ASVA respects your privacy.
Any personal information you provide to us including and similar to your name, address, telephone number and e-mail address will not be released, sold, or rented to any entities or individuals outside of ASVA.
Credit card details
ASVA will never ask for Credit Card details and request that you do not enter it on any of the forms on ASVA.
Remember The Risks Whenever You Use The Internet
While we do our best to protect your personal information, we cannot guarantee the security of any information that you transmit to ASVA and you are solely responsible for maintaining the secrecy of any passwords or other account information. In addition other Internet sites or services that may be accessible through ASVA have separate data and privacy practices independent of us, and therefore we disclaim any responsibility or liability for their policies or actions.
Please contact those vendors and others directly if you have any questions about their privacy policies.
We are under a legal obligation to let you know what personal information we collect about you, what we use it for and on what basis. We always need a good reason and we also have to explain to you your rights in relation to that information. You have the right to know what information we hold about you and to have a copy of it, and you can ask us to change or sometimes delete it.
But whatever we do with your information, we need a legal basis for doing it. We generally rely on one of three grounds (reasons) for our business processing. Firstly, if you have ordered or take a service from us, we are entitled to process your information so that we can provide that service to you and bill you for it.
Secondly, if we want to collect and use your information for other purposes, we may need to ask for your consent (permission) and, if we do, that permission must always be indicated by a positive action from you (such as ticking a box) and be informed. You are also free to withdraw your permission at any time.
But we do not always need permission. In some cases, having assessed whether our use would be fair and not override your right to privacy, we may come to the view that it falls within the third ground – our ‘legitimate interests’ to use the information in a particular way without your permission. But when we do this, we must tell you as you may have a right to object. And if you object specifically to us sending you marketing material, (for example about training courses or events) then we must then stop.
This is all set out in detail in this policy, which focuses more on those items that we think are likely to be of most interest to you. As well as covering processing for business purposes, we give you information on circumstances in which we may have to, or can choose to, share your information.
This policy applies to the services we provide you (such as emails and e-updates). It applies to the personal information held by us about our members, but doesn’t apply to the information we hold about companies or organisations.
It also applies even if you’re not one of our members and you interact with us, such as by:
• using one of our products or services – paid for by someone else
• taking part in a survey or trial
• calling us for information or advice about our services
• generally enquiring about our services
What’s not included?
Who are we?
At ASVA, we are the trade organisation representing visitor attractions in Scotland.
Accessing and updating how we use your information
We want to make sure that any personal information we hold about you is up to date. So if you think your personal information is inaccurate, you can ask us to correct or remove it at no charge to you. Please contact us on 07458 306982.
Under the Data Protection Act 1998, you have a right to know what personal information we hold about you. If you’d like a copy of the information you are entitled to please write to Gordon Morrison, ASVA, c/o Haines Watt, 3.1 Wallace House, Maxwell Place, Stirling, FK8 1JU, clearly identifying yourself and the information you require. Depending on the nature of/reasons for your request, we may charge you a nominal sum to cover the cost of processing your request and supplying your information to you. We will ask you to provide identification to ensure we do not disclose your information to the wrong people.
You can always tell us that you do not wish to receive direct marketing communications from us. But remember, if you do not want us to get in touch, you may miss out on valuable and exciting offers, information and updates. If you would prefer not to receive direct marketing communications from us, simply let us know at any time by contacting us at: email@example.com and/or 07458 306982 or by following the opt out instructions in the relevant communication. Please note that this will not stop you from receiving e-newsletters, e-updates and information on events from us.
You have the right to access and update the personal information we hold about you. You can also choose when and how we communicate with you and can opt out of marketing messaging at any time. What kinds of personal information do we collect and how do we use it? The personal information we collect depends on the services you have and how you use them. We’ve explained the different ways we use your personal information below.
To provide you with services
We’ll use your personal information to provide you with email updates. This applies when you join us as a member.
This means we’ll:
• record details about the services you order from us
• send you service information messages
• update you on services
• let you create and log in to the online accounts we run
• give information to someone else (if we need to for the service) (if we do this, we still control your personal information and we have strict controls in place to make sure it’s properly protected); and
We use the following to provide services and manage your account:
• Your contact details and other information to confirm your identity and your communications with us. This includes your name, email address, passwords and credentials (eg security questions and answers we may have on your account)
• Your communications with us, including emails and phone calls.
We use this information to carry out our contract (or to prepare a contract) and provide services to you. If you don’t give us the correct information or ask us to delete it, we might not be able to provide you with the service you requested from us. If you tell us you have a disability or otherwise need support, we’ll note that you are a vulnerable member, but only if you give your permission or if we have to for legal or regulatory reasons. For example, if you told us about a disability we need to be aware of when we deliver our services to you, we have to record that information so we don’t repeatedly ask you about it.
Because it is in our interests as a business to use your information
We’ll use your personal information if we consider it is in our legitimate business interests so that we can operate as an efficient and effective business. We use your information to:
• identify, and let you know about, services that interest you
• create aggregated and anonymised information for monthly and annual visitor trend reports
To market to you and to identify services that interest you
We’ll use your personal information to send you direct marketing and to better identify services that interest you. We do that if you’re one of our members or if you’ve been in touch with us another way (such as through the enquiry section on the website).
We use the following for marketing and to identify the services you’re interested in: your contact details. This includes your name and email address
To create aggregated and anonymised data
We’ll use your personal information to create aggregated and anonymised information. Nobody can identify you from that information and we’ll use it to:
• improve and develop our services for our members
• run management and corporate reporting, research and analytics, and to improve the business; and
• provide other organisations with aggregated and anonymous reports
We have a legitimate interest in generating insights that will help us operate our business or would be useful to our partner organisations.
To develop our business and build a better understanding of what our members want
This means we’ll:
• maintain, develop our services, to provide you with a better service
• train our people and suppliers to provide you with services (but we make the information anonymous beforehand wherever possible)
• share personal information within our organisation for administrative purposes, such as sharing contact details so we can get in touch with you; and
• run surveys and market research about our services
We use the following information to do this.
• Your contact details
• Your communications with us, including emails and phone calls (and any recordings made)
If we use this information for market research, training, testing, development purposes or to create a profile about you, we do so because it is in our legitimate business interests of running an efficient and effective business which can adapt to meet our members’ needs.
To meet our legal and regulatory obligations
We might have to release personal information about you to meet any legal and regulatory obligations which might be imposed on us from time to time.
Sharing your information
Who do we share your personal information with, why and how?
We share your personal information with our research company STR (which is a member of the Market Research Society). We make sure your personal information is protected, no matter which organisation holds that information. We also use other service providers to process personal information on our behalf -for example our web hosts. Details of how they handle your personal information are set out below.
Using other service providers
We use other providers to carry out services on our behalf or to help us provide services to you. We also use them to:
• provide member-service, marketing, infrastructure and information-technology services;
• personalise our service and make it work better;
• analyse and improve the information we hold;
• run surveys
• website hosting
Where we use another organisation, we still control your personal information. And we have strict controls in place to make sure it’s properly protected.
Finally, the section above describes the situations in which your personal information is shared to other organisations. When we share your information with other organisations we’ll make sure it’s protected, as far as is reasonably possible.
If we need to transfer your personal information to another organisation for processing in countries that aren’t listed as ’adequate’ by the European Commission, we’ll only do so if we have model contracts or other appropriate safeguards (protection) in place.
If there’s a change (or expected change) in who owns us or any of our assets, we might share personal information to the new (or prospective) owner. If we do, they’ll have to keep it confidential.
For more details, or if you’d like other information about a specific transfer of your personal information, get in touch with us using the contact details referred to above.
The countries we disclose personal information to:
The UK and wider EU are where most of our processing of personal information takes place. Your personal information is used for IT support and maintaining the website/ database
We share your personal information with other service providers, all of which provide the same high level of security and protection. When sharing outside of our organisation, we make sure that it is protected as far as reasonably possible.
How do we protect your personal information?
We have strict security measures to protect your personal information. We check your identity when you get in touch with us, and we follow our security procedures and apply suitable technical measures, such as encryption, to protect your information.
What do we do if there is a breach of your data?
If the data we hold is breached, or an unauthorised access of personal data takes place that is likely to “result in a risk for your rights and freedoms as an individual or individuals, then we must notify all those individuals affected within 72 hours of becoming aware of the breach and report it to the Information Commissioner’s Office.
How long do we keep your personal information?
• your contact details on file while you’re one of our members, and for six years after; and
• details relating to any dispute for six years after it was closed
In other cases we’ll store personal information for the periods needed for the purposes for which the information was collected or for which it is to be further processed. And sometimes we’ll keep it for longer if we need to by law. Otherwise we delete it.
Your personal information is protected by strict security measures and only kept for certain amounts of time depending on individual circumstances.
Got a question about how we use your information?
How will we tell you about changes to the policy?
We have included a description of how the technical terms we use are generally interpreted:
• Aggregated data means grouped information, for example the total number of calls made in a month or events organised and for how many people.
• Anonymised data means data which has had all personally identifiable information removed.
• Cookies are small text files (up to 4KB) created by a website and stored in the user’s connected device – either temporarily for that session only or permanently on the hard disk (called a persistent cookie). Cookies help the website recognise you and keep track of your preferences.
• Encryption means scrambling information into an unreadable form that can only be translated back using a special key.
• IP address is a unique string of numbers that identifies each device using the internet or a local network.
• Personal information means information that identifies you as an individual, or is capable of doing so.
• Regulatory obligations means our obligations to regulators such as the Information Commissioner’s Office.
• Tags are an instruction inserted on a website that specifies how the site, or a part of the site, should be formatted and how it’s performing.