How are we handling your data?
This is our short and concise data handling policy that sets our stance in regards to the General Data Protection Regulation, also known as GDPR.
We are a Scottish charity registered with Scottish Charitable Incorporated Organisation (SCIO) number SC048612.
We are known as Accessibility Scotland – the conference dedicated to all things related to accessibility and inclusivity.
We treat your data seriously. We only gather what we need, and we never share it with anyone outside our organisation.
Although we use common digital tools to process your data, we are making sure that we put our trust in organisations who are either compliant with the European Union’s GDPR initiative or Privacy Shield, which sets the standard for storing the data securely outside of the European Union.
We will be using your information only to contact you.
If you are one of our speakers, we will also use your name, surname and details of your conference involvement (such as the talk title, talk description and brief biography) on our website and across social media.
We will never publicly use your email address or any other details without asking you first.
Since we value your privacy, you can request us to remove any of your data from all our digital storage platforms – at any time.
All that you have to do is to send an email to firstname.lastname@example.org and ask for it.
We will do our best to do it within 7 days.
Should we ever suffer from a data breach, we will inform you as soon as we can.
If anything of this is unclear or if you would like to understand what we do better, simply email us at email@example.com.
This is the full version of our policy. Please read if you feel it’s important to you.
How do we collect information?
We only collect information when you interact with us via email or engage in a conversation with us on social media.
We collect mailing list subscribers email addresses using a form on our website.
If you are sending us an email or engage in a conversation with us on social media, we operate under the assumption that you have provided us with your details in order to reply to you.
In other words, it’s a dialogue – and to sustain it we have to rely on email and messaging systems. This means that your data is stored electronically.
What information do we collect and use?
We only store minimal information that we could not operate the event without.
If you are one of our attendees, we will collect and store:
- Your name and surname,
- Your email address,
- A note on your access needs (if you have any) or dietary requirements,
- Any other information that you decide to pass on.
If you are one of our speakers, we will collect and store:
- Details of your talk that will be linked to your name.
- Your banks name, and your account sort code and account number. This is to organise a refund of participation expenses (unless you prefer other ways of obtaining a refund).
- Your telephone number – to make sure we can get in touch with you prior to the event taking place (if you are late from the airport or something strange happens).
- We want to document our conference using photography and video. We will store your consent for your public image to used on our website and social media.
How are we storing your information and what systems we use?
At the time of writing this policy (August 2018) we use the following digital services:
- Gmail for email
- Google Drive to store proposals for talks
- Twitter to publicise and share information about our event
- Vimeo to host and share speaker videos from our event
- TicketTailor for processing tickets
- MailChimp for email mailouts
- Adobe TypeKit for uniform representation of specific fonts.
To our best knowledge, all these digital services store data in an encrypted fashion.
If you have engaged with us in transactional capacity (in other words, if you paid money into our account or we have paid money to you), your bank account sort code and account number will be stored by our bank.
This is normal and allows us to run our charity.
Banks do the best they can to store their data securely.
If you are interested in the data policies of these organisations, please refer to their websites.
Should we decide to use another digital service in the future, we will update this policy.
Our website uses Secure Sockets Layer (SSL) encryption for security reasons and for the protection of the transmission of confidential content, such as the enquires you send to us as the site operator.
You can recognise an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL encryption is activated, the data you transfer to us cannot be read by third parties.
Cookies and trackers
We have Google Analytics running on the site – and it does store three cookies on your machine. However, we have anonymised the settings of the application so it doesn’t save information about your IP address, thus leaving you directly unidentifiable.
Our website hosting provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address (anonymised by invalidating the last two address octets before storage)
This data will not be combined with data from other sources.
Who else has the access to information that we collect?
Your information is only used and accessed to help us run our conference. We never send any of your information to any of our sponsors or another third-party. We would never do that without your strict consent.
How to ask for removal of your data from our storage systems
Your data is yours and you can request us to remove it from any storage we used at any time.
If you want to obtain access to information on what do we store or request a removal of your information from our processing systems, please email us at firstname.lastname@example.org. We will do our best to reply within 7 days and to provide you with all the required assistance.
What will we do if a data breach takes place?
In an unlikely event of a data breach taking place, we will inform you as soon as we can (usually as soon as the message about the breach hits our account). We will, of course, provide you with guidance on what to do.
What if any of this is unclear?
Please email us at email@example.com. We will respond as soon as we can.