Statement of Intent
It is the stated policy of NSAC that it will act in accordance with current legislation and aims to meet current best practice with regard to the processing of personal data.
What Information do We Collect about You?
We collect your personal data when you provide it to us. We may also collect other information that you voluntarily provide to us, including when you communicate with us via email, post, telephone or other channels; and when you respond to our communications or requests for information. We only collect what we need and we use your data to provide membership services to you.
We collect information about you when you sign up for or request that we send you marketing materials. We also collect information when you voluntarily complete an enquiry form on our website. Website usage information is collected using cookies.
We may receive information about you from other sources, including third parties and publically available information that help us update, expand and analyse our records; identify new customers; or prevent or detect fraud. We may also receive information about you from social media platforms, including but not limited to, when you interact with us on those platforms or access our social media content. Please note that the information we may receive from those third party sites is governed by the privacy settings, policies, and/or procedures of the applicable platform, and we strongly encourage you to review them before submitting any information to them.
What are Our Responsibilities to You?
The people or organisations which collect, use or process personal data about you will be the Data Controller for that personal data. The Data Controller is NSAC and the Data Protection Leader is Lorna Duguid, who can be contacted as follows:
Office 17, Aberdeen Business Centre, Willowbank Road, Aberdeen, AB11 6YG
How We May Use and Share the Information We Collect
We may use the information we collect:
- To respond to your enquiries;
- To provide you with goods and services that you request;
- To send you marketing communications and other information or materials that may be of interest to you or which you have expressed an interest in receiving;
- To maintain our list of contacts;
- For NSAC’s business purposes, including improving the provision of services, data analysis; submitting invoices; detecting, preventing and responding to actual or potential fraud, illegal activities or intellectual property infringement;
- To assess the effectiveness of our events, promotional campaigns and publications; and
- As we believe reasonably necessary or appropriate to: comply with our legal obligations; respond to legal process or requests for information issued by government authorities or other third parties; or protect your, our, or others’ rights.
How we may share the information we collect:
We may also share information we collect with:
- Third-party service providers engaged by us to perform services on our behalf, such as web-hosting companies, information technology providers, analytics providers, delivery of goods, processing of credit card payments, marketing and communications services and event hosting services.
- Law enforcement, courts or tribunals, other government authorities, or third parties (within or outside the jurisdiction in which you reside) as may be permitted or required by the laws of any jurisdiction that may apply to us; as provided for under contract; or as we deem reasonably necessary to provide our services. In these circumstances, we take reasonable efforts to notify you before we disclose information that may reasonably identify you or your organisation, unless giving prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances.
- Service providers, advisors, potential transactional counterparts, or other third parties in connection with the consideration, negotiation and/or completion of a transaction in which we are restructured (or merged or amalgamated) into another organisation and/or we divest ourselves of all or a portion of our assets to a comparable organisation.
Legal Grounds for Using Personal Data
We rely on the following legal grounds to process personal data, namely:
- Performance of a contract: we may need to collect and use personal data to enter into a contract with you or to perform a contract that you have entered into with us.
- Legal obligation: we may need to collect and use personal data to comply with legal obligations to which NSAC is subject.
The Measures We Have in Place to Protect and Safely Store the Information We Collect
Information security is a key element of data protection. NSAC takes appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage. However, no information system can be 100% secure. So, we cannot guarantee the absolute security of your information. We are not responsible for the security of information you transmit to us over networks that we do not control, including the Internet and wireless networks.
We use a number of suppliers and service providers in connection with the operation of our business and they may have access to the personal data we process. For example, an IT service provider may see your personal data when providing software support, or a company which we use for delivery of goods, processing of credit card payments or a marketing campaign may process your personal data for us. When contracting with suppliers and/or service providers, NSAC takes appropriate steps to ensure that there is adequate protection in place and that data protection principles are adhered to.
Retention of the Information We Collect
We retain the information we collect for no longer than is reasonably necessary to fulfil the purposes for which we collect the information and to comply with our legal obligations.
Following completion of the services provided by us, we will either retain the related papers or store these records digitally.
Where personal data is retained for the purposes of sharing promotional material, and you no longer want to be contacted by us, please email at any time saying “unsubscribe” to our Data Protection Leader.
Your Choices and Rights in Respect of the Information We Hold
Personal data must be processed in line with individuals’ rights, including the right to:
- request a copy of their personal data;
- request that their inaccurate personal data is corrected;
- request that their personal data is deleted and destroyed when causing damage or distress; and
- opt out of receiving communications (including electronic) from NSAC.
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal data, please contact our Data Protection Leader.
When making your request please provide:
- your full name and address.
- details of the information you want. Please be as specific as possible, and if it is not obvious, it would be helpful if you could explain why you expect us to hold your personal data.
We may also ask you to provide further information in certain circumstances including to clarify the terms of your request or to confirm your identity.
We want to make sure that your personal data is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
In the event that you access any other websites through links provided on our website, please note that we are not responsible for the privacy practices of such other websites and advise you to read the privacy statements of each website you visit which collects personal data.
How to Contact Us
If you have any queries concerning your personal data or any questions on our use of that information, please contact our data protection leader, Lorna Duguid.