Privacy & Cookies

Introduction

The John Muir Trust (hereafter referred to as the “Trust”) incorporating the John Muir Award (hereafter referred to as the “Award”) strives to comply with the very highest level of applicable laws and regulations relating to data privacy and security. The Trust is proud of its reputation as a fair and transparent processor and welcomes regulatory changes which seek to strengthen the protection of personal data. It is committed to protecting and respecting your privacy.

Privacy Policy

Cookie Policy

Privacy Policy

This policy (together with our terms and conditions which can be found at (https://www.johnmuirtrust.org/terms-conditions) and our cookie policy, explains how we collect personal data from you, how we store your data (and also how we protect it) and your rights to control our use of it.

For the purposes of the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the GDPR, the data controller is the John Muir Trust of Tower House, Station Road, Pitlochry, PH16 5AN.  The John Muir Trust is a registered Scottish Charity (SC002061) and also a company limited by guarantee (SC081620).  The John Muir Trust is registered with the UK Data Protection Register under reference number Z7063675 (see https://ico.org.uk)

This policy applies to our website, social media pages and all printed and electronic communications. Please read this policy carefully. By accessing the website you confirm to have understood and agreed to them and indicate your agreement to our use of your personal information as set out in this privacy policy.

1.0 How do we collect personal data?
2.0 What personal data do we collect?
3.0 Legal basis for the use of your data
4.0 Who else do we share your data with?
5.0 How is your data stored and for how long?
6.0 Your rights in relation to your data
7.0 Subject Access Requests
8.0 Under 18 year olds
9.0 Further information or complaints
10.0 Links to other policies
11.0 Changes to privacy policy

1.0 How do we collect personal data?

Data provided by you

Most of the personal data we collect is given freely by you when you become a supporter of the Trust whether that is as a member, donor, e-mail subscriber or in any other context such as a John Muir Award Provider.  We collect this information from your membership request/renewal form, when you donate or buy products, when you participate in surveys, competitions or promotions, and from forms relating to Award activity.  In the ordinary course of business we also collect information from related e-mail, written or telephone correspondence.

Data we collect about you

We receive automatic information every time you interact with our site, e-mails and on social media platforms. This includes:-

  • Technical information, including the Internet Protocol (IP) address used to connect your computer or network to the Internet, browser type and version, time zone setting, browser plug-in types and versions, and operating system and platform; and
  • Information regarding your visit, including the full Uniform Resource Locators (URL), download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page etc
  • Cookies (see our Cookie Policy below)

You can visit our website anonymously, although we cannot personalise your experience if you choose to do this.

2.0 What personal information do we collect?

We collect information you provide to us, which includes data you give when placing an order, becoming a member or donor, participating in an Award or communicating with us in other ways. It can include:

  • title
  • your name
  • address
  • phone number
  • email address
  • date of birth
  • dietary/medical information (e.g. when volunteering or attending a training course or other event such as the AGM)
  • credit/debit card details (note that we never store card data) and whether donations are gift aided
  • your personal views on an area of advocacy/campaign work
  • when and how much you have donated to a particular cause
  • which John Muir Award level(s) you have achieved
  • John Muir Award Record eBook account (photo/film, sounds)

If you choose not to disclose requested information, we may not be able to provide you with certain services.

If you purchase a John Muir Trust membership as a gift for someone or a family membership, your details and those of the recipients will be recorded along with your relationship to them.

If you purchase an Adopt an Acre or Plant a Tree gift for someone, your details and the details of the recipients will be recorded in order to fulfil the order.

As an individual if you request a Certificate following successful completion of the Award your details will be collected for that purpose. If you act as an Award Provider for a group then the names and Award levels of participants and your details will be recorded.

If you work for us as a volunteer, contractor or member of staff then we may collect additional information about you (e.g. next of kin contact details, medical conditions). This information is retained for legal reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes. We take extra care to ensure sensitive personal data (such as health information) is protected such as ensuring this is ensuring this is only accessed by the Director of Finance & Resources. Additional information is collected for job applicants such as career history, reference contact details.

The information we collect is safely stored in our database and/or locked cabinets with restricted access.  We have a retention and destruction policy which details the length of time we will hold your data for which can be found at (www.johnmuirtrust.org/retention).

3.0 Legal basis for processing your information

We predominantly rely on the following clauses as a legal basis for the collection and processing of your data:

Consent

Some of the personal data we collect and process is done with your consent. For example, we rely on consent when we send you a marketing email if your email subscription preferences indicate you are willing to receive such emails. You have the right to withdraw consent at any time. See more information about your rights to withdraw consent further down.

Legitimate interest

We also process data when it is in our legitimate interest to do so and when this interest is not overridden by your data protection rights (see further down for more information about your rights).  These fall broadly into processing for business and administrative purposes:-

Business: Improve the service we provide to our supporters, to better understand and improve your interaction with our website, to prevent fraud and to determine the effectiveness of our campaigns.

Administrative: Processing of membership, donations, gift aid, and product orders and in the organisation of volunteer work parties/training events and Local Member’s Groups. In some cases we may also process data to:

  • enter into, or perform, a contract with you
  • comply with a legal duty
  • protect your vital interests (ie to protect someone’s life).

Finally, the Trust may process your data to comply with our legal and regulatory obligations e.g. preventing, investigating crime or working with law enforcement agencies.

Occasionally, we conduct internal research on our supporters’ data to help us better understand them, and provide a better service. This may include using web analytics or other information to identify common characteristics, interests and preferences.  From external sources we will also obtain similar research data through our Membership Research Panel and Provider Surveys or Conserve Audits to reflect on and improve practice and listen to stakeholders.  Our research is conducted on an anonymised basis and so cannot be linked to an identifiable person.

4.0 Who else will we share your data with?

Firstly and most importantly, the Trust will NEVER sell your data to a third party so that they may use it for their own purposes. We will never disclose your information outside of the Trust other than with your consent, as permitted or required by law or as necessary to protect the rights, property or safety of us or others. There will be instances where data has to be shared with third parties for regulatory purposes (audit, minimum wage, pension) or for outsourced business activities (processing direct debits, mailing fulfilment, management of Award activity with/by an approved partner such as Cairngorms National Park Authority and Lake District National Park Authority). In these instances, and particularly where the counterparty is a “processor” as defined by GDPR, the Trust ensures that the very highest standards of data security and privacy protection are upheld to protect not just the privacy of the data subject but also the reputation of the Trust.

In the event of a merger or acquisition, the data may transfer to the new entity.

The Trust does not share information outside the European Union.

Please be aware that this site may provide links to other websites out with our control; our Privacy Policy applies only to this site. We are not responsible for the privacy policies of third party sites which may differ from ours. We cannot accept responsibility for any content or links on these websites.

5.0 How is your data stored and for how long?

We will retain your personal information for no longer than we need it to provide our services and/or products to you. Please see our separate retention policy for specifics on how long we hold different data types (www.johnmuirtrust.org/retention).
We try to keep personal information which we hold about you up to date, but if you think that we are holding information which is inaccurate then please contact us at (info@johnmuirtrust.org) or by telephoning 01796 470080.

Data you provide is held securely on a restricted access database which is managed by a third party and protected by key security measures.  Any data held on our internal servers is also restricted access and further protected by password security as required. We will comply with industry standards to protect against loss, misuse or alteration of personal data but can make no guarantee that it will not occur.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Trust; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

The Trust will systematically review and delete any data they hold for which there is no longer a reason to do so and will particularly adopt this approach with respect to sensitive personal data. 

As noted in the section below, you have the right to have your data erased.  In the event of such a request, the Trust will delete the information immediately unless there is an overriding reason for us to continue to hold that data which does not significantly impede your personal rights, such as an ongoing legal claim.  The Trust will aim to action your request within 7 working days or, in the event of the above situation, advise you why it has not been possible for your request to be actioned within that time period.

6.0 Your rights in relation to your data

You have the following rights with respect to your data:

  • the right for confirmation as to whether or not we hold your personal data  
  • the right to obtain a copy of the information we hold (see section on Subject Access Requests below)
  • the right to have inaccurate data corrected
  • the right to have your data erased, except where it is necessary for us to continue to use the data for a lawful reason
  • the right to object to our processing of your data for marketing or profiling
  • the right to receive your data in a common electronic format where we hold it either on the basis of your consent or for the performance of a contract

The Trust has always placed great importance on data security, good processing practices and transparency.  Therefore, the Trust will not charge you to make a subject access request but reserves the right to do so should that request become manifestly unfounded or repetitive.

7.0 Subject Access Requests

The Trust has a subject access request policy and form which can be found at www.johnmuirtrust.org.uk/subjectaccess. Please read this policy, complete the form and return it to the Data Protection Officer, John Muir Trust, Tower House, Station Road, Pitlochry, PH16 5AN or e-mail to JMT.Privacy@johnmuirtrust.org

As noted above, there is no charge levied by the Trust in responding to the request unless it is manifestly unfounded or repetitive.  The Trust are obliged to respond in writing within one month.  This period can be extended by up to two months where the requests are onerous but we will confirm the need for the extension within the required one month period.

8.0 Under 18 year olds

The safety of children is very important to us. No information should be submitted or posted to the Trust by children under the age of 13 without prior parental/guardian consent. If you are aged under 13, please ensure you obtain your parent/guardian’s consent before sending any personal information to this website.  The Trust will never knowingly send marketing materials to under 18 year olds.  If you would like to become a member of the Trust and are under 18, please specify this on your membership application form so we can be sure we adopt the best possible practice in relation to the use of young individual’s data.

Under 18s can and do take part in the John Muir Award meaning that their names (Firstname Surname) are shared with us solely for the purpose of producing Certificates to recognise their achievement. We also collect anonymised demographic data (including gender and age) to promote the importance and continuation of the Award. This information in its anonymised form is shared with UK Governments, local authorities, funding bodies, Award Partners and Providers.

9.0 Further information or complaints

If you would like to receive further information regarding this Privacy Policy or would like to make a complaint about our use of your data, please write to the Data Protection Officer, John Muir Trust, Tower House, Station Road, Pitlochry, PH16 5AN or e-mail JMT.Privacy@johnmuirtrust.org

If you feel your complaint has not been appropriately resolved, you have the right to lodge a complaint to the Information Commissioners’ Office via (www.ico.org.uk) .

10.0 Links to other policies

Links to other documents as referred to in the privacy policy can be found here:-

Retention policy – www.johnmuirtrust.org/retention
Terms and conditions – www.johnmuirtrust.org/terms-conditions
Subject access request policy and form www.johnmuirtrust.org/subjectaccess

11.0 Changes to Privacy Policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.  Please ensure you agree to our most current Privacy Policy before continuing use on our website.

Cookie Policy

In order to comply with current legislation, we use a system of classifying the different types of cookies which we use on the website, or which may be dropped by third parties through our websites. The classification uses best practice and clearly explains more about which cookies we use, why we use them, and the functionality you will lose if you decide you don't want to have them on your device.

However, because cookies allow you to take advantage of some of the website's essential features, we recommend you leave them turned on for the best user experience. For example, if you do not accept cookies you will not be able to use any of our products and services that require you to Sign In. Cookies also allow you to view other types of content such as video content and Google map content.

The new General Data Protection Regulation (GDPR) that came into force on 25 May 2018 requires all websites to allow visitors the choice to opt in or out of cookies. When you visit our website, we display a notice that gives you a choice to accept or manage cookies.

Update your cookie settings

You can update your cookie settings at any time here:

Accept cookies

Decline cookies

If you select ‘Accept Cookies’ then our standard cookies will be used. These include “essential” cookies, as well as additional cookies including those that allow us to use website analytics to understand more about our website visitors.

If you select ‘Decline Cookies’ then no cookies will be used on the site apart from session cookies and a cookie so that the bar will no longer appear when you are browsing the site - these are “essential” cookies for the website functionality.

If you do not select either ‘Accept’ or ‘Decline’ then no cookies will be used on the site apart from session cookies.

Session cookies do not store or utilise any user data.

What are cookies?

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are used to make the website easier to use and remember you when you return to visit the site.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, product ordering and generally improve the user experience. Third Party cookies can be used to help track users visits to enhance the overall browsing experience of a site.

The cookies used on this website have been categorised using best practice. All our cookies have a life that spans only the length of your session with the exception of the cookie named "YourCookieSettings?" which has a life span of 365 days and stores your cookie settings for this site.  

Cookie categories

  • Essential/Session Cookies
    These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.

Additional Cookie Categories

  • Functional
    These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
  • Performance
    These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don't collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. They are only used to improve how a website works.
  • Targeting
    These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator's permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
  • Third Party
    When you visit a site you may notice some cookies that aren't related to that site. If you go on to a web page that contains external content, for example from Google Maps, you may be sent cookies from these websites. The original site does not control the setting of these cookies, so it is suggested you check the third-party websites for more information about their cookies and how to manage them.
  • Flash Cookies
    Adobe Flash Player used for videos uses Flash cookies (also known as Local Shared Objects) to help improve your experience as a user. Flash cookies are stored on your device in much the same way as usual cookies, but they're managed differently by your browser.
    If you wish to disable or delete a Flash cookie, see Adobe Flashplayer Security Settings. Please note that if you disable Flash cookies for a site you will be unable to access certain types of content on the site, such as videos.

You can find more information about cookies at allaboutcookies.org

Questions

If you have any questions relating to GDPR, your data usage and security or our Privacy Policy or related policies, please contact the Data Protection Officer, John Muir Trust, Tower House, Station Road, Pitlochry, PH16 5AN or e-mail JMT.Privacy@johnmuirtrust.org

This policy was last updated 01 September 2020.