Donate
Donate
Donate

Privacy policy

This notice applies to all websites and applications developed and delivered by ALC.

ALC is a registered charity (SC046505) incorporated in Scotland under company number CS002383 and has a registered office at Dill Road, Aberdeen, AB24 2XL. All significant decisions about data processing and policy implementation will be made using UK GDPR (General Data Protection Regulation). This notice is set out to help you understand the types of data that we collect from you, and/or your business, and how that data is used and managed.

Commitment

ALC is committed to protecting the privacy and security of your personal data. We continually monitor compliance through implementing policies and procedures to safeguard data and by setting regular reviews to manage these policies and procedures.

Data Controller

In accordance with ICO (Information Commissioner's Office) requirements of Data Controllers (the main decision maker when it comes to how people’s personal information is managed), ALC is registered with the Information Commissioners Office (ZB710396). When you are using the ALC website, ALC is the Data Controller.

About us 

Set up by local businesspeople to promote the social, moral and physical wellbeing of young men, the club offers a range of child and youth services for children and young people in Tillydrone and beyond. We provide safe, fun and educational spaces where children and young people feel supported, inspired and encouraged to realise their full potential, while also giving them every opportunity to create a better future for themselves and their communities.

Information we collect

Personal data is information about you and from which you can be identified. We will collect and process personal data about you depending on our relationship with you. Most of the personal information we process is provided to us directly by you. Data collection can be through a variety of channels, including by telephone, email, via our website or on site and via third parties.

We will collect some or all the categories listed.

  • Personal
  • Professional
  • Sensitive
  • Special Category
  • Criminal Offence

Who are our stakeholders?

Children, parents and guardians, care givers, volunteers, customers, media outlets, associates, delegates, supporting organisations, suppliers, statutory and regulatory bodies.

How we use your information and our lawful basis

ALC will only process personal data where we have a lawful basis for doing so. The legal grounds for processing data will depend on the purpose of the data collected and its processing requirements. Under UK GDPR, there are six available lawful basis, namely: Consent, Contract, Legal Obligation, Vital Interests, Public Task, and Legitimate Interests.

We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you. The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service. Of course, if you wish to change how we use your data, you will find details in the ‘Your data protection rights’ section below.

We collect, process and store personal data for the following purposes:

  • To carry out our obligations arising from any contracts entered into by customers and us.
  • Seek views or comments on the services we provide.
  • To send you survey and feedback requests to help improve our services.
  • Notify you of changes to our services we currently provide to you.
  • To respond, provide support, make assessments and recommendations around products and services we provide.
  • To process donations, we may receive from you.
  • To fundraise in accordance with our internal policies and procedures.
  • For internal record keeping relating to any donations, feedback, or complaints.
  • To contact you where you have been identified as a contact person for an organisation, such as a school (if we obtain your contact details in this way, we will only use them to contact you in your capacity as a representative of that organisation unless you have separately indicated that you are happy to be contacted as an individual supporter).
  • For administrative purposes (for example, we may contact you regarding an event for which you have registered, to provide information requested from us or with a query regarding a donation you may have made to us).
  • To process hiring of our building premises.
  • To send you relevant, personalised email communications about services and products.
  • Use data analytics to improve our website, products/services, marketing, customer, member & volunteer relationships, and experiences.
  • Profiling - we may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
  • Job applications form part of our recruitment process to validate and evaluate and review potential and existing staff.
  • Customise our websites according to your interests and ensure that content is presented in the most effective manner for your computer, tablet, or mobile device.
  • To carry out Identity verification checks in order to comply with contractual and legal obligations.
  • We may also use your personal information to detect crimes such as fraud.
  • Address any claims made against us; for example, we may share details of our accident logs with our insurers in connection with any claim made or likely to be made against us in connection with legal proceedings (i.e., the establishment, exercise, or defence of legal claims)
  • Comply with any legal or regulatory obligation.
  • To protect our rights, and the safety of our clients, contractors, and other third parties
  • When you visit our offices, we will collect information required to identity you and the organisation you represent. We will also collect the dates and times of attendance.
  • We operate CCTV systems on and around our premises to prevent, detect crime and to support any accident, insurance, legal claims. We will also review footage where required as part of safety management to support & promote better health and safety.  

How we protect your personal data

We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. We secure access to all transactional areas of our website using ‘https’ technology. Access to your personal data (such as email and phone number) is password-protected, and sensitive data (payment information) is secured and encrypted to ensure it is protected. All significant decisions about data processing and policy implementation will be made using UK GDPR. we take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this notice.

Website

ALC collects personal data from web forms submitted by individuals requesting information in the form of general enquiries or to register for the events and services provided by ALC. This comprises the name, phone number, email address, mailing address, company name, subject and message of the person making the enquiry.


Social media

ALC can be found on social media platforms such as Facebook, LinkedIn and Instagram. Social media is an important part of our awareness effort, so you may be presented with retargeting ads and emails in future following a visit to our website. We may target ads at audiences that we believe match the profile of our target audience and would therefore be interested in our services. We will also regularly tag or mention you where we are carrying out business promotion on your behalf or to raise your professional profile.  

These platforms are run by commercial companies and ALC is not the Data Controller or Data Processor of your social media profile. You should contact these social media platforms directly if you have concerns over how your personal data is being used and stored by them.

Events

We regularly run events and activities through youth clubs and community events that require to collect information to support safe participation of activities.

Third parties

Our website and information we share around events and involving stakeholders may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website. In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.


Payment data

We collect payments directly from customers who sign up for services We also collect payments from organisations who have commissioned us to carry out services. Information collected for these purposes will be personal and financial data such as name, billing address, e-mail address, bank/debit/credit card or account information and transaction references.

Some of our commissioned services may involve collecting third party donations through fundraising portals such as Just Giving. Personal and financial information will be collected. This includes but is not limited to your name, billing address, email address, credit/debit card information, or other payment details. This information is securely processed by the funding portal, and we do not store or have access to your full payment details.

The processing of payment information is governed by the funding portals own Privacy Policy, which you can review on their website It is important to familiarise yourself with their privacy practices to understand how they will handle your data.


Website visitor behaviour analytic software

We use software to collect analytic information on how website visitors engage with our website pages and content. We do this to understand how our website visitors use a website in order to provide an efficient user experience along with relevant information. This information is only processed in a way which does not identify individuals.

Google Analytics

We use Google Analytics to collect standard internet log information on visitor behaviour patterns. We do this to understand how our website visitors use a website in order to provide an efficient user experience along with relevant information. This information is only processed in a way which does not identify individuals. For more information about Google Analytics terms and conditions, visit https://www.google.com/analytics/terms/.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

We may also collect personal data from the website using Google Analytics to anonymously track how users interact with our site. This involves installing Google Analytics code on our website in the form of a ‘cookie.’ Cookies contain an ID number which is assigned to a user and provides us with the following information:

  • Your IP address (An IP address does not provide identifiable personal information)
  • Your visits to our website
  • The time of your visits and the length of time you spent on our website.
  • The pages that you visited.
  • Your location (although this might be influenced by the location of your server)
  • The browser you are using
  • Type of operating system
  • The device you are using (e.g., desktop, tablet or mobile)
  • Referral source (how you arrived on our site, e.g. search engine, direct URL, social media, or third-party website).


The principles

Whether we are acting as a data controller or processor we continue to apply the UK GDPR principles to all personal & Sensitive data that we hold, or process and these principles lie at the heart of our approach to processing personal data.

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals.
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes.
  3. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay.
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the UK GDPR in order to safeguard the rights and freedoms of individuals.
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

Sharing information

We use third parties who provide elements of our services for us. We have contracts in place with these 3rd parties who are data processors (the people who process personal information on our behalf). This means they cannot do anything with your personal information unless we have instructed them to do it. We will apply the following considerations at all times: -

  • They will not share your personal information with any organisation apart from us.
  • They will hold it securely and retain it for the period we instruct them to.
  • We provide only the information they need to perform their specific services.
  • They may only use your data for the exact purposes we specify in our contract with them.
  • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
  • We will not sell or rent your information to third parties.
  • We will not share your information with any third parties for the purposes of direct marketing.
  • We will not transfer any personal data out with the UK or European Economic Area or to any third party without your knowledge.

We may be required to transfer your information to a third party as part of a division/merger/sale of some or all of our business assets as part of any restructuring or reorganisation of the business.

We may also be required to disclose or share your personal data to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our trustees, members, volunteers, supporters, contractors, and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

Examples of the kind of third parties we work with are:

  • IT companies who support our website and other business systems
  • Third-party suppliers
  • Third-party credit checks
  • Photographers or independent consultants

We may share names, email addresses, pictures, job roles and organisational information as part of business-to-business networking events and with organisations & contractors commissioned to assist and co-ordinate these events.

Pre and post event/webinar management may include grouped online communications such as meeting invites in meeting chats and document sharing. Others attending may see your name and email address and may see conversation responses and questions you may ask.

Where we have been commissioned by an organisation to host a webinar or event, your registration & attendance information & any feedback you provide will be shared with this organisation.

We work closely with organisations to ensure that your privacy is respected and protected at all times.

We will not transfer any personal data out with the UK or European Economic Area or to any third party without your knowledge.

Children

We do not offer services directly to children through online platforms or applications. However We do manage projects tailored for families and children, such as nursery and youth club, afterschool clubs and we often run bespoke activities and events for children. This will often involving the collection of sensitive data indirectly from parents or guardians.  

Protecting your personal information

We will continue to look for new ways to protect data. We have effective processes and procedures in place to be able to detect, investigate, risk assess and record incidents and breaches. However, in the event of a data breach we will notify the ICO (Information Commissioners Office) within 72 hours of becoming aware of the breach as well as take steps to inform any individuals affected. Where we do not yet have all the relevant details we will notify the ICO, if required, when we expect to have the results of the investigation. We use the ICO guidance framework on managing a security breach to guide us.

International

All significant decisions about data processing and policy implementation will be made using UK GDPR.  As part of the services offered to you the information which you provide to us will not be transferred to countries outside the UK. Our servers are Located inside the UK. If we have a requirement to transfer your information outside of the UK in any way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

If you use our services while you are outside the UK, your information may be transferred outside the UK in order to provide you with those services.

Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.  

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Communications & direct marketing

The Privacy and Electronic Communication Regulations (PECR) sits alongside the Data Protection Act and the UK GDPR and gives individuals specific rights around electronic communication. This means if we send electronic marketing or use cookies or similar technologies, we must comply with both PECR and UK GDPR

Although PECR covers a number of areas which provide public electronic communication network or services, PECR applies to ALC for

  • Direct marketing by phone, email, text, or fax
  • Website cookies

Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request unless an exemption applies. There are various ways you can stop direct marketing communications from us.

  • Click the “unsubscribe” link in any direct marketing email communication that we send you. We will then stop any further direct marketing emails.
  • You can also email, call, or write to us to ask us to add you to our suppression list.

Exemptions

If you unsubscribe from our marketing mailing lists, you will still receive service and support communications from us where you are an existing customer, supplier or have a relationship with us that requires us to process your information as part of a contract or where the law requires us to do so.

Website cookies

Cookies are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better more personalised service. It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website.

Contact Us

Dill Road, Aberdeen
 AB24 2XL,
Tel: 01224 492672, 
Email: hello@alcaberdeen.org 

Regulatory information

Further information around your rights can be found at https://ico.org.uk/your-data-matters

The ICO’s address:           
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

form background image

Get in touch

I am interested in