Central Scotland Regional Equality Council, (“CSREC”, “we”, ”our”, “us”) respects your privacy (“you”) and we recognise the need for appropriate protections and management of your Personal Data (defined below).
When we, and our service providers, collect and use your Personal Data, CSREC or the relevant partner you otherwise engage with is the Data Controller for the purposes of Data Protection Legislation (defined below).
We have prepared this Privacy Notice to assist you in understanding what Personal Data we collect about you and how that information is used by us and by third parties as part of the relationship we have with you.
It is important that you read and retain this Privacy Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing Personal Data about you, so that you are aware of how and why we are using such information and what your rights are under the Data Protection Legislation. This Privacy Notice supplements the other notices available on our websites and other platforms and is not intended to override them.
Please see section 5 for an explanation of the capitalised terms used in this Privacy Notice.
Our platform is not intended for children and we do not knowingly collect data relating to children without permission from parents or guardians.
If you have any questions regarding this Privacy Notice you can contact us as follows:
Post: Central Scotland Regional Equality Council, 146 Drip Road, Raploch, Stirling FK8 1RW
Email: admin@csrec.org.uk
Telephone: 01324 610950
We may update this Privacy Notice at any time by amending this page. You are expected to visit this page from time to time to note any changes we make, as they affect you. This Privacy Notice was last updated on 25/06/2025
When we refer to Data Protection Legislation we mean the UK GDPR and the Data Protection Act 2018.
Personal Data or Personal Information is any information identifying you as a specific individual. It can identify you directly from that information alone or indirectly in combination with other information we hold or can reasonably access. As well as identifying you as a specific individual, to be Personal Data, the data must also relate to you. Truly anonymous information is not Personal Data.
Processing is almost anything that can be done with Personal Data, including collecting, recording, storing, using, analysing, combining, disclosing or deleting it.
Special Category Personal Data means information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.
Criminal Convictions Data means Personal Data relating to the alleged commission of offences by you; or proceedings for an offence committed or alleged to have been committed by you or the disposal of such proceedings, including sentencing.
A Data Controller is someone who decides why Personal Data is to be collected and how it will be used and treated.
ICO means the UK Information Commission’s Office, the UK supervisory authority for data protection issues.
UK Addendum isthe Information Commissioner’s standard data protection clauses to the EU Commission Standard Contractual Clauses for the transfer of Personal Data from the UK to controllers established in third countries (processor-to-controller transfer) issued under section 199A(1) of the Data Protection Act 2018
Standard Contractual Clauses is the European Commission's Standard Contractual Clauses for the transfer of Personal Data from the European Union to controllers established in third countries (processor-to-controller transfers), as set out in the Annex to Commission Decision 2010/87/EU as adapted for the UK.
UK GDPR is as defined in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.
To Process your Personal Data we need to be able to rely on one of the following Legal Basis:
To process your Special Category Personal Data and / or Criminal Convictions Data, as well as having a Legal Basis, we need to be able to apply an Additional Condition (which is almost like a second type of Legal Basis):
We may collect, use, store and transfer different types of Personal Data about you during your relationship with us. We have grouped together these types of Personal Data as follows:
Direct interactions. You may give us your Personal Data directly by letter, email, telephone, filling in our forms (such as completing the ‘Contact Us’ section on our platform or speaking with us in person for example throughout a case appointment).
Indirect interactions. We may also receive Personal Data about you indirectly. For example:
Generally, we will use your Personal Data for the purposes of managing our relationship with you. We have set out in the table below further detail of all the ways we plan to use your Personal Data, and which of the Legal Basis and, if applicable, Additional Condition we rely on to do so. We have also identified what our Legitimate Interests are where appropriate.
PROCESSING PURPOSES | TYPE OF DATA | LEGAL BASIS |
Services - To execute a contract we enter into or propose to enter into with you. - To deliver our service to you. - To process or respond to your enquiry. - To comply with any contractual, legal or regulatory obligations. | Personal Data Special category personal data Contact Data Financial Data Other Data | Contract Legal Obligation Consent |
Marketing and Communication To provide you with information relating to products or services delivered by us. To monitor the use of our platform to better understand its use and inform our services. To respond to any submissions via our contact form (csrec.org.uk) To promote our business, product and/or service through advertising, marketing and promotional activities. | Personal Data Contact Data Marketing Data Technical Data Other data | Our lawful basis differs depending on whether you are an individual consumer contact or a business contact If you are an individual consumer contact: For e-mail and texts we will ask for your prior consent to send this form of marketing materials, unless we are relying on the “soft opt-in” exemption. This exemption applies when you already receive services/goods from us and we send you information on similar goods/ services. This is because it is necessary for our legitimate interests (to develop our products/ services and grow our service offering). For telephone and postal marketing it is necessary for our legitimate interests (to develop our products/services and grow our business). If you are a business contact, for all methods of contact it is necessary for our legitimate interests (to develop our products/services and grow our business) We are carrying out the necessary steps in relation to a contract to provide our services. |
Goods and Services (supplied by you) - To respond to your enquiry - To comply with any contractual, legal or regulatory obligations. | Identity Data Contact Data Financial Data Other Data IT and Digital Data | Contract Legal Obligation Consent Legitimate Interests |
Recruitment - To respond to your enquiry about career and volunteering opportunities. - To hold your name on our system for any future opportunities and communications specific to recruitment. - To review and process any application or information you may submit for one of our opportunities. | Identity Data Contact Data Other Data Recruitment Data | Contract Consent |
Cookies To collect internet traffic data and data regarding your browser type and computer. To look at how our platform is used. To monitor use of our platform so that we may better understand its use and inform our services. | See cookie policy for further information. | We do not usually collect Personal Data via our cookies. We are carrying out processing on the basis of your consent which you to provide to us to process your data, unless the cookies are strictly necessary. |
Marketing
You can ask us to stop sending you marketing messages at any time by following any opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to us for other purposes.
Business records
Your Personal Data may be included in business records e.g. voicemails, e-mails, correspondence, documents, and other work product and communications created, stored or transmitted using our networks, applications, devices, computers or communications equipment. We have this information as it is necessary for our business and therefore in our Legitimate Interests (and where we have a Contract in place with you, it is necessary for your Contract).
We require to use any or all types of your Personal Data for litigation purpose depending on the specific nature of the litigation. We rely on the Legal Basis of our Legitimate Interests for this purpose, and as necessary for the establishment, exercise or defence of Legal Claims.
Change of Purpose
We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the Legal Basis which allows us to do so.
Please note that we may process your Personal Information without your knowledge or Consent, in compliance with the above rules, where this is required or permitted by law or regulation.
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
We will in many circumstances retain the Personal Data that we collect. Where we do, the length of time we shall retain it for shall be determined by a number of factors, including the type of data, the purpose for which we use that data including our legal and regulatory obligations which we must comply with when we collect and process Personal Data. We will also take into account the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of Personal Data.
We will not retain personal data for longer than is necessary.
In some circumstances you can ask us to delete your data: please see section 13 below. We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
11. Sharing of Personal Data
We share your Personal Data with others in certain circumstances as detailed below.
The data that we collect from you will usually be stored inside the UK. However, we may transfer data outside the UK.
Name or category of Service Provider | Role of Services Provider | Location of Service Provider |
Website Developer / Host | Developer and hosting partner for CSREC website. | UK |
Mailchimp | Email software supplier | USA |
Microsoft | Office administration software | USA |
Salesforce | Case management software | USA |
Provision of services that enable functionality and recording of site usage. | USA |
Automated decision-making takes place when an electronic system uses Personal Data to make a decision without human intervention. We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
You have certain rights under the Data Protection Legislation which apply in certain circumstances:
You can exercise you rights by contacting us using the details outlined above.
You will not usually have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We may not always be able to comply with your request to exercise your rights for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Further details about your rights can be found on the ICO’s website at https://ico.org.uk/.
In common with many other website operators, we use standard technology called “cookies” on our platform. Please see our cookie notice explaining the cookies we use on our platform.
This platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. This Privacy Notice only relates to csrec.org.uk. If you link to a third-party website from our platform, you should read the terms and conditions and privacy notice on those third-party websites before continuing. We are not responsible for any use of your information that is made by other websites and/or organisations.
16. Complaints
You have the right to make a complaint at any time to the ICO (www.ico.org.uk).
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.