SRA Privacy Notice

The Scottish Records Association (SRA) are committed to protecting and respecting your privacy.

This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.

Any questions regarding this Policy and our privacy practices should be sent by email to [email protected] or by writing to Scottish Records Association, c/o National Records of Scotland, HM General Register House, 2 Princes Street, Edinburgh, EH1 3YY.

Who are we?

The SRA was founded in 1977 and is concerned with the preservation and use of historical records in Scotland. It provides a forum for users, owners and custodians of records to discuss matters relating to the records, their custody and conservation and research.

How do we collect information from you?

We obtain information about you when you visit our website or use our services, when you become an SRA member and subscribe to our publications (newsletter and our annual journal), when you submit an item for inclusion in one of our publications or when you book to attend one of our conferences or events.

When you visit www.scottishrecordsassociation.org we use Google Analytics to collect standard internet log information and details of visitor behaviour. This gives us information on, for example, the number of visitors to our website and which parts of the website are visited. The information collected is only processed in a way which does not identify anyone.

We use an online membership form via a third party service called WordPress.com. WordPress.com is run by Automattic Inc. For additional information about how WordPress processes data, please see Automattic's privacy notice. If you prefer not to use this online form you can print and complete a membership form and post this to us instead.

What type of information is collected from you?

The personal information we collect will include your name, address, email address, and information regarding the dates and amounts of any payments made to the SRA.

How is your information used?

We may use your information to:

• process a donation or payment that you have made;
• deal with enquiries you may make to us;
• deal with entries into a competition;
• seek your views or comments on the services we provide;
• notify you of changes to our services;
• send you our newsletter Retour, journal Scottish Archives, or membership updates;
• send you other communications which you have requested and that may be of interest;
• send you information regarding our annual conference and any visits that we are arranging;
• communicate regarding articles you may submit for publication by us.

We are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

We process personal data on the basis of the Legitimate Interest clause (see https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/ for details). As part of this, the SRA has undertaken a Legitimate Interest Assessment (LIA), which will be updated annually. Further information about the LIA can be obtained from the Membership Secretary ( [email protected] ).

Any email or letter sent to us will be kept for as long as it is needed for the business of the association. Once the SRA has no need for the communication anymore, it will be deleted within 5 years of its receipt.

If you become an SRA member, we will keep the information you have supplied via the membership application form in a database which is only accessible to our current membership secretary and our current treasurer. We will only keep your personal information for as long as it is needed (i.e. for as long as you are a member of the SRA).

Should you decide to leave the SRA, your personal data will be deleted from our membership database at end of the membership year in which you left. We retain a separate list of the names of former members, with no other personal information. This list is accessible only by the current membership secretary and the current treasurer. We ask members who leave the association if they are happy for their name to remain on this list. If you wish your name removed from this list then we will do this on request.

Who has access to your information?

We will not sell or rent your information to third parties.

The only third party with any access to your personal information will be the publishers of our journal (if you subscribe to the journal) who receive details of the names and addresses of subscribers annually to enable them to post the journals to our members.

How you can access and update your information

The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: [email protected] or write to us at Scottish Records Association, c/o National Records of Scotland, HM General Register House, 2 Princes Street, Edinburgh, EH1 3YY.

You have the right to ask for a copy of the information that the SRA holds about you (we may charge £10 for information requests to cover our costs in providing you with details of the information we hold about you).

Security precautions in place to protect the loss, misuse or alteration of your information

When you give us personal information, we take steps to ensure that it’s treated securely. We do not hold any sensitive personal data about any of our members or about anyone who contacts us or uses our services.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

Use of 'cookies'

The only use of cookies on the SRA website is via the Google analytics widget. Details about this can be found at: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

16 or Under?

We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian's permission beforehand whenever you provide us with any personal information.

Transferring your information outside of Europe

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

Review of this Policy

We keep this Policy under regular review. This Policy was last updated in May 2018.