The privacy policy describes how Citizens’ Rights Project collects, protects and uses the personally identifiable information (personal information) you may provide whilst using the citizensrightsproject.org website and content, any social media (domains) and any of our collective products or services.
The privacy policy also describes choices available to you regarding our use of your personal information and how you can access and update your information. This policy does not apply to the practices of external organisations or partners that we do not own or control, or to individuals that we do not employ or manage.
We hope the following sections will answer any questions you have but if not, please get in touch with us. It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check whenever you wish.
Who are we?
Citizens Rights Project provides information, advice and support to EU/EEA/Swiss citizens and their families before and after Brexit to help them protect their rights.
Our registered office and office address is St Margaret’s House, Room G7, 151 London Road, Edinburgh, EH7 6AE
Tel: 07518926137
Email: info@citizensrightsproject.org
What personal data do we process?
Citizens’ Rights Project collects, stores and uses information about:
- our own employees and prospective employees
- our own volunteers and prospective volunteers
- our outreach, information and briefing events delegates / attendees
- our partners and organisations we have collaborated with in the past and currently collaborate with
- individuals and organisations that provide support, services, represent and/or provide services to citizens who might benefit from our services
- those who agreed to be added in our database to get updates about our activities and useful information
As you would expect, we are fully committed to dealing with all personal data in a fair and transparent way and ensure that we have the appropriate security measures in place. This notice sets out what we do with your personal data, why we do it, who we pass it on to and what we do to keep it secure.
Telephoning our office – When you call our office (mobile or landline), we collect Calling Line Identification (CLI) info that includes your phone number (unless withheld). We use this to improve efficiency and call back missed calls. We may ask your name, email, and address if needed.
Contacting us by e-mail – When you email us, we store your address to respond. Once the query is solved, emails are archived. If you ask to join our databases, your info goes to Google Drive and Mailchimp. We may archive anonymized questions for analysis. We also scan emails for viruses and phishing.
Visiting our social media sites – We use Facebook, Twitter, Instagram, and Vimeo. Messages sent via those platforms are stored securely and accessed only by authorized staff. We don’t share them with third parties. We’re not responsible for user comments on those platforms.
Registering to one of our events – If you register, we ask for your name, email, surname, organisation, and role (if applicable). We ask if you want to join our updates database. If not, your data stays with our event platform. If yes, it also goes to our marketing database.
Visiting our office – We may collect personal information via internal enquiry forms related to your request (e.g., training, consultancy, advice).
Visiting our website – Our website uses Google Analytics to collect visitor behaviour data. We don’t store personal info or identify users this way. See our cookie notice for more info.
- If you complete a “contact us” form on our website, you’ll be asked for your name, email, and phone number to respond to your enquiry.
- Signing up to our updates and newsletter – You can subscribe to updates at any time. We don’t share your email and comply with all relevant data laws.
In compliance with GDPR, all emails from us state who the sender is and how to contact us. You can unsubscribe via the link provided or by contacting us directly.
Automatic collection of information – When you access citizensrightsproject.org, our servers record browser data like IP address, browser version, OS, language, referrer, visited pages, time spent, search terms, and timestamps.
This automatically collected data is used to detect abuse and produce usage statistics. It’s not used to identify individuals.
Collection of personal information
You can browse citizensrightsproject.org anonymously. If you use site features, you may be asked to provide personal information. We store any data you knowingly submit via forms or content publishing.
- Personal details like name, place of residence, etc.
- Contact info like email address, phone number
- Any other submitted materials such as articles, images, feedback, etc.
You may choose not to provide personal data, but that may limit your access to full site features.
Use and processing of collected information
In order to make citizensrightsproject.org and domains available to you, or to meet a legal obligation, we need to collect and use certain personal information. If you do not provide the requested information, we may not be able to deliver the requested products or services. Some of this information is collected directly via citizensrightsproject.org, while other data may come from third-party sources. We may use the collected information for the following purposes:
- Send administrative information
- Respond to inquiries and offer support
- Request user feedback
- Improve user experience
- Enforce terms and conditions and policies
- Protect from abuse and malicious users
- Respond to legal requests and prevent harm
- Run and operate citizensrightsproject.org and domains
Processing of your personal information depends on how you interact with citizensrightsproject.org, your location (e.g., outside Scotland), and whether one of the following applies:
- You have given consent for one or more specific purposes (note: this may not apply where processing is governed by GDPR or other data laws)
- The data is needed to perform a contract or pre-contractual obligations
- Processing is required to comply with a legal obligation
- Processing relates to a task carried out in the public interest or in exercise of official authority
- Processing is necessary for the legitimate interests pursued by us or a third party
Note: Under some laws, we may process your information until you object (opt-out), without relying on consent or other legal bases listed above. In any case, we are happy to clarify which legal basis applies and whether providing your personal information is required by law, contract, or to enter a contract.
Why do we process this information?
Citizens Rights Project processes this information to reach as many EU/EEA/Swiss citizens as possible — either directly or through their employers, representatives, or support services — to ensure they are aware of their rights in Scotland and the UK and can take the necessary steps to safeguard them.
We want to inform people about our services and activities, and we believe we have a legitimate interest in doing so. We may use contact details of individuals, representatives, case workers, and organisations to send information about our services and upcoming events. This is based on our legitimate interest in promoting our services, but we always provide recipients with the option to opt out of receiving further messages.
We also process the information of individuals receiving one-to-one support to comply with OISC regulation.
Who do we share your data with?
We only share personal data when it is necessary to provide our services, or when disclosure is required or permitted by law. This may include sharing with government bodies and law enforcement agencies.
In all other cases, data is only shared with trusted third parties where appropriate data sharing or processing agreements are in place.
These third parties include:
Our cloud storage provider, email provider, email marketing provider, website and email support company, bookkeeper, certification bodies (for support services), and partner organisations we collaborate with to deliver information events or provide support.
Storing personal information. How long do we keep data?
We retain and use your personal information as long as necessary to comply with legal obligations, resolve disputes, and enforce agreements — unless a longer retention period is required or permitted by law. Aggregated data that no longer identifies you may still be used after deletion. Once the retention period expires, personal data is deleted, and rights such as access, erasure, rectification, or portability can no longer be enforced. Specifically:
- We retain contact details of individuals and organisations subscribed to our updates/newsletter until they opt out via email or the unsubscribe link in our mailings.
- We retain data of individuals and organisations in our database if our information is of public/vital interest to EU/EEA/Swiss citizens in Scotland whom they represent, support, or serve — until they opt out.
- Our ticketing and video conferencing providers store event registration data. We export and store consented subscriber data from them in our cloud storage. Data is deleted upon opt-out.
- We archive email queries (which may include personal data) for 6 years. We also retain records of one-to-one support clients for 6 years to comply with OISC regulations.
- General retention: Other types of data (not personal) are retained based on our internal company policies.
Depending on your location, your data may be transferred and stored outside your country. You have the right to know the legal basis for such transfers (e.g., within the EU or to international organisations) and the security measures we apply. More details can be found in relevant sections or by contacting us directly.
The rights of users
You may exercise certain rights regarding your information processed by us. In particular, you have the right to:
- Withdraw consent where previously given
- Object to processing if based on legal grounds other than consent
- Learn if data is being processed and access a copy of it
- Verify the accuracy of your information and request updates or corrections
- Restrict processing under certain conditions — we will then only store the data
- Request erasure of your personal information under certain circumstances
- Receive your data in a structured, machine-readable format and transmit it to another controller, if technically feasible
The right to object to processing
If your data is processed in the public interest, under official authority, or for our legitimate interests, you may object by providing justification. While we do not use your data for direct marketing, you may object if you believe your data is being misused.
How to exercise these rights
You can exercise your rights by contacting us via the details provided on our website. These requests are processed free of charge and addressed as quickly as possible.
Privacy of children
We do not knowingly collect personal data from children under 18 in accordance with the Children and Young People (Scotland) Act 2014. If you are under 18, please do not submit personal data on our website.
Parents and guardians are encouraged to supervise children’s internet use and instruct them not to provide personal information without permission. If you believe a child has submitted data, please contact us. You must be at least 16 years old to consent to data processing; otherwise, parental/guardian consent is required.
Cookies
citizensrightsproject.org uses cookies to personalize your experience. Cookies are text files placed on your device by a server. They cannot run programs or deliver viruses and are readable only by the issuing domain.
Cookies may be used to collect data for statistical analysis and operation of our services. You may accept or decline cookies via your browser settings. For details, see our Cookie Policy.
Do Not Track signals
Some browsers support Do Not Track signals, which indicate that you don’t want to be tracked. Since the industry lacks a standard response protocol, citizensrightsproject.org does not currently respond to these signals. However, we minimize collection and use of personal data regardless.
Links to other websites
citizensrightsproject.org may contain links to external websites that we do not control. We are not responsible for the privacy practices of other websites. Please read the privacy policies of any external sites you visit.
Information security
We secure your data on protected servers using administrative, technical, and physical safeguards. However, no internet transmission is 100% secure. By using our services, you acknowledge that:
- Some risks are beyond our control
- We cannot fully guarantee data security
- Data may be intercepted during transmission
Data breach
If we become aware of a breach that compromises your personal data, we will take appropriate action, including notifying authorities and affected users if required. Notices may be posted on our site and/or sent via email.
Legal disclosure
We may disclose personal information if legally required, such as in response to subpoenas or other legal processes, or to protect our rights, your safety, or comply with law enforcement requests.
Changes and amendments
We may update this policy at any time and will indicate updates by revising the “last updated” date. You may also be notified via contact information on file. Continued use of our site constitutes acceptance of the revised policy. We will not use your data in ways materially different from those stated when it was collected, without your consent.
Acceptance of this policy
By using citizensrightsproject.org and its domains, you confirm that you’ve read and agree to this policy. If you disagree, you are not authorized to use the website.
Contacting us
If you have questions about this policy or your data rights, please contact us at: info@citizensrightsproject.org
This Privacy Policy was last updated on the 8th of July 2020.