Privacy Policy

This privacy notice was last updated on 30th July 2018.

1. Introduction

ScotPEN is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website. It complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws.

This website is built with WordPress and may use tools such as cookie consent plugins, analytics services, and embedded media, all of which are governed by this policy.

This notice applies to all online signup forms, events and projects coordinated by us, the Scottish Public Engagement Network (ScotPEN). We will process your data in accordance with the General Data Protection Regulation as applied, enacted and amended in UK law. Between 2017 and 2021 hosting of ScotPEN’s annual meeting for Public Engagement Professionals (and associated data) will rotate between the universities of Aberdeen, Dundee, Edinburgh, Glasgow and St Andrews. In 2017-18, it is hosted by the University of Glasgow, which is the current data controller.

2. Data We Collect

When you interact with our website, we may collect the following types of data:

  • IP address and general location (via cookies)

  • Browser type and device information

  • Pages visited, referral source, and time spent on the site

  • Information submitted via contact forms (e.g., name, email address, organisation)

This data may be collected via:

  • Website forms (e.g., joining the network, event registrations)

  • Google Analytics or other analytics tools

  • Embedded content (e.g., YouTube, Twitter)

3. Cookies and Consent Management

Our website uses cookies to improve user experience and analyse web traffic. When you first visit, a cookie banner allows you to:

  • Accept all cookies

  • Refuse non-essential cookies

  • Manage your preferences by category

We use a consent management platform (CMP) such as Complianz to:

  • Block non-essential cookies until you provide consent

  • Log your consent status securely (as required under GDPR)

  • Allow you to revoke or change your consent at any time

Types of Cookies:

  • Essential: Enable basic site functions and security

  • Analytics: Help us understand how visitors interact with the site

  • Marketing/Third-Party: Used by embedded content (e.g., YouTube)

4. Embedded Content

Some pages on scotpen.org include embedded content from other websites (e.g., YouTube, X/Twitter). This embedded content behaves as if you visited the other site directly and may:

  • Set cookies

  • Track your interaction

  • Collect data if you’re logged into the third-party platform

We recommend reviewing the privacy policies of any third-party services accessed via embedded content.

5. How We Use Your Data

The legal basis for the processing of your information is consent, which you can provide via the online signup form provided.

Your information will be retained for up to 3 years, except in the case of photographs which will be held in the ScotPEN image bank indefinitely. You may contact hello@scotpen.org at any time to request that your information, including any photographs of you, is deleted.

We use your data to:

  • Operate and maintain the website

  • Improve usability and content based on analytics

  • Respond to enquiries or form submissions

  • Facilitate event participation or mailing list subscriptions (if applicable)

  • Meet legal and regulatory obligations

We will never sell your data or share it with third parties except as necessary to deliver services (e.g., via trusted providers like Google, Mailchimp, or WordPress plugins).

6. Legal Basis for Processing

We rely on:

  • Consent – for analytics, form submissions, and marketing cookies

  • Legitimate interests – for improving user experience and site performance

  • Legal obligations – for compliance with data protection laws

7. Data Retention

We retain personal data only as long as necessary:

  • Form submissions: up to 12 months

  • Cookie consent logs: up to 12 months

  • Analytics data: anonymised and retained for up to 26 months

8. Your Rights

Under the UK GDPR, you have the right to:

  • Access your personal data

  • Receive it in a structured machine readable format

  • Request rectification or erasure

  • Rectify it if it is not accurate or complete

  • Restrict or object to processing

  • Withdraw your consent

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

9. Data Security

We implement technical and organisational measures to protect your data:

  • SSL encryption

  • Secure form handling

  • Role-based access to WordPress admin area

  • Regular plugin updates and security scans

10. Contact

If you have any questions or wish to exercise your data rights, please contact:

Email: hello@scotpen.or

11. Updates

This privacy policy may be updated from time to time. The most recent version will always be available at:
https://scotpen.org/privacy-policy