We are committed to preserving and respecting your privacy. Please read this Policy to understand how we use and protect the information that you provide to us.
The Website is owned and operated by FinTech Scotland (“us” or "we"). We are a private company limited by guarantee incorporated in Scotland under company number SC567086 and have our registered office at 1-7 Roxburgh Street, Edinburgh, Scotland, EH8 9TA. For the purpose of applicable data protection legislation, we are the data controller.
By using the Website or by otherwise providing us with your information, you are acknowledging that you are aware of how we use your information. You warrant that any data provided by you on the Website is accurate.
1) INFORMATION THAT WE COLLECT FROM YOU
We collect information about you:
- that you provide to us when you use our Website, including, but not limited to, information you provide when you fill in any forms (including the contact form) on our Website or participate in any social media functions on our site; and
- if you contact us by phone, email or otherwise, we may keep a record of that correspondence.
The type of information we collect from you may include:
- where you use the contact form on the Website: your full name and email address and any other information that you volunteer in the contact form;
- technical information about your visits to the Website including, but not limited to, your IP (Internet Protocol) address used to connect your device to the internet and our Website, traffic data, location data, log data, your browser settings, the date and time of your visits, and details regarding which pages, products or resources on our Website you access. When you visit the Website our servers automatically record this type of information;
- demographic information such as postcode/location, preferences and interests; and
- other information relevant to surveys which you complete.
2) USE OF YOUR INFORMATION
We use your information:
- to analyse the information we collect from you in order to examine trends and patterns in the information and improve our website content and navigation;
- to ensure that content from our Website is presented in the most effective manner for you and your device;
- to contact you for direct marketing purposes, if you have explicitly accepted for us to do so, in order to send you updates on FinTech Scotland which may be of interest to you;
- to contact you for your views on our products and services;
- for our internal record keeping; and
- for all other purposes consistent with our legitimate interest to ensure the proper performance of our operations and business.
3) WHERE WE STORE YOUR INFORMATION
Information posted on the Website is stored in the WordPress database. WordPress is the content management system used to create and maintain the Website. The Website is hosted on Amazon Web Services (“AWS”). Our AWS account is hosted in England.
When you sign up to our newsletter, we store your contact details on campaign monitorwho act as both data storage and data processor. They store data in a US-based data center. In addition, they use multiple data processing locations including USA, Australia and Germany. They also use CloudFront at strategic AWS edge and regional locations as an external content delivery network for faster content caching. More on Amazon’s CloudFront can be found here: https://aws.amazon.com/cloudfront/features/
When we transfer your data outside of the EEA, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy, such as by use of the data protection contract clauses that have been approved by the European Commission.
4) HOW LONG WE RETAIN YOUR INFORMATION FOR
We will hold your personal information on our systems for as long as is necessary for the relevant activity or services. Unless otherwise requested using the contact details below, if you unsubscribe from our communications, your personal data will be retained indefinitely on a suppression list so that we know not to contact you.
5) DISCLOSURE OF YOUR INFORMATION
The information you provide to us will be treated as confidential. However, we may disclose your information to other third parties who act for us as our service provider or who advise us for the purposes set out in the policy or for purposes approved by you.
We may disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms & Conditions, and other agreements;
- to protect our rights and property, or our safety and our users’ safety; and/or
- for the purposes of preventing or reporting any illegal or immoral activity.
We will not sell, distribute or lease your personal data to third parties other than in accordance with this Policy, unless we have your permission or are required by law to do so.
6) LEGITIMATE INTERESTS
Data protection laws require that we meet certain conditions before we are allowed to use your data in the manner described in this Policy. We will rely on a condition known as "legitimate interests". It is in our legitimate interests to collect your personal data as it provides us with the information that we need to contact you for direct marketing purposes and improve our website content and navigation. We will always ensure that we keep the amount of data collected and the extent of any processing to the absolute minimum to meet this legitimate interest.
7) YOUR RIGHTS - COPIES AND CORRECTIONS
The accuracy of the information that we hold about you is important to us. If any of the information that we hold about you is inaccurate or out of date, or you object to us processing it, please let us know using the contact details below.
You have a number of rights under data protection laws in relation to the way we process your personal data. These are set out below. You may contact us using the details below to exercise any of these rights and we will respond to any request received from you within one month from the date of the request. The information will usually be provided free of charge, although in certain circumstances, we may make a small charge.
You have a number of rights under the data protection laws, namely:
- to access your data (by way of a subject access request);
- to have your data rectified if it is inaccurate or incomplete (right to rectification);
- in certain circumstances, to have your data deleted or removed (right to be forgotten);
- in certain circumstances, to restrict the processing of your data;
- a right of data portability, namely to obtain and reuse your data for your own purposes across different services;
- to object to direct marketing:
- not to be subject to automated decision making (including profiling), where it produces a legal effect or a similarly significant effect on you; and
- to claim compensation for damages caused by a breach of the data protection legislation.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website. Any transmission is at your own risk. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Your data may be stored by third parties on our behalf as set out in this Policy. We, and our third party contractors, employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction or damage.
Please help us keep our records updated by informing us of any changes to your email address and other contact details.
9) LINKS TO OTHER WEBSITES
Our Website contains links to other websites of interest. If you use these links to leave our Website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and check the terms and conditions and privacy policies which apply to third party websites.
The types of cookies that our site uses are:
Google Analytics cookies
- _dc_gtm_UA-xxxxxx - This cookie is associated with sites using Google Tag Manager to load other scripts and code into a page. Where it is used it may be regarded as Strictly Necessary as without it, other scripts may not function correctly. The end of the name is a unique number which is also an identifier for an associated Google Analytics account. The main purpose of this cookie is: Strictly Necessary
- GCSCU_xxxxxx - Technical cookie, it disappears at the end of the session.
- _ga - This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. The new service reduces the reliance on cookies in general, and only sets this and one other - _gat, although Google also say data can be collected without setting any cookies. This cookie is used to distinguishes unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners. The main purpose of this cookie is: Performance
- _gid - Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
- ads/ga-audiences – Used by Google AdWords to re-engage visitors across websites.
- collect - expires at the end of each session. Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.
Below are main cookies set by the Google Analytics service which enables website owners to track visitor behaviour measure of site performance. These cookies identify the source of traffic to the site - so Google Analytics can tell site owners where visitors came from when arriving on the site. These cookies have a life span of 6 months and are updated every time data is sent to Google Analytics.
- __cfduid from freegeoip.net - expires after 1 year. Used by the content network, Cloudflare, to identify trusted web traffic.
- CookieConsent - expires after 1 year. Stores the user's cookie consent state for the current domain
- wordpress_test_cookie - expires at the end of each session. Used to check if the user's browser supports cookies.
- vuid from Vimeo - expires after 2 years. Collects data on the user's visits to the website, such as which pages have been read.
- GPS from youtube.com - expires after 1 day. Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.
- IDE from doubleclick.net - expires after 1 year. Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.
- PREF from youtube.com - expires after 8 months. Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos across different websites.
- rc::c from google.com - expires after each session. Unclassified
- Tabld from facebook.com - expires after each session. Unclassified
- test_cookie from doubleclick.net - expires after 1 day. Used to check if the user's browser supports cookies.
- VISITOR_INFO1_LIVE from youtube.com - expires after 179 days. Tries to estimate the users' bandwidth on pages with integrated YouTube videos.
- YSC from youtube.com - expires after each session. Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
- yt-remote-cast-installed from youtube.com - expires after each session. Stores the user's video player preferences using embedded YouTube video
- yt-remote-connected-devices from youtube.com - Persistent. Stores the user's video player preferences using embedded YouTube video
- yt-remote-device-id from youtube.com - Persistent. Stores the user's video player preferences using embedded YouTube video
- yt-remote-fast-check-period from youtube.com - expires after each session. Stores the user's video player preferences using embedded YouTube video
- yt-remote-session-app from youtube.com - expires after each session. Stores the user's video player preferences using embedded YouTube video
- yt-remote-session-name from youtube.com - expires after each session. Stores the user's video player preferences using embedded YouTube video
We may amend this policy from time to time. If we make any substantial changes we will notify you by posting a prominent notice on our Website.
12) CONTACT US
If you have any queries concerning your personal information or any questions on our use of the information then please contact us via the “Contact Us” page on the Website.
If you are not happy with the way in which your personal information is held or processed by us, or you are not satisfied with our handling of any request by you in relation to your rights, you may complain to the Information Commissioner's Office (ICO) by calling 0303 123 1113.
The ICO is the UK's independent body set up to uphold information rights. You can find out more about the ICO on its website (https://ico.org.uk/).