We are committed to protecting the privacy and security of your personal information, we continually monitor compliance through implementing policies and procedures to safeguard data and by setting regular reviews to manage these policies and procedures.
In accordance with ICO Requirements of Data Controllers Scarf Group is registered with the Information Commissioners office (Z7765191). We are also considered a data processor where we process information on behalf of the Scottish Government and Local Authorities as part of a contract.
Scarf is an accomplished social enterprise, delivering a range of advisory and support services to householders and businesses throughout Scotland. We are contracted to deliver advisory, grant assistance, support services on behalf of Scottish Government and Local Authorities.
Through our Enquiry and Customer Service handling Centre we collect information via written, Telephone, Email, Live chat and voice messages. We may also provide home visits to both residential and commercial property. We collect information when we attend various community events and exhibitions. We may also be provided with your data as a request for support through social services, welfare rights and other agencies that have acted on your behalf. We also collect information as part of the recruitment and selection process.
The information we collect is dependent of your existing or prior relationship or to the organisation the categories we hold are
We apply the GDPR principles to all personal and Sensitive data that we hold or process
These principles lie at the heart of our approach to processing personal data.
We share and report all financial payment information with HMRC for compliance including PAYEE and National insurance, Pension contributions, Student loan deductions, benefits and expenses, SSP and SMP. This information is also viewed by accountants contracted to provide audit and compliance services for us.
We do not anticipate providing services directly to children, however we do understand that if this change occurs, we will make provisions to verify age. We will also make further provisions to gain parental or guardian consent for data processing activity where required.
Scarf Group will continue to look for new ways to protect data however in the event of a data breach. we will notify the ICO within 72 hours of becoming aware of the breach, where we don’t yet have all the relevant details we will notify when we expect to have the results of the investigation. we have implemented the ICO guidance framework on managing a security breach document 20121212 version :2.1 This framework includes the following
*Containment and recovery * Assessing the risk/impact * Notification of Breaches * Evaluation and Response
All significant decisions about data processing and policy implementation will be made using GDPR. As part of the services offered to you the information which you provide to us will not be transferred to countries outside the European Union (“EU”) our servers are Located inside the EU. If we have a requirement to transfer your information outside of the EU in any way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access- You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Your right to erasure- You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests.
Your right to data portability- This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Please contact us at firstname.lastname@example.org if you wish to make a request.
Further information around your rights can be found at https://ico.org.uk/your-data-matters