Privacy Policy

Your personal data at Norton Park

Norton Park SCIO  is an independent registered Scottish Charity (SC048639) formed to establish Norton Park office complex as the first shared premises project for third sector organisations in Scotland.  Norton Park SCIO is the data controller for the personal data collected and processed through our activities, services, and operations.  If you have any questions about this privacy notice, please contact us by emailing our Chief Executive, Keith Robertson  krobertson@nortonpark.org .

This privacy notice explains how we process the personal data of:

  • Tenant organisations and their staff and volunteers who use Norton Park;
  • Clients who book facilities at Norton Park;
  • People who contact Norton Park;
  • Suppliers and their staff;
  • Visitors to Norton Park;
  • Visitors to our website.

(There is a separate privacy notice for Norton Park employees.)

The data we hold about you.

We currently collect and process the following information:

  • Contact data, such as title, name, address, email address and telephone numbers.
  • Transactional data, such as business correspondence and messages, bookings; payments made by and to you, and details of services provided to you.
  • Survey and customer satisfaction responses.
  • Marketing and communications data, including your preferences in relation to marketing from us and from any third parties, and your preferences for methods of communication.
  • Sensitive Personal Data: Norton Park sometimes needs to process sensitive personal information (known as ‘special category data’) to ensure your health and safety or to make reasonable adjustments, e.g. personal emergency evacuation plan, or details of specific support needs. We will only request and process the minimum data necessary for the specified purpose.
  • CCTV images are used for the prevention, detection and investigation of criminal activity and to keep our guests and staff safe. It is our policy not to disclose images to anyone other than the police.

For website users:

  • Technical data, including your IP address, login information, browser type and version, time zone setting and location, browser plug-ins and other technology on the devices used to access our website.
  • Usage data, including how you use our website, products and services.

If you act on behalf of or book an appointment for another person, we will also process their data for the purposes outlined in this Notice.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Sources of personal data

We receive personal data:

  • Directly from you, for example, when you contact us or sign-in at Norton Park
  • From your voluntary organisation or employer
  • When you interact with our website;
  • Captured through our CCTV system

Recipients of your personal data

Where necessary, your personal data may be received by:

  • Statutory authorities and regulators such as HM Revenue & Customs, and the Office of the Scottish Charity Regulator
  • Norton Park’s professional advisors including lawyers, auditors and insurers
  • Norton Park’s service providers including IT providers, accounting software host, payment card providers
  • In exceptional circumstances, Police or other statutory investigators
  • In event of an emergency the Fire Service will have access to manual and electronic sign-in data.

 Our lawful basis for processing your personal data

We process personal data principally where necessary to our legitimate interests to run Norton Park and provide associated services. (UK GDPR Article 6(1)(f). In some cases we are under a legal obligation to process personal data (UK GDPR Article 6(1)(c)), for example, in recording accidents.

In limited circumstances we may hold sensitive personal data about health or ability, for health and safety purposes or to make reasonable adjustments to support clients and visitors. Such data is processed to meet our legal obligations under social protection law (UK GDPR Article 9(2)(b)).

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.  This is set out in Norton Park’s retention policy which is available on request.

Using our website

We use Google Analytics and Cookies to improve our service user experience and analyse how our website is used.  You can choose whether these cookies are used. A full list of the cookies we use is on our website.

Google Analytics will anonymise part of your IP address before storing it.  The IP address will still give us an approximate location for you.  Otherwise, most of the information collected is anonymous traffic data, including browser information, device information and language.   The information provides an overview of how visitors reach the website and how they use it.  We do not use the information for any additional purpose.

If you use our booking form, we will record personal information that you complete in the registration form.  We will use the email address you provide to send you confirmation emails related to bookings.

Changes to our privacy policy

We keep our privacy policy under regular review, and we will place any updates on this web page. This privacy policy was last updated in October 2024.

Your rights over personal data

As an individual you have certain rights regarding our processing of your personal data. You have the right to:

  • … be informed about the collection and use of your personal data;
  • … access personal data held about you and receive a copy;
  • … have factual inaccuracies in your personal data rectified;
  • … in certain limited circumstances, restrict the processing of your data or to have personal data erased, or to ask for data portability;
  • … object to how your personal data are being processed.

You can find independent advice about personal data rights provided by the Information Commissioner’s Office: https://ico.org.uk/your-data-matters/

For more information on how to exercise any of these rights, please contact the Chief Executive, krobertson@nortonpark.org

Your right to complain

If you are concerned about the way Norton Park is processing your personal data, you have the right to complain. You may do this by contacting us using the following details:

  • Email krobertson@nortonpark.org
  • write to Keith Robertson, Norton Park, 57 Albion Road, Edinburgh

Or you may complain to the regulator of information rights in the UK the Information Commissioner’s Office (ICO). You can find more details on their website.

 

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.