Data Protection Statement
Customers and Donors
Castle Enterprise Scotland Ltd (we/us/our) are committed to operating in a way that complies fully with the provisions of the Data Protection Act 1998. We recognise that the personal data legitimately required in order to carry out our business must be collected, processed, stored and disposed of fairly, lawfully and with due regard to confidentiality. We fully respect your privacy.
All Castle Enterprise Scotland workers and employees have responsibilities under the Data Protection Act 1998 and are trained appropriately for their specific roles on complying with the provisions of the Act. Managers are trained to ensure that within their areas their staff and workers are aware of their responsibilities and adhere to the relevant requirements and processes.
Processing and using your data
By providing your personal data, you are agreeing to its processing and use by us for the purpose for which it was given. You can opt out of receiving communications via telephone, SMS, email or letter providing there is at least one contact method to allow us to provide our service to you and to meet regulatory requirements.
We will send marketing material to you only if you have opted in and given us permission to send marketing material to you, either via opting in in-store, by telephone or by signing up to our membership schemes. You can unsubscribe from marketing materials at any time via the unsubscribe link on the email or by writing to the Data Control Officer by emailing firstname.lastname@example.org.
Your personal data in the form of images may be captured at some facilities where we operate CCTV cameras.
We may share anonymised data sets with our funders where the funding is linked to specific criteria.
We will not share the data with any other third party unless permitted to under the Act, including for example, disclosures in respect of the prevention or detection of crime, the assessment or collection of tax or duty, disclosures required by law or by order of a court, or disclosures for the purpose of or in connection with any legal proceedings.
We take all necessary steps to make sure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. We retain personal data only for as long as it is needed for its original purpose or regulatory compliance, whichever is greater.
The Data Protection Act gives rights to individuals in respect of the personal data held about them. Please refer to Information Commissioner’s Office website for further information. One of those rights is the right to access the information we hold about you.
You can obtain a copy of our Data Protection Access Request Form, which outlines the process for dealing with a request for data disclosure, from the Data Control Officer by emailing email@example.com or by putting your request in writing to the same email address.