Tel: +44 (0) 1350 724 228

You are here: Home | GDPR data policy

SACS: GDPR and Data Policy

SACS takes your privacy seriously. We are a ‘controller’ of the personal information you provide to us as a necessary part of your membership of the association and this notice sets out how, why and for how long we will use your personal data, as well as who it is shared with. It also explains your legal rights as a data subject and how to exercise them.

What we need from you

When you apply to become a SACS member or renew your SACS membership we may ask you for some or all of the following personal information:

If you do not provide us with all of the personal information we need to enrol you and fulfil your necessary membership functions, this may affect our ability to offer you our membership services and benefits.

Why we need your personal information – contractual purposes

We need to collect our members’ personal information so that we can manage your relationship with us. We may use our members’ personal information to:

Why we need your personal information - legitimate purposes

We also process our members’ personal information in pursuit of our legitimate interests to:

Other uses of your personal information

We may ask you if we can process your personal information for other purposes. Where we do so, we will provide you with an additional privacy notice explaining how we will use your information for these purposes.·

Who we share your personal information with

We may be required to share personal information with statutory or regulatory authorities to comply with statutory obligations. Such organisations include the Health and Safety Executive, Disclosure Scotland, and Police Scotland for the purposes of safeguarding children. We may also share personal information with professional and legal advisors for the purpose of obtaining advice. SACS will never share your personal information with third parties for marketing or other non-SACS and non-member related purposes.

Third party suppliers with access to members’ personal data

SACS may use third party suppliers to provide services, such as mail distribution companies for posting membership mailings, credit card machine terminal companies, IT support companies, PayPal and SagePay payment processing. These Suppliers may process personal data on our behalf as ‘processors’ and are subject to contractual conditions to only process that personal information under our instructions and protect it.

In the event that we share personal information with external third parties, we only share such information strictly required for the specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes.

How we protect your personal information

Your personal information is accessed by our Membership Administration staff only for the purposes set out above. It is stored by SACS in an electronic format within an encrypted facility and there are firewalls in place to protect against external breaches. All paperwork records are held in secure locked cabinets. Your personal data is transferred electronically into our database, which is password protected.

How long we keep your personal information

We only keep your personal information for as long as necessary to provide you with membership services. Unless you ask us not to, we will review and delete your personal information where you have not renewed your membership with us for 2 years.

You have a right to:

You can contact us via: Association Secretary, SACS, The Hermitage, 101 High Street, Selkirk, TD7 4JX. Tel: 01350 724 228 Email: info@sacs.org.uk

If you are dissatisfied, you have a right to raise a complaint with the Information Commissioner’s Office at www.ico.org.uk