This page has been created by Scotiacon UK Limited to explain how Scotiacon (the convention) collects, holds and uses personal data.
This page will also explain why we collect personal information and the conditions under which we may disclose it. The policy on privacy is reviewed regularly and may be updated to reflect changes in legislation and operational needs.

Should you have any questions about the current or previous updates please contact us by email.

How is information collected and what is collected?
Information is obtained from various sources, including from the registration system, email contact at the convention for processing sales and donations to charity and other sources.

Personal information will be collected to enable us to process your membership with the convention. This can include your name, address, electronic contact information including email. This list is not exhaustive and is given as example only. Card processing is handed by an external service who specialise in that operation field.

Some information may be collected when using social media services connected with the convention. The information will not generally be held on devices within our control and we would suggest checking the settings of privacy on individual sites and platforms for more information.

How is information used?
Information may be needed to process registering for the convention, notifying you of any changes to your membership or relevant updates to the convention, returning lost property or posting other items from the convention, obtaining feedback or other relevant uses. It is important to note that we are legally required to hold some information to comply with statutory obligations under UK law. However information will only be retained as long as needed to comply. Non personal data may be held for statistical purposes, this is not able to be tied to an individual. An example of this may be the number of suiters registered or the number of attendees.

Lawful processing of information is a requirement of GDPR and we have a requirement to process your data to carry out our obligations to operate the convention and comply with requirements placed upon us.

At times we may need to use third party services to carry out activities for the convention. This may mean passing on information to them to enable the service provision (for example to validate hotel bookings, process payments and send communications out). The only information passed on will be necessary to deliver the service. We will make instructions to them to not use or sell information onwards and to comply with the data only being used to carry out that service. If you wish us to no longer contact you with updates and information you can let us know by emailing. Please note that we may be required by law to disclose information (for example an order of the court or criminal investigation).

Some services may involve the transfer of data to locations outside of the European Union. As part of our regular reviews we will only work with reputable organisations and attempt to ensure they abide by the same level of data control as required by the relevant regulations. By submitting your personal data, you’re agreeing to this transfer, storing or processing.

Will information be sold?
We will not sell information to third parties. Information will not be passed to third parties for marketing purposes.

Accessing information
If you need to update information, please contact us as soon as possible to carry out this task.

You have the right to ask for a copy of the information Scotiacon holds about you. A nominal charge may be made to cover the costs of sending data out. Please note that this can take time to process the information held and we will make security checks to ensure that information is not misused or altered without just cause. If there is any doubt as to the validity of the request we may refuse to disclose information without further checks on the request.

What rights do I have?

For detailed information on your rights regarding privacy and data control we recommend you consult the guidance published by the UK’s Information Commissioner’s Office at their website https://ico.org.uk/

Online information
Our website uses various security methods to prevent reduce the risk of data theft. In various browsers this is displayed differently. Look out for things like https instead of http and for a padlock symbol in the browser bar. We suggest that you consider regularly changing passwords and not using the same password for multiple sites.

We are not responsible for third party sites and suggest consulting their polices before proceeding further. Our privacy policy only applies to our own website. Some data may be passed outside the European Union by online providers, especially if you are browsing from outside the European Union.

How long is my data retained?

Normally we will not retain personal information for longer than is necessary to carry out the activity that it was collected for. This time will vary depending on operational and legal considerations. Depersonalised data may be retained indefinitely, this will be unrelatable to any personal information.