Lothians Conservation Volunteers
The LCV Privacy Policy was heavily updated in 2018 to reflect the requirements of the European General Data Protection Regulations (GDPR). The effect of the policy is substantively the same, but GDPR requires us to provide you with additional information regarding how we process your data. You may read the old version of the policy here
The policy was last updated on 2023-09-19.
LCV will process your data in accordance with the law, both domestic and European. The usual Data Subject Rights therefore apply. For the purposes of the GDPR and domestic laws, the data controller is Lothians Conservation Volunteers and the supervisory authority is the Information Commissionner. If you have any comments or concerns you should contact our Data Protection Officer Greg Parker
In general, data provided to LCV will only be used to fulfil our legal obligations under charity and other laws, contractual obligations (e.g. to our insurance providers and clients) and to otherwise further the charitable objectives of LCV. In particular we do not provide information to other organisations for marketing purposes. So, no spam!
LCV deliberately holds no data whatsoever regarding any protected characteristics of its membership, trustees or clients. Accordingly if volunteers provide details of medical conditions etc to a task leader, that leader will not pass them on.
We used guidance from the Information Commissioner's Office when preparing this Privacy Policy.
We collect the following data regarding use of the LCV website:
Further information about how Mythic Beasts and Google process your data on behalf of LCV may be found in the Third Party Processors section
You can book on LCV tasks in 2 ways:
In both cases, any data relevant to your membership with LCV will be processed as described in the next section.
Further information about how EventBrite processes your data on behalf of LCV may be found in the Third Party Processors section.
You become an LCV member by coming out on task with us, and filling in the New Volunteer Form. We use this form to collect:
We primarily collect this information to fulfil our obligations under charity law (SCIO regulations 2011, via OSCR, "Duty to keep registers", 2011) to maintain a list of members and communicate with them regarding important charity business, such as the Annual General Meeting. Your data will be retained for this purpose as long as you remain a member of LCV and deleted shortly thereafter. Your membership needs to be renewed annually, so if you do nothing, the majority of your data will be removed 1 year after you last came out on task with us. Furthermore, you may withdraw from membership at any time by contacting our Membership Secretary
When you cease to be a member, we will retain your name and the date you ceased to be a member of LCV for a further 6 years. This is a requirement of the SCIO legal structure under which LCV operates
We also collect this information to fulfil our contractual obligations to our insurers, who require we keep a list of individuals who are out on task with us. We are also obliged to keep records to satisfy our clients that the charges we make accurately reflect the volunteers who were on task.
Finally, if you provide consent on the form, we will send you occasional emails (never more than 1 or 2 per month) about upcoming LCV tasks and other activities.
Those volunteers who require repayment for expenses incurred on LCV business (e.g. minibus fuel) may also need to provide their bank details (or accept a cheque). In this case we will necessarily provide their details to our bankers (Bank of Scotland) to process the payment
We will collect the following information from LCV clients to enable us to perform work for you effectively, send invoices and to communicate with you when arranging a new task programme.
The data will be accessible only to task leaders and members of the LCV committee, will not be passed on further and will be retained for no longer than 10 years after the last task we did for you. This is because not all clients may need work doing on a frequent basis.
The data will be held by the Treasurer (for invoicing), the Task organiser (for purposes of arranging new tasks) and on the LCV G-Suite Drive (to make it available to task leaders).
We also have some practical information about becoming a client of LCV
LCV trustees, while also volunteers, are deeply involved in the running of the organisation. For legal reasons We must therefore hold your name, address and details of the office you hold while you are a trustee. In addition, your name and details of the office(s) held will be retained for a further 7 years after ceasing to be a trustee. In accordance with the law, we must provide the register of names and offices of trustees to those who request it. We omit address information, as we are allowed to do.
Any additional information we may hold (personal email addresses, phone numbers) is by consent of the trustees and is used to make running the organisation practical.
LCV uses third party organisations to process data on our behalf. The organisations we use are listed below, together with the safeguards employed to protect your data and the contract terms these organisations use.
| Processor | Safeguards | Relevant contract terms |
|---|---|---|
| Google provides email, file storage and related services to LCV committee members via their Google Workspace products. All LCV data is accessible only to committee members with a valid username and password or in specific cases where a link is made available (e.g. to provide client details to task leaders). | https://www.google.com/cloud/security/gdpr/ | |
| Mythic Beasts | We provide trustee data to Mythic Beasts in the form of the website. IP addresses are processed and logged by Mythic Beasts when people access the website and are held in accordance with Mythic Beast's privacy policy | https://www.mythic-beasts.com/terms/privacy |
| EventBrite | EventBrite is used to provide our online booking processes. Data is retained on the EventBrite platform only as long as required to manage the bookings for a particular task and to incorporate any relevant data into our usual member records. Only a subset of LCV trustees have access to EventBrite to manage the bookings process. The data on the EventBrite platform is governed by EventBrite's privacy policy and terms. | https://www.eventbrite.com/l/legalterms/ and https://www.eventbrite.co.uk/help/en-gb/articles/460838/eventbrite-privacy-policy/ |
| Facebook/Instagram | All LCV data on facebook and Instagram is made public. Interaction with volunteers/clients on Facebook is consented when the user "friends" or "follows" LCV using the platform. Consent may be withdrawn at any time by "unfriending". Data stored by Facebook is in accordance with its privacy policy. | https://en-gb.facebook.com/business/gdpr |
| Bank Of Scotland | We provide personal details to our bankers solely for the purposes of processing payments from LCV to suppliers and volunteers. This data is held in accordance with the Bank's privacy policy. | https://www.bankofscotland.co.uk/securityandprivacy/privacy/ |
LCV maintains a 
Data Asset Register detailing the types of personal
data we process, the reasons for doing so, the legal basis for such
processing and any third parties involved. The document is provided
here for convenience but please do contact our Data Protection Officer if you have
any concerns