Citizens Rights Project provides information, advice and support to EU/EEA/Swiss citizens and their families before and after Brexit to help them protect their rights.

Our registered office and office address is St Margaret’s House, Room G7, 151 London Road, Edinburgh, EH7 6AE)

Tel: 07518926137

Email: info@citizensrightsproject.org

Citizens’ Rights Project collects, stores and uses information about:  

• our own employees and prospective employees
• our own volunteers and prospective volunteer
• our outreach, information and briefing events delegates / attendees
• our partners and organisations we have collaborated with in the past and currently collaborate with.
• Individuals and organisations that provide support, services, represent and/or provide services to citizens who might benefit from our services.
• those who agreed to be added in our database to get updates about our activities and useful information.

As you would expect, we are fully committed to dealing with all personal data in a fair and transparent way and ensure that we have the appropriate security measures in place. This notice sets out what we do with your personal data, why we do it, who we pass it on to and what we do to keep it secure.

Telephoning our office When you call our office whether by mobile or landline we collect Calling Line Identification (CLI) information that retains your telephone number (unless you have a withheld your number).  We use this information to help improve our efficiency and in order that we may call you back in the event of a ‘missed call’. We will normally ask for your name and if there is a need for a follow up call or email, we will ask for your email address, and confirmation of your telephone number and where appropriate your address.

Contacting us by e-mail – When you email our office for the first time we will store your email address in order to respond to your questions or enquiry. Once the query is solved, we archive the email in our provider’s server. If you express a wish to be added into our databases we will store your details in our cloud system, Google Drive and Mailchimp. Sometimes, we might also archive your questions without your personal details to monitor and analyse the questions we get, so we can provide information’s and campaigns accordingly. We monitor any emails sent to us, including file attachments, for viruses, phishing and malicious software.

Visiting our social media sites We use the following social media platforms:

• Facebook
• Twitter
• Instagram
• Vimeo

If you message us via any of the above platforms the message is stored in their secure messaging system and can only be accessed by authorised individuals within our business. We will not pass this information to a third party. We are not responsible for any comments or reviews made by visitors to these social media platforms as we have no control over them.

Registering to one of our events – When you decide to sign up to one of our online/offline events you will be prompted to enter your email address, name, surname and organisation and role (if applicable). We also ask if you wish you be added to our database to received updates. If you say no, your details and reply will remain store in our video conference or ticketing provider. If you say yes, they will be store in the video conference or ticketing provider and also added to our database in our marketing services provider.

Visiting our office – We might use an internal enquiry form to collect personal information from you relating to the enquiry or the matter you are looking to have assistance with, i.e. training, consultancy, advice etc.

Visiting our website Our website uses Google Analytics to collect information and details of visitor behaviour patterns. This helps us understand how many people have visited our site and which pages are visited most often.  We do not collect or store personal information in this way and we cannot identify you as an individual through this third-party service. For more information on cookies, see our separate cookie notice.

• If you complete a “contact us” form on our website, you will be asked to complete your name, email address and telephone number.  This will be used to contact you to respond to your enquiry.
• Signing up to our updates and newsletter – We offer electronic updates about the activities of our project and relevant information, such as our newsletter, fundraising activities and others, to which you may voluntarily subscribe at any time. We are committed to keeping your e-mail address confidential and will not disclose your email address to any third parties except as allowed in the information use and processing section. We will maintain the information sent via e-mail in accordance with applicable laws and regulations.

In compliance with GDPR, all e-mails sent from us will clearly state who the e-mail is from and provide clear information on how to contact the sender. You may choose to stop receiving our newsletter by following the unsubscribe instructions included or by contacting us.

Automatic collection of information – If you engage with citizensrightsproject.org our servers automatically record information that your browser sends. This data may include information such as your device’s IP address, browser type and version, operating system type and version, language preferences or the webpage you were visiting before you came to citizensrightsproject.org, pages that you visit, the time spent on those pages, information you search for, access times and dates, and other statistics.

Personal information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding citizensrightsproject.org usage. This statistical information is not otherwise aggregated in such a way that would identify users of the system.

Collection of personal information

You can visit citizensrightsproject.org without telling us who you are or revealing any information that could identify you as a specific, identifiable individual. If, however, you wish to use citizensrightsproject.org features, you may be asked to provide certain personal information. We receive and store any information you knowingly provide to us when you publish content or fill any online forms. When required, this information may include the following:

• Personal details such as name, location of residence, etc.
• Contact information such as email address, telephone number, etc.
• Any other materials you willingly submit to us such as articles, images, feedback, etc.

You can choose not to provide us with your personal information; however, you may not be able to take advantage of the full-service offer that the website features.

In order to make citizensrightsproject.org and domains available to you, or to meet a legal obligation, we need to collect and use certain personal information. If you do not provide the information that we request, we may not be able to provide you with the requested products or services. Some of the information we collect is directly from you via citizensrightsproject.org; however, we may also collect personal information about you from other sources. Any of the information we collect from you may be used for the following purposes:

• Send administrative information
• Respond to inquiries and offer support
• Request user feedback
• Improve user experience
• Enforce terms and conditions and policies
• Protect from abuse and malicious users
• Respond to legal requests and prevent harm
• Run and operate citizensrightsproject.org and domains

Processing your personal information depends on how you interact with citizensrightsproject.org , where you are located  (e.g. outside Scotland) and if one of the following applies: (i) You have given your consent for one or more specific purposes. This, however, does not apply, whenever the processing of personal information is subject to General Data Protection Regulation (GDPR) and/or other applicable data protection law; (ii) Provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof; (iii) Processing is necessary for compliance with a legal obligation to which you are subject; (iv) Processing is related to a task that is carried out in the public interest or in the exercise of a vested official authority; (v) Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.

NB under some legislations we may be allowed to process information until you object to such processing (by opting out), without having to rely on consent or any other of the following legal bases below. In any case, we will be happy to clarify the specific legal basis that applies to the processing, and whether the provision of personal information is a statutory or contractual requirement, or a requirement necessary to enter contract.

Citizens Rights Project process this information to try reaching as many EU/EEA/Swiss citizens as possible either directly or through their employers, representatives and/or support services, to make sure they know about their rights in Scotland and the UK, and they can take the necessary steps to safeguard them.

We want to tell people about our services  and activities and believe that we have a legitimate interest to do so. We will use the contact details of individuals, representatives, case workers and organisations to send information about our services and events we hold from time to time. Again, this is because we have a legitimate interest in promoting our service, but we will always provide the individual receiving the message with the option to opt out of receiving our messages.

We process the information of individuals we provide one-to-one support, to comply with OISC regulation.

We will only share personal data as is necessary to provide our services, or where disclosure is required or permitted by law. Examples of organisations who may require us to disclose your personal data are Government Bodies and Law Enforcement Agencies .

Otherwise, data will only be shared with third parties that we trust and only where there are appropriate arrangements in place for sharing data, i.e. data sharing agreements and/or data processing agreements.

These parties are;

Our cloud storage provider, our email provider, our email marketing provider, our website and email support company, our bookkeeper, certification bodies (for the issue of providing support), our partners and organisations we collaborate with to put together information events or provide support.

We will retain and use your personal information for the period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements unless a longer retention period is required or permitted by law. We may use any aggregated data derived from or incorporating your personal information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, personal information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period. More specifically:

• We keep the details of individuals and organisations who has agreed to be included in our updates/newsletter database until they decide to opt out the service either by emailing us or using the opt out facility of our mailing marketing provider.
• We keep the details or individuals and organisations that are in our database because the information, resources and activities we send them are of public and vital interest to EU/EEA/Swiss citizens living in Scotland who they  might be representing, supporting and/or providing services to, until they decide to opt out the service either by emailing us or using the opt out facility of our mailing marketing provider.
• Our ticketing and video conference providers retain the details of those who sign up to our information events and we do not have control over this. However, we export the details and replies of those who has agreed to be added to our updates/newsletter database when signing up to our events using our ticketing and video conference provider and keep them safely in our cloud provider as a proof of that agreement. We delete their details when they opt out.
• We archive the queries we receive via email, which might contain personal details, for 6 years. We also retain for 6 years the records of the individuals we provide one-to-one support, to comply with OISC regulations.
• General Retention – We have other retention periods for information, but, generally, this is not personal data – it will relate to our company information and/or records etc.

Depending on your location, data transfers may involve transferring and storing your information in a country other than your own. You are entitled to learn about the legal basis of information transfers to a country within the European Union or to any international organisation governed by public international law or set up by two or more countries, and about the security measures taken by us to safeguard your information. If any such transfer takes place, you can find out more by checking the relevant sections of this document or inquire with us using the information provided in the contact section.

You may exercise certain rights regarding your information processed by us. In particular, you have the right to do the following: (i) you have the right to withdraw consent where you have previously given your consent to the processing of your information; (ii) you have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent; (iii) you have the right to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the information undergoing processing; (iv) you have the right to verify the accuracy of your information and ask for it to be updated or corrected; (v) you have the right, under certain circumstances, to restrict the processing of your information, in which case, we will not process your information for any purpose other than storing it; (vi) you have the right, under certain circumstances, to obtain the erasure of your personal information; (vii) you have the right to receive your information in a structured, commonly used and readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that your information is processed by automated means and that the processing is based on your consent.

Where personal information is processed for the public interest, in the exercise of a vested official authority or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground to justify the objection. We do not utilise your personal information for direct marketing purposes; however, you can object if you suspect your personal information has been compromised at any time.

Any requests to exercise user rights can be directed to citizensrightsproject.org through the contact details provided in this document. These requests are exercised free of charge and will be addressed by us as early as possible.

We do not knowingly collect any personal information from children under the age of 18 in accordance with the statutory guidance Children and Young People (Scotland) Act 2014. If you are under the age of 18, please do not submit any personal information via citizensrightsproject.org or our domains. We encourage parents and legal guardians to monitor children’s internet usage and to help enforce this policy by instructing their children never to provide personal through citizensrightsproject.org  or domains without their permission.

If you have reason to believe that a child under the age of 18 has provided personal information to us through citizensrightsproject.org  or our domains, please contact us. You must also be at least 16 years of age to consent to the processing of your personal information (we may allow your parent or guardian to do so on your behalf).

citizensrightsproject.org  uses “cookies” to help personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programmes or deliver viruses to your computer. Cookies are uniquely assigned and can only be read by a web server in the domain that issued the cookie to you.

We may use cookies to collect, store, and track information for statistical purposes to operate citizensrightsproject.org  and domains. You can accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. To learn more about cookies and how to manage them, please refer to our Cookie policy.

Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from users who visit a website or online service as they move across different websites over time. How browsers communicate the Do Not Track signal is not yet uniform. As a result, citizensrightsproject.org  is not yet set up to interpret or respond to Do Not Track signals communicated by your browser. Even so, as described in more detail throughout this policy, we limit our use and collection of your personal information.

citizensrightsproject.org  contains links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other websites or third parties. We encourage you to be aware when you leave citizensrightsproject.org and to read the privacy statements of each and every website that may collect personal information.

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards to protect against unauthorised access, use, modification, and disclosure of personal information in its control and custody; however, no data transmission over the internet or wireless network can be guaranteed as completely removed from risk. Therefore, while we strive to protect your personal information, you acknowledge that (i) there are security and privacy limitations beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and citizensrightsproject.org  cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.

In the event we become aware that the security of citizensrightsproject.org  has been compromised or personal information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and co-operation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on citizensrightsproject.org and notify you by email.

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a summons, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to an authority’s request.

We may update this policy from time-to-time at our discretion and will notify you of any changes to the way we treat personal information. When changes are made, we will revise the updated date at the bottom of this page. We may also provide notice through contact information you have provided. Any updated version of the policy will be effective immediately upon the posting of the revision unless otherwise specified. Your continued use of citizensrightsproject.org  and/or domains after the effective date of the revised policy (or such other act specified at that time) will constitute your consent to those changes. However, we will not, without your consent, use your personal data in a manner materially different than what was stated at the time your personal data was collected.

You acknowledge that you have read this policy and agree to all its terms and conditions. By using citizensrightsproject.org  or its domains you agree to be bound by this policy. If you do not agree to abide by the terms of this policy, you are not authorised to use or access citizensrightsproject.org  and our domains.

If you would like to contact us to understand more about this policy or wish to contact us concerning any matter relating to individual rights and your personal information, you may send an email to info@citizensrightsproject.org

This Private Policy was last updated on the 8th of July 2020