Scottish Women in Business (SWIB) is committed to safeguarding the privacy of our members and supporters while providing the highest possible quality of service. Under the terms of Data Protection legislation, we are required to explain to you how we will treat any personal and/or private data which we collect from you.
Who we are
References to we, us and our are to Scottish Women in Business (SWIB). References to our website or the website are to www.scottishwomeninbusiness.org.uk.
Data Controller: the nominated representative for SWIB is our Web Secretary who may be contacted at webmaster@scottishwomeninbusiness.org.uk.
Why we hold data
SWIB must collect and process personal data to provide its services, for example:
- details of people who join as members
- details of people who book on events
The personal data is held so we can
- contact members about SWIB news, events and their membership
- contact event attendees with information about the event they are attending
- enforce membership and event rules
SWIB also holds personal data on committee members, volunteers, service suppliers and other professional business contacts in order to manage the organisation.
We want to be clear with you about what we hold and how we use it.
Complying with legislation
SWIB will always comply with data protection legislation, so the data held about you must be:
- kept securely
- used lawfully, fairly and in a transparent way
- collected only for the purposes we have clearly explained to you and not used in any way incompatible with that purpose
- relevant to the purposes we have told you about and limited to those purposes
- accurate and kept up to date
- kept only as long as necessary for the purposes we have told you about
Your rights and how to exercise them
Under GDPR, you have several rights with respect to the data held by SWIB:
- right to access
- rectification
- erasure
- restriction of processing
- objection to processing
- data portability
- the right to withdraw consent
- the right to lodge a complaint with a supervisory authority
If you wish to exercise any of these rights, please contact SWIB’s Data Controller.
The basis for holding your data
For SWIB, there are three lawful bases on which we hold personal data:
- contract: where we need the information to provide a service, e.g. the benefits of membership or your attendance at an event. A person can request deletion but that will cancel the contract e.g. membership.
- consent: where the person explicitly consents to us using their information (e.g. to send newsletters or to publish their directory entry). If consent is withdrawn, the information must be deleted.
- legitimate interest: where we need to retain the information even if the person requests deletion of their information. For example, where we bar a person from being a member or – for committee members – to retain their record of service.
The categories of data we hold and the lawful bases for holding and processing it are:
Data Category |
Processing purpose |
Lawful basis for processing |
Membership – mandatory |
To manage a person’s membership, including communication about that membership |
Contract |
Membership – optional |
To provide a member directory To communicate news to members |
Consent Consent |
Membership – barred |
To manage SWIB policy regarding barred people |
Legitimate interest |
Event management – mandatory |
To manage attendance at the event To enforce SWIB’s attendance rules |
Contract Contract |
Event management – optional |
To include in the delegate list |
Consent |
Event management – non-members |
To manage SWIB policy regarding attendance |
Legitimate interest |
Newsletter mailing list |
To communicate news to subscribers |
Consent |
Governance |
To support committee & volunteers communications To support SWIB governance and retain history |
Consent Legitimate interest |
Suppliers |
To support the operation of SWIB, including by systems |
Contract |
Other professional contacts |
To support the operation of SWIB |
Consent |
How we use your information
Personal data is collected by SWIB to provide the following services:
- membership services (for members)
- event management (for event attendees)
- communications (for mailing list subscribers)
It is also collected for:
- organisation management (for members, attendees, committee members, suppliers and volunteers)
The personal data collected is as follows:
Information about members
We hold your name, email address, password, company name and telephone number as mandatory information. Optionally, you may supply a short description of your business, category of business, dietary requirements, online and social media presence, and other details for your online directory profile.
To join SWIB, you must provide the mandatory information requested for us to manage and provide the benefits of your membership, including emails regarding your membership – this is processed on the basis of “contract”.
Your email address will also be used to send you SWIB newsletters, event announcements and other emails. These communications are not part of your contract with us and are processed on the basis of “consent”. You may unsubscribe from these emails at any time without deleting your email address from your membership record.
Additional information provided by you is given solely for
the purposes stated and is processed on the basis of “consent”. Information
shared publicly is under your control:
a) You can specify information to appear on an event delegate list.
b) You can choose to list your business details on SWIB’s member directory. If
you do list it, you can remove your entry at any time by unticking the “list my
business” box on your profile. You can also delete specific information from
your directory profile that you no longer wish to be kept.
You may request that optional information you have supplied is deleted. However, if you request that mandatory information is deleted, SWIB will have to terminate your membership. Refunds will be subject to SWIB’s refund policy.
If your membership lapses, all optional data provided will be deleted after one month. Mandatory data will be deleted after two years.
Information about events
For events booked through our website: we hold your name, email address, company name and dietary requirements where appropriate to the event; this is processed on the basis of “contract”. You may also provide a short description, processed on the basis of “consent”.
The information provided will be used to manage your
attendance at the event, namely:
a) preparing a delegate list (name, company name and description where
provided),
b) ordering your meal (where appropriate), and
c) sending you the delegate list and an anonymous post-event feedback form.
For members, your record of attendance is held for the duration of your membership.
For non-members, your name, company name, email address and events attended will be held for up to one year (from January to December of the year in which you attend) to enable SWIB to enforce limits on non-member attendance at events. This is held on the basis of “legitimate interest”.
Delegate lists will be retained for six months in case of queries or complaints.
For events booked through Eventbrite: we hold your name and email address within Eventbrite; this is processed on the basis of “contract”.
Events will be deleted from Eventbrite after 6 months, after which time your personal data will no longer be accessible to SWIB as data controller. We do not pass this data to our own systems.
Note that Eventbrite retains information about you as a subscriber to their website, under their own data protection regime.
Information about payments
Payments are collected and processed by WorldPay. Information already provided to SWIB, e.g. your email address, is pre-populated in the WorldPay form and may be updated by you before submitting your form. Card details are not seen by SWIB nor retained by WorldPay. This information is processed on the basis of “contract”.
A record of your event payments is retained by SWIB for 1 month after the event for financial reporting and in case of queries, debts or refund requests and then deleted.
A record of your other payments is retained by SWIB for 1 year for financial reporting and in case of queries, debts or refund requests and then deleted.
Information about mailing list subscribers
We hold your email address, processed on the basis of “consent”.
This will be used to send you SWIB newsletters, event announcements and other emails. By providing your email address, you are giving your consent to receiving these emails. You may unsubscribe at any time by clicking the “Unsubscribe” link at the foot of a SWIB email and your email address will be deleted immediately.
Information about committee members and volunteers
If you volunteer with SWIB on committee or in other ways, SWIB holds your name, email address, phone number, term(s) of committee service, role and, optionally, other contact details.
Your contact information is held to allow communication among the committee for the duration of your service on SWIB committee and is then deleted. Your name and email address are required to serve on the committee or to volunteer. Your photo and affiliation is published on the SWIB website for the benefit of members. This and optional contact information is held on the basis of “consent”.
Your record of service on committee is held in perpetuity to maintain a history of SWIB; it is held on the basis of “legitimate interests”.
Who has access to your data
Personal data collected by SWIB is processed by the following systems and organisations, who act as data processors on our behalf:
- our website and mailing system, provided by Fuzzylime – accessed by committee members, SWIB administrators, SWIB webmaster and Fuzzylime
- our contact database, Salesforce – accessed by SWIB administrators
- our payment gateway, WorldPay – accessed by SWIB administrators and SWIB webmaster
- our document storage system, Huddle – accessed by committee members, SWIB administrators and SWIB webmaster
- the survey tool, SurveyMonkey – accessed by committee members, SWIB administrators and SWIB webmaster
- our administrators, Time Assistant (using all of the above systems)
- the booking system, Eventbrite – accessed by committee members and SWIB webmaster
- website analytics, Google Analytics – accessed by SWIB webmaster
All suppliers acting as data processors for SWIB have committed contractually to abide by GDPR, including rights of access and deletion, security and confidentiality. You can find links to the data protection regimes below.
All committee members and volunteers have recorded their commitment to abide by GDPR.
We don't share your data with anyone else, except when required to by law.
Where your data is held
SWIB is based in Scotland but makes use of cloud-based systems provided by a range of suppliers based in a variety of countries. As a result, your personal information may be transferred outside the UK or European Economic Area.
All our systems suppliers have published their own data protection policies in order to comply with GDPR:
In the event of a data breach
If we are find out that the private data we hold has been breached, or altered or deleted without authorisation, we will inform the Information Commissioner's Office (ICO) as required under GDPR. We will also inform those affected. Notification is not required if the data concerned is already public (for example, if it is published on the member directory).
Website data
We hold:
Your IP Address: this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the website. This information is used solely to record usage of the website and to create site statistics for analysis of the website.
Data recorded by the website to manage event bookings, the shopping cart and to allow you to buy from the website (including event bookings and membership).
Login data is recorded locally on your computer using cookies – these do not
persist beyond the end of your browsing session.
Most browsers can be programmed to reject cookies or warn you before
downloading cookies – information regarding this may be found in your browser’s
help facility.
For more information on cookies, please visit www.allaboutcookies.org.
This policy was published on 7th May 2018.