Panopticon Trust Privacy Notice

Statement of intent
This Privacy Notice explains the types of personal data that is collected by the Panopticon Building Preservation Trust known as the Panopticon Trust, how we record and update it, how we use it and share it, how we store it and how we protect it, whether online, via phone, email, in letters or in any other correspondence or from third parties.
The Panopticon Trust is committed to ensuring your privacy and confidentiality is protected. This policy sets out how we treat your personal data and your rights when it comes to your personal data. This notice should address any concerns and answer any questions that you may have about your personal data and what happens with it, but if not, please do not hesitate to get in touch with us.
The Panopticon Trust may update this Privacy Notice from time to time. You should check this Privacy Notice to ensure you are content with its changes. This Privacy Notice is effective from 12 October 2019.
If you have any queries about this Privacy Notice, please contact us at Panopticon Trust, Unit 234 The Briggait, 141 Bridgegate, Glasgow G1 5HZ or email info@panopticontrust.org or talk to us on 0141 378 5242.

Who we are
The Panopticon Trust is a Scottish Charitable Incorporated Organisation (Registered Charity SCIO No. SC048924). Our objective is to purchase, own, and restore the Britannia Panopticon Music Hall for the benefit of the people of Glasgow, Scotland and beyond.

What personal data does the Panopticon Trust process?
Reference to personal data may include any information which directly or indirectly identifies you as a living individual on its own or with other data. This may include your name, contact information including main address, telephone number and email address, demographic information such as postcode, preferences, interests and date of birth; and other information relevant to activities (see below). Bank account details will be collected to process donations and payments, and a Gift Aid declaration which records whether or not you are a taxpayer, will help us claim Gift Aid. The personal data you supply to us will be complied and processed in accordance with this Privacy Notice and will be held in electronic format, encrypted and/or manual format.
We collect, store and use personal data of our: volunteers; employees; advisers; trustees; stakeholders and their employees; suppliers and their employees; contractors and their employees; individual and corporate donors; event attendees; mailing list subscribers; sponsors; and funders.
If you use your credit or debit card to donate to us, by post or over the phone, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. You can find our more information about PCI DSS here – https://www.pcisecuritystandards.org/security_standards/index.php.
We do not store your credit or debit card details at all following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed. Only members of the Panopticon Trust authorised and trained to process payments will be able to see your card details. If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this. All purchases or donations can be completed securely through the TotalGiving donation page on our website.


Why does the Panopticon Trust process this personal data?
We use this information to understand your needs and for internal record keeping, to improve our work and services, to contact you about the work we are doing which we think you may find interesting, work you may be doing for us, and activities we are undertaking including fundraising, events, and education.
We have a legitimate interest as a SCIO to collect and use the above information in order to keep doing business. This includes being able to:
* use your information to conduct research in order to better understand who our supporters are and identify funders whose objects and policies match our objectives and better target our fundraising activities. We may contact you by email, phone, or mail and may use this to customise our website, mailings and other media according to your interests;
* send out information and direct marketing material about updates, activities or marketing specific to delivery of our objectives that we think you might be interested in;
* monitor who we deal with to protect our SCIO against fraud, money laundering and other risks; and,
* maintain and administer our donor database and systems.
If you do not wish to receive information from us, then you can choose the unsubscribe link which is contained either in the footer of every email that we send to you, or you can let us know using the contact details above.
If you are aged 16 or under, you must get your parent/guardian’s permission before you provide us with any personal information.

Who does the Panopticon Trust share your personal data with?
We will only share your personal data as and when it is necessary to provide you with information or when working with you. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. For example, we are required to provide certain information to specific bodies such as HMRC in relation to Gift Aid, or to trusted distributors and couriers when we are sending you materials. We will only ever share information with third parties where we have the appropriate contractual arrangements in place to safeguard your personal data.

How long does the Panopticon Trust keep your data?
We will only hold on to your data for as long as it is necessary or for as long as we are required to do so, after which we have policies and procedures in please to ensure that it is securely destroyed.

How does the Panopticon Trust secure your data?
We know how much your personal data means to you and we will treat your personal data with the utmost care and respect at all times. We have taken all possible steps to maintain effective security for all of our physical, electronic and managerial systems to ensure that your personal data remains as safe as it can be.
We monitor our systems for possible vulnerabilities and attacks and take appropriate steps to further strengthen security when necessary. Any physical data that we have is kept in a secure locked location and is only accessed by those who have a legitimate reason for accessing it.

Your rights
You have a number of rights in relation to your personal data and can make a request to the Panopticon Trust at any time in order to exercise these rights. We will not charge you for this, unless we feel that your requests are excessive in which case we may charge what we feel is reasonable to do so. Your rights are listed in brief below:
* the right to access information about the personal data the Panopticon Trust is processing and to obtain a copy of it;
* the right to require the Panopticon Trust to change incorrect or incomplete data; the right to require the Panopticon Trust to erase or stop processing your data; and,
* the right to object to the processing of your data where the Panopticon Trust is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of your rights, or if you have any concerns about how the Panopticon Trust is processing your personal data, then please contact us on the contact details above.
If you still believe that the Panopticon Trust has not complied with your rights, you can complain to the Information Commissioner. Contact details are available at https://www.ico.org.uk/