Retention

Personal data will be stored only for as long as there is a genuine business need. The exact period of time depends on the type of information and the statutory provisions affecting our activity and will be set out in our retention policy. 
 

Newsletter

We regularly produce an online newsletter, create leaflets to let others know about us and we routinely post on social media, such as Facebook. We will always ask you before we use your personal data or photographs for these purposes.

We use a third party provider, Mailchimp, to deliver our newsletters and promotion emails. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our newsletter.

Visitors to our website

IP Addresses

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about your browsing actions and patterns.

Cookies

Cookies (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers.

We may use cookies to gather information to help us improve our website. Such information will not identify you personally. It is statistical data. You can turn off cookies on your computer if you wish.

Linked websites

This privacy notice does not cover any links within tour site linking to other websites. We encourage you to read the privacy statements on the other websites you visit. The website may, from time to time, contain links to and from the websites of our partner networks and others. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Data security by email

If you are sending personal information to us via the internet, please be aware that the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to us via email if you are not using an encrypted mail system.

Any transmission is at your own risk. Once we have received your information, we will only process it in strict accordance with the GDPR guidelines and the principles set out above.

Data protection policy updates

Any changes we make to our policy will be put on our website. We encourage you to check for updates from time to time, so you are always fully aware of what information is collected and how it is used.