Sri Lankan Association in Scotland (SLAS) Privacy Policy, Last Revised Date: 05th April 2025
- Introduction
The Sri Lankan Association in Scotland (SLAS) is committed to ensuring the lawful, fair, and transparent processing of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy outlines how SLAS collects, stores, processes, and protects personal data.
- Purpose
This policy sets out the principles and practices followed by SLAS to protect the rights and privacy of individuals whose personal data we process, including members, event attendees, volunteers, donors, and partners.
- Scope
This policy applies to all staff, volunteers, committee members, and third parties acting on behalf of SLAS who process personal data collected in the course of our activities.
- Legal Basis for Processing
SLAS processes personal data based on one or more of the following legal grounds:
- Consent
- Performance of a contract
- Legal obligation
- Legitimate interests
- Types of Personal Data We Collect
We may collect and process the following categories of personal data:
- Name
- Contact details (e.g. phone number, email, postal address)
- Date of birth (where necessary)
- Emergency contact information
- Accessibility or dietary requirements
- Donation records
- Event registration details
- Photographs or video recordings (with consent)
- How We Use Personal Data
We use personal data for purposes including:
- Administering membership, events, and community activities
- Communicating with individuals regarding services or updates
- Managing donations and fundraising activities
- Ensuring health and safety compliance
- Sharing limited contact details with sponsors or partners (only with consent)
- Meeting legal and regulatory requirements
- Data Sharing and Third Parties
We do not share personal data with third parties unless:
- Consent has been obtained
- It is necessary to fulfil a legal or regulatory obligation
- It is required to protect vital interests (e.g. in emergencies)
Any third parties (e.g. service providers or sponsors) who receive data will be required to comply with UK GDPR standards.
- Data Retention
Personal data will be retained only as long as necessary to fulfil the purposes for which it was collected or to meet legal requirements. SLAS maintains a data retention schedule to ensure regular reviews and secure deletion.
- Data Security
We implement appropriate technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure, or destruction. These include:
- Restricted access controls
- Secure storage of physical records
- Password-protected files and devices
- Staff and volunteer training in data protection
- Individual Rights
Under the UK GDPR, individuals have the following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision-making
Requests to exercise these rights should be made in writing to: This email address is being protected from spambots. You need JavaScript enabled to view it..
- Data Breach Management
In the event of a data breach, SLAS will follow its Data Breach Response Procedure, including reporting to the Information Commissioner's Office (ICO) where required and notifying affected individuals if there is a high risk to their rights and freedoms.
- Review and Updates
This policy is reviewed annually or when significant changes occur in the organisation or in data protection law.
For questions about this policy or to make a data rights request, contact:
Sri Lankan Association in Scotland (SLAS)
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: www.slascot.org.uk
