Skip to content
Skip to navigation

Privacy policy

Scottish Women in Business (SWIB) is committed to safeguarding the privacy of our members and supporters while providing the highest possible quality of service. Under the terms of Data Protection legislation, we are required to explain to you how we will treat any personal and/or private data which we collect from you.

Who we are

References to we, us and our are to Scottish Women in Business (SWIB). References to our website or the website are to www.scottishwomeninbusiness.org.uk.

Data Controller: the nominated representative for Scottish Women In Business (SWIB) is our Web Secretary who may be contacted at webmaster@scottishwomeninbusiness.org.uk.

Why we hold data

SWIB must collect and process personal data to provide its services, for example:

  • details of people who join as members
  • details of people who book on events
  • details of people who enter for awards

The personal data is held so we can

  • contact members about SWIB news, events and their membership
  • contact event attendees with information about the event they are attending
  • judge entrants for and publicise awards
  • enforce membership and event rules

SWIB also holds personal data on committee members, volunteers, service suppliers and other professional business contacts in order to manage the organisation and its events.

We want to be clear with you about what we hold and how we use it.

Complying with legislation

SWIB will always comply with data protection legislation, so the data held about you must be:

  • kept securely
  • used lawfully, fairly and in a transparent way
  • collected only for the purposes we have clearly explained to you and not used in any way incompatible with that purpose
  • relevant to the purposes we have told you about and limited to those purposes
  • accurate and kept up to date
  • kept only as long as necessary for the purposes we have told you about

Your rights and how to exercise them

Under the Data Protection Act 2018 (DPA 2018, incorporating the General Data Protection Regulation, GDPR), you have several rights with respect to the data held by SWIB:

  • right to access
  • rectification
  • erasure
  • restriction of processing
  • objection to processing
  • data portability
  • the right to withdraw consent
  • the right to lodge a complaint with a supervisory authority

If you wish to exercise any of these rights, please contact SWIB’s Data Controller.

The basis for holding your data

For SWIB, there are three lawful bases on which we hold personal data:

  • contract: where we need the information to provide a service, e.g. the benefits of membership or your attendance at an event. A person can request deletion but that will cancel the contract e.g. membership.
  • consent: where the person explicitly consents to us using their information (e.g. to send newsletters or to publish their directory entry). If consent is withdrawn, the information must be deleted.
  • legitimate interest: where we need to retain the information even if the person requests deletion of their information. For example, where we bar a person from being a member or – for committee members – to retain their record of service.

The categories of data we hold and the lawful bases for holding and processing it are:

Data Category

Processing purpose

Lawful basis for processing

Membership – mandatory

To manage a person’s membership, including communication about that membership

Contract

Membership – optional

To provide a member directory

To communicate news to members

Consent

Consent

Membership – barred

To manage SWIB policy regarding barred people

Legitimate interest

Event management – mandatory

To manage attendance at the event

To enforce SWIB’s attendance rules

Contract

Contract

Event management – optional

To include in the delegate list

Consent

Event management – non-members

To manage SWIB policy regarding attendance

Legitimate interest

Award nomination

Award publicity information

To assess the entrant for winning an award

To publicise the awards and its participants

Contract

Consent

Newsletter mailing list

To communicate news to subscribers

Consent

Governance

To support committee & volunteers communications

To support SWIB governance and retain history

Consent

 

Legitimate interest

Suppliers

To support the operation of SWIB, including by systems

Contract

Other professional contacts

To support the operation of SWIB

Consent

How we use your information

Personal data is collected by SWIB to provide the following services:

  • membership services (for members)
  • event management (for event attendees)
  • awards management (for those participating in awards)
  • communications (for mailing list subscribers)

It is also collected for:

  • organisation management (for members, attendees, committee members, suppliers and volunteers)

The personal data collected is as follows:

Information about members

We hold your name, email address, password, company name and telephone number as mandatory information. Optionally, you may supply a short description of your business, category of business, dietary requirements, online and social media presence, and other details for your online directory profile.

To join SWIB, you must provide the mandatory information requested for us to manage and provide the benefits of your membership, including emails regarding your membership – this is processed on the basis of “contract”.

Your email address will also be used to send you SWIB newsletters, event announcements and other emails. These communications are not part of your contract with us and are processed on the basis of “consent”. You may unsubscribe from these emails at any time without deleting your email address from your membership record.

Additional information provided by you is given solely for the purposes stated and is processed on the basis of “consent”. Information shared publicly is under your control:
a) You can specify information to appear on an event delegate list.
b) You can choose to list your business details on SWIB’s member directory. If you do list it, you can remove your entry at any time by unticking the “list my business” box on your profile. You can also delete specific information from your directory profile that you no longer wish to be kept.

You may request that optional information you have supplied is deleted. However, if you request that mandatory information is deleted, SWIB will have to terminate your membership. Refunds will be subject to SWIB’s refund policy.

If your membership lapses, all optional data provided will be deleted after one month. Mandatory data will be deleted after two years.

Information about events

For events booked through our website: we hold your name, email address, company name and dietary requirements where appropriate to the event; this is processed on the basis of “contract”. You may also provide a short description, processed on the basis of “consent”.

The information provided will be used to manage your attendance at the event, including:
a) preparing a delegate list (name, company name and description where provided),
b) ordering your meal (where appropriate), and
c) sending you the delegate list and an anonymous post-event feedback form.

For members, your record of attendance is held for the duration of your membership.

For non-members, your name, email address, company name and events attended will be held for up to one year (from January to December of the year in which you attend) to enable SWIB to enforce limits on non-member attendance at events. This is held on the basis of “legitimate interest”.

Delegate lists will be retained for six months in case of queries or complaints.

For events booked through Eventbrite: we hold your name and email address within Eventbrite; this is processed on the basis of “contract”.

Events will be deleted from Eventbrite after 6 months, after which time your personal data will no longer be accessible to SWIB as data controller. We do not pass this data to our own systems.

Note that Eventbrite retains information about you as a subscriber to their website, under their own data protection regime.

Information about awards participants

Awards participants include those entering the awards, those judging the awards and suppliers providing services to the awards event.

For entrants: We hold your name, business name, email address, business description, business address, telephone number and nomination details to assess your awards entry; it is held on the basis of “contract” when used for this purpose. This information is held for the duration of the Awards and then for one year in case of queries or other issues.

For judges: We hold your contact information as a volunteer (see separate section).

For finalists and other participants: We may also ask for a photograph, biography and links to your online presence, such as website or Facebook page. We will use this, and any business description provided, for publicity about the awards, the participant and their organisation, in print, online and in social media. For this purpose, your information is held on the basis of “consent”. It is held for one year after the event.

Information about payments

Payments are collected and processed by WorldPay. Information already provided to SWIB, e.g. your email address, is pre-populated in the WorldPay form and may be updated by you before submitting your form. Card details are not seen by SWIB nor retained by WorldPay. This information is processed on the basis of “contract”.

A record of your event payments is retained by SWIB for 1 month after the event for financial reporting and in case of queries, debts or refund requests and then deleted.

A record of your other payments is retained by SWIB for 1 year for financial reporting and in case of queries, debts or refund requests and then deleted.

Information about mailing list subscribers

We hold your email address, processed on the basis of “consent”.

This will be used to send you SWIB newsletters, event announcements and other emails. By providing your email address, you are giving your consent to receiving these emails. You may unsubscribe at any time by clicking the “Unsubscribe” link at the foot of a SWIB email and your email address will be deleted immediately.

Information about committee members and volunteers

If you volunteer with SWIB on committee or in other ways, SWIB holds your name, email address, term(s) of service, role and, optionally, other contact details.

For committee members: Your contact information is held to allow communication relating to your service on the committee. Your name and email address are required to serve on the committee; this information is held on the basis of contract. Your photo and affiliation are published on the SWIB website for the benefit of members. This and optional contact information is held on the basis of “consent”. The information you provide is held for the duration of your service and is then deleted.

Your record of service on committee is held in perpetuity to maintain a history of SWIB; it is held on the basis of “legitimate interests”.

For volunteers: Your contact information is held to allow communication relating to your voluntary service. Your name and email address are required to volunteer; this information is held on the basis of contract. You may also provide additional contact information; this is held on the basis of “consent”. The information you provide is held for the duration of your service and is then deleted.

Your record of volunteering is held in perpetuity to maintain a history of SWIB; it is held on the basis of “legitimate interests”.

Information about suppliers

We hold contact and contract information for suppliers on the basis of “contract”. It is held for the duration of the contract and then for 1 year after the contract ends for financial reporting and in case of queries, debts or refund requests.

Where a supplier has access to personal information held by us, they will be treated as a Data Processor and must undertake to abide by this policy as part of their contract with us.

Who has access to your data

Personal data collected by SWIB is processed by the following systems and organisations, who act as data processors on our behalf:

  • our website and mailing system, provided by Fuzzylime – accessed by committee members, SWIB administrators, SWIB webmaster and Fuzzylime
  • our contact database, Salesforce – accessed by SWIB administrators
  • our payment gateway, WorldPay – accessed by SWIB administrators, SWIB treasurer and SWIB webmaster
  • our primary document storage system, Huddle – accessed by committee members, SWIB administrators and SWIB webmaster
  • the survey tool, SurveyMonkey – accessed by committee members, SWIB administrators and SWIB webmaster
  • our administrators, Time Assistant (using all of the above systems)
  • the booking system, Eventbrite – accessed by committee members and SWIB webmaster
  • our awards document storage system, Google Drive – accessed by committee members, SWIB webmaster and awards judges
  • website analytics, Google Analytics – accessed by SWIB webmaster

All suppliers acting as data processors for SWIB have committed contractually to abide by DPA 2018, including rights of access and deletion, security and confidentiality. You can find links to the data protection regimes below.

All committee members and volunteers have recorded their commitment to abide by DPA 2018.

We don't share your data with anyone else, except when required to by law.

Where your data is held

SWIB is based in Scotland but makes use of cloud-based systems provided by a range of suppliers based in a variety of countries. As a result, your personal information may be transferred outside the UK or European Economic Area.

All our systems suppliers have published their own data protection policies in order to comply with DPA 2018:

In the event of a data breach

If we find out that the private data we hold has been breached, or altered or deleted without authorisation, we will inform the Information Commissioner's Office (ICO) as required under DPA 2018. We will also inform those affected. Notification to the ICO is not required if the data concerned is already public (for example, if it is published on the member directory) or if the breach does not pose a significant risk to the individuals.

Website data

We hold:

  • your IP Address: this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the website. This information is used solely to record usage of the website and to create site statistics for analysis of the website.
  • data recorded by the website to manage event bookings, the shopping cart and to allow you to buy from the website (including event bookings and membership).

Login data is recorded locally on your computer using cookies – these do not persist beyond the end of your browsing session.

Most browsers can be programmed to reject cookies or warn you before downloading cookies – information regarding this may be found in your browser’s help facility. For more information on cookies, please visit www.allaboutcookies.org.

This policy was published on 5th December 2018.

Loading