Privacy Policy – 2021 (Draft)

Who we are?

The Water of Leith Conservation Trust (“we, “us”, “our”) are the data controller for the purposes of the Data Protection Act 2018 (“DPA”) and the UK General Data Protection Regulation (“UK GDPR”) in respect to personal information which we hold about you.

Our full contact details are:
Email: [email protected]
Address: Water of Leith Visitor Centre, 24 Lanark Road, Edinburgh, EH14 1TQ
Telephone number: 0131 455 7367
Charity Number: SC000015
Data Controller: Helen Brown, Trust Manager

What is the scope of this policy?

This document sets out our data protection and privacy policy in relation to the physical processing of data at our place(s) of work and data processed electronically by staff or on our website.

The privacy and security of your personal data is of utmost importance to us. This privacy policy explains how and why we use your personal data. In Annex 1, we have detailed the Rights of Data Subject and what steps we have taken to ensure Data Security. We also have a CCTV Policy and a Data Protection Policy available on request.

What data do we collect and why?

The Water of Leith Conservation Trust collects data of individuals for the purpose of administering its charitable activities and events, recruitment and management of staff and from registered volunteers and members. We collect the following:

  • Events. For participants, at events we will collect basic contact details, under certain circumstances we may collect consent for photos, age, gender, race, and health information if relevant to the activity
  • Volunteering. For Volunteers the data we collect can consist of your name, address, telephone number, date of birth, email address, skills & experience, health and welfare and current employment status. We also collect and store details of your emergency contact. 
  • Membership. For Members we collect name, address, telephone number, email address, age category, subscription amount and any donations. We will also retain information required by HMRC with purposes of reclaiming gift aid.
  • Donations: When you make a donation we collect basic contact information, bank or card details, information required by HMRC for the purposes of reclaiming gift aid. 
  • Staff Recruitment.: For staff and recruitment more detailed personal information may be asked for and will be stored for as long as is needed then filed securely or shredded on site. Where PVG checks are required this is dealt with through Volunteer Scotland and our authorised signatory – Trust Manager Helen Brown. 
  • Communication:  When you communicate with us via letter, email, social media or signing up to mailing lists, we keep basic contact details, communication preferences and other information regarding the contact where necessary and appropriate. 
  • Newsletter: We collect contact details from those wishing to receive our email newsletter and blog.
  • Cookies:  Our website uses cookies to help provide the best possible experience for you.  Please see our cookies policy for further information. Annex 2
  • Test and Protect – We collect and store basic contact details for 21 days in accordance with COVID 19 contact tracing for more information see Annex 3

The Water of Leith Conservation Trust processes personal data for the purposes of providing the service that you signed up for and also to keep you informed of activities the Trust has organised that may be of interest to you. This includes: 

  • Recruit you to the right volunteering role and provide ongoing support 
  • Process and update your membership 
  • Know who is attending our events and can contact you in an emergency 
  • Process donations and claim gift aid 
  • Fulfil purchases made by you 
  • Aid you in enquiries 
  • Employ you

How is data stored?

We’ll store this information in either secure paper files in a locked office, on our internal databases or within external servers where services are provided by third-parties (such as our mailing list). We confirm that any personal information that you provide to us will be held in accordance of the GDPR legislation detailed below.  

All data provided by yourself will be retained by the Water of Leith Conservation Trust for as long as it is needed to provide its function it will then be deleted and securely disposed: 

  • Details held about ‘event’ participants will be deleted within 1 month
  • You can deregister as a volunteer at any time by calling or emailing and we will delete all information we held about you within 1 month
  • If you choose to leave us as a member at anytime, please contact the Trust, and / or if you chose not to renew your membership at the end of its term, we will then delete all the information we hold about you within 1 month 
  • The exception to this is the file pertaining to Gift Aid, which is retained for 7 years. This contains basic personal data and signed gift aid declaration.
  • If you wish to unsubscribe from our news feed, use the unsubscribe link at the bottom of the email. We do not administer your subscription to this service 

We do not sell data or actively share data with any outside organisation not directly involved in the delivery or support of a service we provide, such as who provide our email newsletter service.

If our data security is compromised, we will inform you immediately and the Information Commissioner within the legislated time limit.

Who does this policy apply to?

This policy applies if you are a customer or supporter of the Trust (member, volunteer, customer or employee) or a user of, or visitor to our website.   

Further updates to this policy will be posted on our website as and when they arise. You can also view our Data Protection Policy (pdf) on our website.

This policy has been prepared by Helen Brown and Kat Kane

Draft to be Approved by Trustees at the meeting held 30.08.2021

To be reviewed no later than 30.08.2024

Annex 1.

Rights of the Data Subject

Under the GDPR you have the following rights:

  • The right to be informed – You have the right to know how your personal data is used by WOLCT.  This document is intended to be a clear description of how your data may be used.
  • The right of access – You have the right to request a copy of all personal information that we hold on you as part of a Subject Access Request.  Under the GDPR, WOLCT has 30 days to respond to this.  Please email [email protected] for Subject Access Requests.
  • The right to rectification – You have the right to ask WOLCT to update your records where any information in them is inaccurate.  WOLCT will correct the data immediately.
  • The right to erasure – You have the right to be forgotten.  If you request that your personal data be removed from WOLCT’s systems, we will do so immediately.  
  • The right to restrict processing – You have the right to ask for processing of your personal data to be restricted where you believe it is inaccurate or that there is no legitimate use for the processing of your personal data.
  • The right to data portability – does not apply to our services. 
  • The right to object – You have the right to stop the processing of your data for marketing processes, or any of the legitimate interests that WOLCT uses personal data for. 
  • The right to not be subject to automate decision-making including profiling – Where the data controller is using your personal data in an automated way to make decisions that have an effect on you, you have the right to object. WOLCT does not use your personal data in this way.

More information about each of these rights can be found here: You can find out more about your rights by visiting

Data Security

Personal data is kept in the private locked office of the Water of Leith Conservation Trust. Staff, Trustees and certain volunteers are admitted but it is not accessible to the public. This is also covered by CCTV at all times. No volunteers, users or other people may have access to the office without either a Trustee or staff member being present. A locked filing cabinet will be used to store paper copies of volunteer registration forms, membership applications, gift aid forms and all personal data relating to staff and trustees

All office computers containing sensitive data or access to our network are password protected. No record of passwords is stored on paper.  Where necessary, certain passwords are held within an encrypted password sharing service to enable admin staff and support consultants to access shared devices and resources.

Access to these passwords is given on a need-to-know basis. All passwords also are changed on an occasional basis and whenever there is a concern over security.  Data is backed up daily on to encrypted hard drives.  WOLCT uses anti-virus and firewall software to prevent unwanted intrusion into our data.

If our data security is compromised, we will inform you immediately and the Information Commissioner within the legislated time limit.

If you would like a copy of some or all of your personal information, please email [email protected] or write to us at Water of Leith Conservation Trust, 24 Lanark Road, Edinburgh, EH14 1TQ  

You can find out more about your rights by visiting

Annex 2 

Cookies Policy:

The Water of Leith Conservation Trust is committed to protecting your privacy when you visit our website.  We use cookies to provide you with the best possible experience and allow full use of the website.  This page will tell you what cookies are, how we use them, and how you can control their use. 

What are cookies and why do we use them? 

Cookies are small text files placed within your web browser by a website in order to record something about you, such as a unique session ID to enable you to use a shopping cart or to note your settings choices for a specific website.  They are a common part of almost all websites, they cannot change settings on your computer or pass on any malware or viruses.  These files are used to remember you when you next access the website or as you navigate between pages.  The information held in them is used to help make a website work better, providing the best possible online experience for you and enables site owners to see how visitors use their website. 

Which cookies do we use?

First party cookies

First party cookies are set by us to enhance security, enable core site functionality and to improve our services to provide a better user experience.  We do not use cookies to gather personal data about you as your privacy is important to us.

First party cookies in use across the site include: 

  • wf_loginalterted_{uniqueID} – core site functionality.
  • wfwaf-authcookie-{uniqueID} – core site functionality.
  • wordpress_test_cookie – core site functionality.
  • wp-settings-{number} – core site functionality.
  • wp-settings-time-{number} – core site functionality.
  • _ga – set by Google Analytics which allows us to assess anonymised site usage data.
  • _ga_{uniqueID}  – set by Google Analytics which allows us to assess anonymised site usage data.

Third-party cookies & Embedded Content

You may notice some cookies that are not from the Water of Leith Conservation Trust when using our website.  When you visit a page with embedded content, such a YouTube videos, Twitter posts or the SoundCloud audio player, you may be given cookies from a third-party website.  Embedded content from other websites behaves in the same way as if the visitor had visited that external website. These websites may collect data about you, use cookies, embed additional third-party tracking, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Third-party cookies we are currently aware of in relation to embedded content on various pages of the site include those set by : – associated with embedded videos across the site. – relates to YouTube interaction. – associated with embedded audio players within the Audio Trail section of our site. / – associated with embedded tweets within certain blog posts. 


The Water of Leith Conservation Trust does not control these cookies.  If you need further information about them, please check the third-party website.

Social Networks & External Links

In addition to this website, we also maintain a presence within a number of social media sites, which you can access via icons or share buttons across our website. If you choose to visit social networks or external sites linked to from this website, your personal data may be transmitted to the provider of that service or site. These sites may transmit data to a server in a third country and thus process data outside the European Union.  The purpose and scope of the data collection by the respective medium and the further processing of your data there as well as your rights in this regard can be found in the data protection policies of the respective responsible party.

We would like to point out that our website contains links to external third-party websites, whereby we have no influence on or responsibility for the processing of data on these third-party websites. 

How do I change my cookie settings? 

You can block the cookies on our site by changing your browser settings.  Please remember however that if you block our cookies, you may not be able to access the full functionality of this website.  For more information on blocking cookies, please visit 

Changes to this policy 

In keeping with legal requirements, we may need to update this cookie policy occasionally. 

Version 2 – updated 05.08.2021