Scottish Oil Club Data Protection Policy
The Scottish Oil Club respects your right to privacy and data protection. To help you understand how we protect your privacy we provide this notice explaining the Scottish Oil Club's data protection practices and the choices you can make about the way your information is collected and used.
The Scottish Oil Club is also obligated to confirm to relevant standards and laws. Our software and and business processes comply with the EU General Data Protection Regulation (GDPR) which commences on May 25, 2018.
The purpose of this document is to publish a policy and describe practices and processes of the Scottish Oil Club for managing privacy of data.
If you have any questions or concerns, or suggestions for improvement to this policy and these practices, please contact the Executive Secretary of the Scottish Oil Club.
Your Rights as an Individual
The EU provides individuals certain rights, implemented and controlled by the GDPR, about their own information, including:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
The Scottish Oil Club is fully of aware of and respects these rights. Nothing in this Policy nor in the actions of the Scottish Oil Club are intended to usurp these rights.
Designated Data Controller
Per the requirements of the GDPR, our designated Data Controller for the Scottish Oil Club is the Executive Secretary. If you have questions about this policy or are concerned about the risk to your data privacy contact the Executive Secretary. How You Can Access or Correct Your Information
Contact the Executive Secretary via email to get Summary Report of information we hold about your membership—individual or corporate. You can then provide updates as required. To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.
Opt-In is Formal
There are three existing procedures for people to “opt-in” formally to Scottish Oil Club communications:
- When you join the Scottish Oil Club as a member, you sign a membership form where you agree under the terms of Data Protection Act, and now GDRP, to receive emails from the Scottish Oil Club.
- When you add your email address to the distribution list (using the dialogue box in the upper right corner of every web page), you also reply to the mailing list supplier (MailChimp) confirming your agreement to have your email on the distribution list.
- When you send emails to the Scottish Oil Club for business purposes, including booking requests, you are giving your tacit approval for the Scottish Oil Club to reply to that email as part of standard business processes, and for the Scottish Oil Club to use that information on booking lists with your name and company/affilitation exposed to other participants.
If you wish to renew or change any of these formal "op-in's", please inform the Scottish Oil Club Executive Secretary.
You can withdraw your consent for the Scottish Oil Club to hold and process data about you and/or your organisation. If you do that, then it will become impossible for the Scottish Oil Club to manage interactions with you and/or your organisation which effectively means you will be unable to participate in Scottish Oil Club events and, if a Member, will be required to resign your membership.
If you send us email asking a question or reqeuesting something after withdrawing consent, you are tacitly giving the Scottish Oil Club permission to send you email. We will not re-start your email on the distribution list just because you send us email.
If you wish to complain about the data management practices of the Scottish Oil Club, please contact the Scottish Oil Club Executive Secretary. Alternatively, you can also complain to the Information Commissioner’s Office.
How We Use Your Data
We use the personal and corporate information you provide when joining as a member or when booking to an SOC event to enable completing those instructions and managing the afWe do not release this information to Third Parties.
We use email header "reply-to" email addresses in your emails to reply to the email we receive as part of routine Scottish Oil Club business operations. We do not use these email addresses for any other purpose. Other than email addresses published in the Member Directory (with the member’s permission), these email addresses are not shared with third parties. When addressing emails, we minimise the use of “reply-all” to further reduce the proliferation of emails and email addresses to non-involved parties. We avoid using “BCC” emails and when used it is done only to inform someone else and help prevent our correspondents to unnecessarily “reply-all” to our emails.
We take sending the Scottish Oil Club email and asking a question or making a booking request as a "tacit" consent for us to reply in email.
We do not release emails to third-parties, except sometimes emails will be in a CC list on emails we send--if appropriate. Our practice is to never release email addresses to someone just because they ask for it. We will in inform the other person of the interest in getting in contact, leaving it to them to get in contact with the requestor.
We collect and store your phone number for your membership for publishing in the Member Directory for other members to phone you if they chose. You can ask us to keep your phone number private and not put into the Member Directory.
We also collect--most often from the email signatures you put in your email--individual's phone numbers. While we rarely phone anyone for any reason, we do collect these phone numbers to have them on-hand just in case there is a last-minute event cancellation and we need to contact the people who have booked to inform them of the unfortunate circumstances.
We do not release phone numbers to third parties.
Email Distribution List
The Scottish Oil Club uses MailChimp (www.mailchimp.com) as the vendor to provide mailing list services. Upon initial “joining” the mailing list, that person is sent an automatic email from MailChimp asking them to “opt-in”. Every mail sent via MailChimp has a “unsubscribe” link for the person to remove their email from the distribution list.
To sign up to the mailing list, see the sign-up dialogue box on the top right corner of every Scottish Oil Club web page. Therefore, that person has full control of their email address to “opt-in” and/or “opt-out” by unsubscribing. The Scottish Oil Club does not interfere with this process.
Bookings and Booking History
To manage bookings for Scottish Oil Club events, we collect for each attendee: Name, affiliation/company, email address, and information about the billing entity if that information is not already known to the Scottish Oil Club. We also keep track of the name and email address of the person making the booking.
Some booking information may be disseminated on a “need-to-know" basis to the venue, caterers, speakers, speaker’s contacts, the booker, etc. Control of data about you that we transfer to our suppliers for business purposes then falls under the supplier's jurisdiction and data protection policies.
Membership and Contact Information>
Name, Address, affiliation/company, email address are used used for billings in the Scottish Oil Club financial system. Access to the Scottish Oil Club financial system is limited only to those on the Scottish Oil Club management team, Board of Directors, and Accountant (external) who require that that access for business purposes. The financial system is based on an internet service provided by Xero (www.xero.com) who is fully responsibility for data security of their servers.
The above information is collected by a form filled in by the member. The form includes reference to data protection and asks for formal confirmation that the signee agrees that the Scottish Oil Club will use this data and that the member will accept communication from the Scottish Oil Club.
We publish, and release to only members, a Directory of Members which is given new members upon joining, and updated at intervals (or as requested) to current members. The Directory of Member is published in electronic form (PDF and HTML format) and sent to members via email. The Directory of Members is not published on the Scottish Oil Club web site.
The directory is labelled “For exclusive use by Members of The Scottish Oil Club” and is not released to non-members. It is accepted that a very few number of members probably do unethically give this document to non-members.
The directory includes corporate details and contact information (contact email, website, Twitter, etc.) We show for corporate members names of people belonging to that corporate member but not any contact info for those individuals. Corporate Members are listed on the Scottish Oil Club web site without contact information other than a link to the member’s web site.
For individual members, we show the name, email, and postal address for the member. Individual members are not listed on the Scottish Oil Club web site.
Members can “opt-out” of having their contact information displayed in the Member Directory. Corporate members can “opt-out” of showing corporate contact information. All members can “opt-out” from having their membership shown on the web site and/or Member Directory.
Booking with Eventbrite
The Scottish Oil Club will increasingly use the third-party service Eventbrite for taking bookings from members and guests, collecting money for paid events, and managing event information. The Scottish Oil Club has no influence on Eventbrite on how they manage their services. You can read more about how Eventbrite manages and protects data at Eventbrite and EU Data Protection. If you have concerns about your data at Eventbrite, then please do not use Eventbrite and book Scottish Oil Club events with alternative methods as described at How to Book and Pay.
Changing your Data
At membership renewal time, the Scottish Oil Club will send to the member contacts a summary of information held by the Scottish Oil Club. At that time, the member contact can submit changes to the Executive Secretary. All changes will be confirmed by reply email.
Members can request at any time a summary of information held by the Scottish Oil Club about them as individuals or corporate entities.
How We May Share Personal Information
In general, we don't. The Scottish Oil Club does not and will not sell or release personal information about our members and guests. We only disclose your data as described in this document for business purposes related to bookings, membership, and "business as usual".
While no data service is or can be completely secure, Scottish Oil Club takes precautionary and prudent measures to help prevent personal information from lost, theft, mis-use, unauthorised access, disclosure, alteration, and un-wanted destruction. To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect. Our computer files are on computers which are behind internet firewalls and thus are not easily accessible by unauthorised users via the internet. The Scottish Oil Club maintains minimal paper records holding personal data.
Information NOT collected or Managed by Scottish Oil Club
Credit card information, e.g. card details, is held only by the credit card processor (Stripe, www.stripe.com) and is not available to Scottish Oil Club. The Scottish Oil Club does not take credit card payments over the phone or via any other communication method. Therefore the Scottish Oil Club never hears nor must manage credit card details. The Scottish Oil Club is aware of and conforms with the Payment Card Industry Data Security Standard.
Bank account details for our vendors or for occasional refunds to members are by necessity (to enable payments) held only by the Scottish Oil Club’s banker (Bank of Scotland). That information is protected by the Bank's systems and procedures and the Scottish Oil Club has little influence on those systems and procedures.
Bank account details for payments to the Scottish Oil Club via BACs are not made visible to the Scottish Oil Club by the Bank.
When payments are made by bank cheque to the Scottish Oil Club, the entity’s bank details (sort code and account) are printed on that cheque and therefore will be seen by Scottish Oil Club staff.
The Scottish Oil Club will retain your data and transactinal information for as long as we deem it necessary, to comply with applicable laws related to document retention, resolve disputes and otherwise as necessary to allow the Scottish Oil Club to conduct business.
A "cookie" is standard and "ancient" internet technology and is a small data file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognise your browser. The length of time a cookie will stay on your computer or mobile device depends on whether it is a "persistent" or "session" cookie. The Scottish Oil Club use two persistent type of cookies. Persistent cookies stay on your computer or mobile device until they expire or are deleted. We use the following cookies on our website.
- The Scottish Oil Club web site uses analytical cookies as part of using Google Analytics to help us understand things like how long a visitor stays on our website, what pages they find most useful, and how they arrived at www.scottishoilclub.org.uk. To learn more about Google Analytics and your data, visit this Google webpage (https://support.google.com/analytics/answer/6004245).
- We also use a cookie for your computer to remember your preference for the change interval (in seconds) for images on the top of the home page.