Data Protection and Privacy Policy Statement

REAP works in the North East of Scotland to raise environmental awareness, tackle economic inequality and engage in social enterprise. REAP is a company limited by guarantee (No: 316989) and a registered charity (No: SC037988).

This policy tells you what to expect when REAP collects or processes personal information. Any personal information collected by REAP will be used in accordance with the Data Protection Act 1998 (DPA) which updates to the GDPR (General Data Protection Regulation) in May 2018.

We may amend this policy from time to time and any changes we make will be available on REAP’s website.

1. Information we may collect from you
We may collect and process the following information about you:

Information you provide to us
You may provide us with information by corresponding with us by phone, email, by filling in a paper form or a form on our website, via social media or otherwise.
You may provide us with information including your contact details such as your name, address, telephone numbers and email address/addresses. Depending on which aspects of our work or services you are interested in, you may need to give us certain information such as your age (e.g. to assess if you are eligible for energy saving measures grants), gender (e.g. to show we are complying with terms of our funding or for equalities information) and some health information (e.g. to assess if you are eligible for energy saving measures grants or to take part in therapeutic gardening)

Information from other sources
We regularly work closely with other organisations such as other charities or third sector organisations, schools and nurseries, local authorities, Scottish Government, NHS Grampian and others. You may have asked them to pass your information to us so we can fulfil a request for support or advice or otherwise carry out REAP’s work.

Information we collect about you
When you visit our website, we may automatically collect information about your computer, including your IP address, information about your visit and how you use our website. This is carried out by ‘cookies’ – small text files placed on your computer to store data used by the websites that you visit. Cookies are used to make websites work more effectively and to provide certain information to the site owners. To find out more about cookies and how to manage or delete them visit: www.aboutcookies.org. See also cookies information when using the REAP website.

2. How we use your information
Information is used by us for the following purposes:
– To fulfil your requests, allow you to use REAP’s services or take part in events or activities or otherwise engage with REAP’s work
– to inform you about events or activities you have expressed an interest in
– to refer you to other organisations to provide support, professional advice, or answer your questions. We will only refer you to other organisations at your request or with your permission
– to fulfil requirements of our funders and regulators and to provide evidence to them if needed. Your contact details will not be passed to funders or regulators, only anonymised information or comments you have given us permission to share
– to provide feedback so we can evaluate our work, improve services, and report to funders

3. Who will information be shared with?
Your information may be shared in connection with the purposes described above. Your data may be shared with members of staff in REAP in order to best fulfil your request or your needs.

We may also share your personal information with third parties in the following circumstances:
– with other organisations that can fulfil your request or provide you with support. We will only share your information with your consent
– if required, to obtain professional advice
– if we are under a duty to disclose or share your information in order to comply with any legal obligation or to preserve your life
– with funders. This information is usually anonymous, unless you have given explicit permission for us to pass on your details e.g. for a case study, in case of a complaint, or for a discussion between you and one of our funders
– Analytics and search engine providers that assist us in the improvement an optimisation of our website. Your personal information is generally shared with them in a form that does not directly identify you.

We will never share your contact details with others for marketing purposes. We will not share your information where we believe it will cause you harm or upset, or where we think the potential for harm outweighs any benefits.

4. Other websites
This website contains links to other sites. REAP cannot be held responsible for the contents of any pages referenced by an external link. Please be aware that REAP is not responsible for the privacy practices or use of cookies on other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects personal information. This privacy policy applies solely to information collected by REAP.

5. Where we store your personal information
REAP takes your privacy seriously and will store your information securely and only keep it as long as it is needed or as for as long as you have given consent for it to be kept. Electronic copies of special information (sensitive information such as health related information or information about children) are encrypted with a password. Any hard copy data (e.g. paper forms) is stored in locked filing cabinets at the REAP office. Electronic and hard copies of personal information will be securely destroyed as soon as it is no longer needed.

Some online data may be transferred to and stored outside of the European Economic Area, for example if a survey tool provider, cloud backup service or other tool we may use is based outside of the European Economic Area. We only use online tools that are secure and compliant with current data protection legislation.

All of REAP’s electronic communication devices including computers and smart phones are password protected, have up to date virus protection, and their contents are not available to anyone outside of REAP.

6. Access to your information held by REAP
DPA and GDPR give you rights to access your own personal information. The UK Information Commissioner’s office (ICO) enforces and oversees data protection legislation. Further information is available on the ICOs website: www.ico.org.uk.

How do I make a request to REAP under DPA and GDPR?
You should make a request in writing to REAP, 177 Mid Street, Keith, Moray, AB55 5BL
or email: info@reapscotland.org.uk putting ‘Subject Access Request’ in the title.

We will need you to supply proof of your identity, for example:

– a photocopy of the identification pages of your current passport or
– a photocopy of a current photo driving licence, and
– a copy of a current utilities bill, or credit card or bank statement which shows your address.

The information will be returned to you if requested; otherwise it will be securely destroyed once we no longer need it. It is helpful if you can give us any information to help narrow the search, such as specific personal information you are looking for or which REAP staff or volunteers you have had contact with.

Changing or updating the information we hold about you
If you change contact details, or any of the other information we hold is inaccurate or out of date, please let us know by emailing info@reapscotland.org.uk or contacting us as above

7. Changes to this policy
This policy was last updated on 8/5/18