This notice explains what happens to any information that we collect when you get in touch, receive a service, make a donation or visit our site. We do update the policy from time to time so please review it regularly.
The Information Commissioner’s Office (ICO) has a section on its website where you can find out more about your personal data rights.
ICO Your Data Matters
Who we are
Visibility Scotland is one of the oldest sight loss charities in Scotland. We were formed in 1859. We were known for many years as the Glasgow and West of Scotland Society for the Blind before changing our name to Visibility. We rebranded the charity as Visibility Scotland in 2019.
We provide services to visually impaired people across Scotland. We are a registered charity and are regulated by OSCR.
What is personal data?
Personal data is information which could be used to identify an individual. Some examples of personal data are your name, address, phone number or email.
Sensitive personal data is data concerning an individual’s
- ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data
- biometric data (where this is used for identification purposes)
- health data
- sex life or sexual orientation
What is non-personal data?
Non-personal data is any data that can’t be used to identify you personally but can help to improve the services we deliver. This includes data related to accessing our digital platforms, such as your IP address and the pages you accessed on our website.
What type of data do we collect?
The type of data we might collect from you while providing a service includes:
- Your contact details, such as title, name, address, phone and email
- Your date of birth
- Your gender
- Your nationality
- Details of your family members
- Details of any contact you have had with us including email, phone, face-to-face, letter or other digital communications
- Information about your use of Visibility Scotland services
- Health information related to provision of support, including your eye condition and/or other relevant health conditions
- Records of any donations, including financial payment methods
- Your communication preferences. This is used to customise our communications with you and includes information about our services, fundraising and any other relevant information.
How we collect personal data
Personal and non-personal data can be collected:
- From the information you provide to us
- From the information provided by your family members and/or guardian
- From current or previous use of our services
- When you sign up to receive our newsletter
- When you donate or purchase from us (either directly or via third-party sites)
- When you volunteer or apply to work with us
- When you take part in or attend one of our fundraising events
- From referrals made to us by other services (e.g. NHS)
- When information is shared between other services and us
- From publically available information
How we use your data
We use the data provided to us in a variety of ways:
- To deliver services, products or information to you that we think would be relevant and of interest to you
- To maintain records detailing our communication with you
- To manage the service provided to you, including updating your records with relevant and appropriate information
- To administer donations and support your fundraising activities
- To process orders
- To process a job application or volunteer application
- To enable your participation in an event
- To comply with legal and regulatory rules and standards
- To ensure good governance of our services
- To ensure the safeguarding of vulnerable persons
- To improve the quality of our services
- To use in promotional materials or case studies if you have permitted us to do so
- To maintain a record
- To carry out reporting
Sharing data with other organisations
We do not share or sell data to any third parties for direct marketing purposes.
Where we have a legal or regulatory duty to do so, or where we consider it necessary to protect the rights, property or safety of Visibility Scotland, its staff, volunteers, service users and visitors, we may disclose your details to:
- The police
- Regulatory bodies
- Any organisation where we have a requirement to share data for safeguarding purposes.
We may share your details with other organisations in order to refer you to services external to Visibility Scotland, or to engage with an organisation on your behalf. We will only do this with your knowledge and consent.
What is the legal basis for processing my data?
The legal grounds for collecting and processing your data are set out below. The legal grounds that apply will vary depending on how we use your data.
We will process your data where it is necessary and in the legitimate interest of Visibility Scotland to do so. This is crucial in enabling Visibility Scotland to carry out its charitable aims.
Examples of legitimate interest include:
- Managing the services we provide to you
- Communicating with you about services
- When you have requested information, goods or services from us
- Keeping and updating your records
- Processing donations
- Events management
- Internal reporting and analysis
- Performance monitoring and reporting
- To improve our services and internal business processes
- To ensure good governance is observed
- Recruitment of staff and volunteers
- For direct marketing materials, such as fundraising or newsletters, if consent has been given to receive these communications
We will ask for your consent to use your personal information for certain purposes:
- Sending you any direct marketing communications that you have previously opted-in to receive. You can opt out of receiving marketing communications at any time by contacting us at email@example.com or calling us on 0141 332 4632
- To use your image or details of your life in promotion materials, videos or case studies.
- To refer you to support services external to Visibility Scotland or to engage with another organisation on your behalf.
We may be required to share your personal data to comply with legal and/or regulatory requirements. This includes financial, GDPR and sharing of information with law agencies for the prevention or detection of crime.
An example of financial reporting is the legal requirement to store transaction information for donations that claim Gift Aid.
Performance of a contract
We may process your information to meet any contractual obligations that you have entered into with Visibility Scotland. For example, when you purchase equipment from Visibility Scotland, both parties will have entered into a contract regarding the terms of that sale of goods.
How is my data stored?
Visibility Scotland employs a variety of controls to keep your data safe. Your data is stored on our secure CRM. Our CRM is hosted on a CiviHosting data centre located in the EU/EEA. CiviHosting employs the following security measures to prevent unauthorised access to data:
- Regular security tests carried out by Quality Assurance and admin teams
- 24/7 monitoring of servers and networks
- 24/7 server monitoring team
- No SSH access by default
- User accounts correspond to separate Linux accounts. Additional security systems, such as Kernel hardening and SuExec are employed.
- No remote access to MySQL (by default)
- Only employees with the highest clearance have access to the data centre data. Employee access is limited and logged. Passwords are strictly regulated.
In addition, Visibility Scotland employs the following monitoring and authentication controls:
- Access to the information stored in the CRM is strictly governed and limited by the need to access the data to carry out the work of Visibility Scotland
- Only authorised staff of Visibility Scotland can access the CRM
- Access to the CRM is controlled and monitored by our management team and third-party IT consultants
- Deletion of user accounts when staff members leave Visibility Scotland
- Creation of user accounts for new staff members only if their job role requires access to the CRM
- Strict enforcement of usernames and passwords to access the CRM
- No sharing of login details
- No accessing the CRM in public spaces
- Anonymising and/or deletion of personal data in response to data subject requests and/or the death of a data subject
- Anonymising and/or deletion of personal data when it is no longer necessary to keep the data
How long do you keep my personal data?
Visibility Scotland will retain your data based on the following criteria:
- If there is a reasonable business need to retain your data
- If there is a legitimate interest in retaining your data (e.g. to continue to provide you with services)
- To comply with all legal and regulatory requirements and guidance
You have certain rights under data protection laws.
The UK General Data Protection Regulation (GDPR) provides the following rights for individuals. The following rights are all subject to certain circumstances and exemptions unless otherwise stated (e.g. an ‘absolute’ right)
The right to be informed
You have a right to be informed about how your personal data is collected and used.
The right of access
You have the right to access and receive a copy of your personal data, and other supplementary information. This is known as a subject access request.
The right to rectification
You have a right to have inaccurate personal data corrected (rectified) or have incomplete personal information completed. Visibility Scotland will respond to such requests within one calendar month. We may refuse a request for rectification under certain circumstances. The reason for refusal will be explained to you.
The right to erasure
You have the right to have some or all of your personal data erased. This is commonly known as ‘the right to be forgotten’.
The right to restrict processing
You have the right to limit how Visibility Scotland uses your personal data. Examples include:
- Moving your data to another processing system
- Making the data unavailable to users
- Temporarily removing published data from a website
The right to restrict processing is an alternative to requesting that your data is erased.
The right to data portability
You have the right to request that we send you the data we hold on you in a commonly used, machine-readable format.
You also have the right to request that we send this data to another organisation/business/service provider.
The right to object
You have the right to object to your personal data being processed. You have an absolute right to stop your data from being used for direct marketing.
You can request to exercise any of the rights listed above by phone, email, or writing to us.
You can find out more about your rights under GDPR on the ICO website: GDPR: Your Rights
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us by emailing firstname.lastname@example.org or calling us on 0141 332 4632.
You also have the right to complain to the ICO by calling 0303 123 113 or visit their website: ICO website
What are cookies?
A cookie is a small text file. They are created by a web server and downloaded onto your computer whenever you visit a website.
What do cookies do?
Cookies make visiting and interacting with a website easier and more efficient. They perform a lot of useful functions whenever you visit a website. For example, they can remember your browsing history, purchase history, website preferences and login details and can help you to resume where you left off.
How do I manage cookies?
- Allow cookies
- Delete cookies;
- Block all cookies;
- Block ‘third-party’ cookies (i.e. cookies set by online services other than the one you are visiting);
- Clear all cookies when you close your browser;
What happens if I don’t allow cookies?
If you don’t allow cookies then you can still visit and use our website. However, your user experience won’t be as fast or efficient.
Date of last review: 10 August 2022
Visibility Scotland is the trading name of GWSSB (formerly Glasgow and West of Scotland Society for the Blind). GWSSB is a company registered in Scotland, limited by guarantee with its registered office at 2 Queen’s Crescent, Glasgow, being a recognised Scottish Charity. Registered number SC116522. Scottish Charity Number SC009738.