Privacy and Data Protection Policy

adminUncategorized

At-Tawheed (Scotland) Limited, Registered Charity SC045724 is committed to protecting your privacy and ensuring the security of your personal data. This Privacy and Data Protection statement outlines how we collect, use, disclose, and protect your information in compliance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and guidelines from the Office of the Scottish Charity Regulator (OSCR).

1. Collection of Personal Data

We may collect and process the following types of personal data:

  • Contact information (name, address, email address, phone number)
  • Donation details, including Gift Aid declarations
  • Communication preferences
  • Any other information you voluntarily provide to us

2. Use of Personal Data

We use your personal data for the following purposes:

  • Processing donations and maintaining donor records
  • Communicating with you about our activities, events, and fundraising campaigns
  • Providing information you have requested or that we believe may be of interest to you
  • Compliance with legal and regulatory obligations, including reporting requirements to OSCR

3. Legal Basis for Processing

We process your personal data on the basis of:

  • Your consent
  • Performance of a contract (e.g., processing donations)
  • Compliance with legal obligations
  • Our legitimate interests (e.g., fundraising for our charitable activities)

4. Sharing Personal Data

We do not sell your personal data to third parties. We may share your information with:

  • Service providers who assist us in carrying out our activities (e.g., payment processors, mailing services)
  • Regulatory authorities or law enforcement agencies as required by law or OSCR guidelines

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, use, disclosure, alteration, or destruction, in line with GDPR and OSCR requirements. This includes encryption, access controls, and regular security assessments.

6. Payment Processing

For transactions processed through third-party services, please note that these providers may collect personal information such as email addresses and contact numbers as part of their transaction processing. We may utilise this information for purposes related to processing payments and managing donor transactions.

We collect and temporarily store transaction details, including bank transfers for donations, to maintain accurate records for accounting purposes. Access to this information is restricted to authorised personnel and is securely managed in accordance with GDPR and OSCR guidelines.

7. Third-Party Service Providers and Sub-Processors

We may use third-party service providers and sub-processors to facilitate donation processing, event management, and communications. These providers are contractually obligated to handle your information securely and only for the purposes specified by us. They are also required to comply with applicable data protection laws and our data protection standards.

8. Your Rights

You have the following rights regarding your personal data:

  • Right to access: Request access to your personal data and information about how it is processed
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data under certain circumstances
  • Right to restrict processing: Request limitation on how your data is processed
  • Right to data portability: Request a copy of your data in a structured, machine-readable format
  • Right to object: Object to processing of your personal data where we rely on legitimate interests

9. Donor Preferences and Fundraising Use

We respect your preferences regarding the use of your personal data for fundraising purposes. This includes:

  • Providing opportunities for you to specify your communication preferences and opt-out of fundraising communications.
  • Using your information to enhance our fundraising efforts and tailor our appeals to align with your interests, unless otherwise specified by you.

10. Accountability and Oversight

We are committed to accountability and continuous improvement in our data protection practices:

  • Designating responsibility for data protection oversight within our organisation.
  • Conducting regular reviews and audits of our data handling practices to ensure compliance and effectiveness.

11. Contact Information

If you have questions about our Privacy and Data Protection Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us by emailing info@at-tawheed.co.uk.

12. Changes to this Policy

We may update this Privacy and Data Protection Policy to reflect changes in our practices or for legal reasons. We will notify you of any material changes and seek your consent if required by law.