info@fvu.org.uk
Forth Valley Unity
Policies & Procedures

Privacy Policy

How we collect, use, and protect personal data (UK GDPR/Data Protection Act 2018).

    Privacy Policy

    Version 1.1 • Sep 28, 2025
    Forth Valley Unity
    Printed 14 Jan 2026, 00:22
    Current version: https://fvu.org.uk/policies/privacy-policy

    1) Who we are and how to contact us

    Forth Valley Unity (“FVU”, “we”, “us”, “our”).
     Contact: info@fvu.org.uk

    Data Protection queries: dpo@fvu.org.uk

    2) Scope

    This policy explains how we handle personal data when you use our websites and online services in the UK. It aligns with the UK GDPR and the Data Protection Act 2018.

    3) Personal data we process

    • Information you provide: details you enter on forms (e.g., event registrations, contact forms, membership/admin forms).
    • Technical and security logs: IP address, user-agent, referrer, timestamps, and similar metadata captured at the time of use or submission for security, troubleshooting, and abuse prevention.
    • Payment information: Card details are processed by our payment provider. FVU does not store full card numbers, expiry, or CVV.

    4) Why we use your data (purposes)

    • To provide our services and respond to enquiries.
    • To register you for events or activities and manage attendance.
    • To take payments and issue confirmations/receipts.
    • To maintain security, prevent fraud and abuse, and keep audit logs.
    • To comply with legal obligations and respond to regulatory requests.
    • With your permission, to send updates relevant to your preferences. 
      • If you choose to subscribe to our updates, we will only send you communications that match your preferences. You can withdraw consent or unsubscribe at any time by following the instructions in each email or by contacting us. Service-related emails (such as payment confirmations or event reminders) may still be sent where necessary.

    5) Our lawful bases

    Depending on the context, we rely on one or more of:

    • Contract (e.g., registrations, ticketing, payments).
    • Legitimate interests (e.g., security logging, service improvement, internal admin proportionate to your expectations).
    • Consent (e.g., optional communications where required).
    • Legal obligation (e.g., financial record-keeping).

    6) Who receives your data

    • Service providers (processors): e.g., hosting, email delivery, payment processing—only what’s necessary to provide the service, under contract.
    • Legal/regulatory bodies: where the law requires.

    7) International transfers

    We aim to process and store data in the UK where practical. If a transfer outside the UK is necessary, we use appropriate safeguards (e.g., ICO-approved mechanisms).

    8) Retention

    We keep data only as long as necessary for the purposes above and to meet legal/accounting obligations. Core examples:

    • Financial records: up to 7 years.
    • Operational records (forms, logs): for a proportionate period aligned to the purpose and our legal bases.
      We review retention periodically and securely delete data that is no longer needed.

    9) Security

    We apply technical and organisational measures appropriate to the risk (e.g., access controls, encryption in transit, least-privilege, monitoring). We vet processors for security and data protection commitments.

    10) Your rights

    You can:

    • request access to your personal data;
    • ask for correction of inaccurate data;
    • ask for deletion in certain circumstances;
    • ask us to restrict or object to processing in certain circumstances;
    • request a copy of your data in a portable format;
    • withdraw consent where we rely on consent (this won’t affect past processing).

    To exercise rights: dpo@fvu.org.uk. We usually respond within one month.

    11) Children’s data

    We take extra care with young people’s data. Where consent is required online, we follow applicable UK rules. If you believe a child’s data has been provided without appropriate permission, contact dpo@fvu.org.uk

    12) Automated decision-making

    We do not carry out decisions producing legal or similarly significant effects solely by automated means. If this changes, we will tell you and explain your rights.

    13) Cookies

    We currently use essential cookies only. See our Cookie Policy here. If we add non-essential cookies in future, we will request consent and update our policies.

    14) Updates to this policy

    We may update this notice to reflect operational or legal changes. We will post the new version with a new effective date and, where appropriate, notify you.

    15) Contact and complaints

    Questions: info@fvu.org.uk

    Data protection queries/rights: dpo@fvu.org.uk

    You can also complain to the UK Information Commissioner’s Office (ICO).

    Related policies

    Cookie Policy
    Information about the cookies we use and how to manage your preferences.
    Terms & Conditions (Website Use)
    Rules for using our website; acceptable use, disclaimers, liability.
    Fundraising & Donations Policy
    How donations are handled, transparency, refunds, and standards compliance.
    Complaints & Feedback Policy
    Clear process for concerns, escalation routes, and response timelines.
    Event Terms & Conditions
    Terms for event attendees/participants, including tickets, cancellations, conduct, and venue rules.