This policy explains how and why we use personal information.
About us
We are PEDAL Portobello, a company registered in Scotland (Company No. 353537) with its registered office at 13 Coillesdene Crescent, Joppa, Edinburgh EH15 2JH. We are listed on the Information Commissioner’s register of data controllers under number:
What information we collect
If you communicate with us, or do business with us, this will result in us collecting personal data about you (for example, we collect the name, address, email and telephone number of members).
We also collect information provided if you fill in a membership form and pay the subscription, complete a survey, etc. We do not collect sensitive personal data.
Third party sources. We sometimes collect additional information about actual or prospective customers from third party sources. Most of the time this won’t be personal data (for example, we might obtain information about a company’s business, though on occasion we may receive personal data (such as a person’s work email or telephone number, or details of their role within a business).
How we use your information
We only ever use your personal data with your consent, or to the extent necessary to:
- Contact you to notify you of any organisational changes, AGMs, events or meetings;
- comply with a legal duty;
- remember your preferences e.g. if you ask not to receive marketing material, we will keep a record of this, or
- for our own lawful interests (provided your rights don’t override these).
We will only use your information for the purpose it was collected (or for similar/related purposes)
We will never sell your personal data or share it with third parties who might use it for their own purposes.
Marketing
We use personal information (such as email addresses) only to assist in marketing and promoting our events/meetings and workshops.
You can choose to ‘opt out’ of PEDAL’s communications by notifying us in writing or by email. If you wish to change or update your contact details or contact preferences please let us know.
Information for email recipients
This policy primarily covers how we use data relating to our members, prospective members, website visitors and people who interact with us. In these cases we will be the “data controller” for the purposes of data protection law.
If you have received an email from a PEDAL member using our service, we will have acted as a data processor in respect of your information. This means we have no control of your personal information and the member is simply using our service to send emails.
In these situations you should contact the PEDAL board to determine details of the member who sent the email and for details of how and why your personal information was used, or if you wish to exercise your rights as an individual in relation to your personal data.
We will only hold information about our members for the duration of their membership with us, after which all data will be removed. We may store logs of addresses we have sent emails to for up to 12 months after that point for the purposes of compliance and system monitoring.
Complaints/spam
If you have a received an email or other communication sent by PEDAL or one of our members that you believe is spam or in violation of our acceptable use policies, please contact us immediately.
Security
We employ a variety of organizational measures to keep personal data safe and to prevent unauthorized access to, or use or disclosure of it.
Data Retention
We remove most information provided to us by members as soon as they notify us that they no longer wish to remain members of PEDAL, emails will be retained for up to 12 months after receipt for purposes of handling abuse complaints and compliance monitoring.
We will continue to store limited information about any member (including transaction records) for up to 6 years for record keeping and administrative purposes. If we consider there is a need to store records for longer (for example,it there has been a dispute or claim) then we will retain the data for as long as is necessary.
Your rights
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which (for individuals) are as follows:
• the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of it (this is known as a subject access request);
• the right to have inaccurate data rectified; and
• the right to object to your data being used for marketing or profiling.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
Links to other websites
Our website may contain links to other websites. We do not control those other sites and we cannot be responsible for the content of those sites or for the protection of any information you provide to other sites (which are not governed by this privacy policy). We accept no responsibility or liability for such other websites. You should exercise caution when entering personal information online and look at the privacy statement applicable to the website in question.
Questions
Last modified: 16/03/2018