Privacy Policy
T & C's
1 INTRODUCTION
We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits our website (www.spifox.co.uk) (Site) and only collect and use your personal data as described in this Privacy Policy. Any personal data we collect will only be used as permitted by law.
​
Please read this Privacy Policy carefully and ensure that you understand it.
About us
Charity Name: Scottish Property Industry Festival of Christmas
Charity No. SC020660
Contact Office: c/o Geoghegans, 6 St Colme Street, Edinburgh, EH3 6AD
Email address: tom@spifox.co.uk
2. WHAT DOES THIS POLICY COVER?
​
This Privacy Policy applies only to your use of our Site. Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and you should check the privacy policies of such websites before providing any data to them.
​
This Privacy Policy was last updated on 16 September 2021.
​​
3. WHAT IS PERSONAL DATA?
Personal data is defined by the UK GDPR and the Data Protection Act 2018 (the Data Protection Legislation) as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. Essentially, this means any information that allows you to be identified i.e. name and contact details but can include less obvious things such as unique IDs or even your postcode address.
4. WHAT ARE MY RIGHTS?
Subject to certain limitations, under the Data Protection Legislation, you have the following rights. The right to:
​
a. be informed about our use of your personal data;
b. access the personal data we hold about you;
c. have your personal data rectified if it is inaccurate or incomplete;
d. be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in Section 10 to find out more;
e. restrict (i.e. prevent) the processing of your personal data;
f. object to us using your personal data for a particular purpose or purposes;
g. withdraw consent to us using your personal data at any time;
h. data portability. For example, if you provided personal data to us directly, we are using it with your consent or for the performance of a contract;
i. restrict any automated decision-making and profiling. We do not use your personal data in this way.
​​
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Section 10.
​
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed.
​
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
​
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in Section 9.
​
5. WHAT PERSONAL DATA DO WE COLLECT AND HOW?
​
Subject to the following, we do not collect any personal data from you and we do not place cookies on your computer or device:
​
a. our Site collects certain information automatically, including your IP address, the type of browser you are using, and certain other non-personal data about your computer or device such as your operating system type or version, and display resolution;
​
b. if you contact us (for example, by letter, call or email), we may collect your name, your email address, and any other information which you choose to give . For the purposes of the Data Protection Legislation, we are the data controller responsible for such personal data;
​
c. we may also collect information from you in order to process any application or query you may have in respect of attending an event, becoming a sponsor, purchasing any goods we may sell or becoming a beneficiary. This may include credit or debit card information if you are paying for an event or goods. We will only use this information to process your application, query or purchase. In respect of credit or debit card information, we process this via a third party (currently Stripe).
​
The lawful basis under the Data Protection Legislation that allows us to use such information is article 6(1)(f) of the UK GDPR which allows us to process personal data when it is necessary for the purposes of our legitimate interests, in this case, the proper operation and functionality of our Site and the services/goods we offer.
​
6. HOW DO WE USE YOUR PERSONAL DATA?
​
Where we collect any personal data, it will be processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the Data Protection Legislation at all times. For more details on security see Section 7, below.
​
If you contact us and we obtain your personal details, we may use them to respond to your enquiry.
​
Any and all correspondence containing your personal data will be deleted no later than 12 months after your order or enquiry and no other personal data will be retained for any longer than is necessary.
​
We will not share any of your personal data with any third parties for any purposes other than storage on an email and/or web hosting server.
​
7. HOW AND WHERE DO WE STORE YOUR DATA AND HOW DO WE KEEP IT SECURE?
​
We will only store your personal data in the UK or the EU. This means that it will be fully protected under the Data Protection Legislation.
​​
We will not transfer your personal data outside in the UK or EU without your consent. Please note that this Site has been designed using Wix.com which is a US firm. However, Wix.com are compliant under the GDPR and the data is hosted on their EU servers. Further information about how Wix.com hold and process information can be found at wix.com.
​
Personal data security is essential to us, and to protect personal data, we take the following measures:
​
a. limiting access to your personal data to those employees, trustees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
b. procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so.
​
8. SHARING YOUR PERSONAL DATA
​
We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions:
a. if we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. Any new owner of our business may continue to use your personal data in the same way that we have used it, as specified in this Privacy Policy (i.e. to communicate with you);
​
b. in some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority;
​
c. to process payments for any goods or services (including events) that you wish to purchase or attend.
​
If any of your personal data is transferred to a third party, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in Section 7.
​
9. HOW CAN YOU ACCESS YOUR PERSONAL DATA?
​
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
​
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 10.
​
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
​
We will respond to your subject access request within less than one month. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
​
10. HOW CAN YOU CONTACT US?
​
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
a. Attention of: Tom Cromar
b. Email address: tom@spifox.co.uk
c. Postal Address: c/o Geoghegans, 6 St Colme Street, Edinburgh, EH3 6AD
​
11. CHANGES TO THIS PRIVACY POLICY
​
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
​
Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.