Privacy and cookies notice
Privacy & General Data Protection Regulation GDPR
As SAA is a for not-for-profit organisation, registration with the Information Commissioner's Office ICO is not required, although SAA will comply with its policies.
Public enquiry data kept for a maximum of 90-days.
Privacy when asking a question
We aim to be discreet in responding to enquiries, which are invariably of a personal or sensitive nature, including when they are made about a client or family member.
We endeavour to protect your confidentiality when dealing with any questions or issues you raise.
How to make a complaint to us
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint and to check on the level of service we provide.
How to get a copy of your information
We will try to be as open as we can be in terms of giving you access to your information. You can find out if we hold any personal information about you by requesting the data by contacting us.
Cookies
We and our third-party service providers use cookies and similar technologies to collect information about, and relevant to, your usage of the Site. Cookies are small text files that are stored on your computer when you visit the Site. It is standard practice to use cookies to make your experience better when using a website.
Third party links
This Site contains links to other websites over which we have no control. We are not responsible for and do not review or endorse the privacy policies or practices of other Sites which you choose to access from this Site. We encourage you to review the privacy policies of those other Sites, so you can understand how they collect, use and share your personal information.
Your rights
We respect your rights to privacy and will respond to requests for access or control over information about you in accordance with Data Protection Law. We may require you to verify your identity before we take any action.
Depending on the reason we have your personal data, you have a right to:
- access the personal information we hold about you (commonly known as subject access);
- request that we correct or complete personal information we hold about you that is inaccurate or incomplete;
- request that we erase your personal information in some circumstances, or object to our processing it as detailed here;
restrict how we use your personal information, in certain circumstances;
request that we provide you with copies of your personal information in a machine-readable format or transfer it across different services; and
where we have asked for your consent to process your data, to withdraw this consent.
These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.
If you wish to exercise any of these rights, please contact us.
Your right to object
You have a right to object to our processing of your personal data and ask us to stop doing so. If we are processing your personal data or direct marketing purposes (which includes profiling to the extent that it is related to such direct marketing) and you object to this, we will stop processing your personal data immediately.
If our processing of your personal data is in the public interest or pursuant to our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests, or our use of your personal data is for the establishment, exercise or defence of legal claims.
We hope that we can satisfy any queries you may have about the way we process your data. However, if you have unresolved concerns you also have the right to complain to data protection authorities (in the UK, the Information Commissioner’s Office). You can call the ICO on 0303 123 1113 or go to their website: https://ico.org.uk/make-a-complaint/).
Data retention
Your personal data will only be kept for as long as necessary for our purposes. Specific periods are set out in the table at the end of this notice.
Data protection principles
We process your personal data in accordance with the following principles:
- we process your personal data lawfully, fairly and in a transparent way;
- we collect your personal data for specified, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which for which we collected it;
- we only process personal data which is adequate, relevant and limited to what is necessary to achieve the purpose for which it is processed;
- we take reasonable steps to ensure that all personal data is accurate and kept up to date where necessary;
- we do not store personal data in a form which identifies you for any longer than is necessary for the purposes of processing; and
- we process personal data securely and in a way that protects against unauthorised or unlawful processing, accidental loss, destruction or damage.
When we ask for your personal data we will tell you whether you are required by law or contract to provide it, and what will happen if you do not provide the data.Â
What is our lawful basis for processing?
We will only process personal data when we have a lawful basis for doing that processing. The table at the end of this notice sets out the lawful basis we rely on for each type of data we process.
We will choose one of the lawful bases in the GDPR to justify how we use your personal data. These are:
- Consent: You have given consent to the processing of your personal data for one or more specific purposes.
- Contract: The processing is necessary for the performance of a contract with you or in order to take steps at your request before entering into a contract.
- Legal obligation: We need to process your personal data to comply with a legal obligation.
- Vital interests: The processing is necessary to protect the vital interests of you or another person.
- Public interest: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of some official authority.
- Legitimate interests: Processing is necessary for the purposes of legitimate interests pursued by us or someone else, except where such interests are overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
Table of personal information we use
The table below sets out detailed information about our purposes for processing, the basis for processing and the retention period for the personal data.
Category of personal data | Purpose of processing | Lawful basis for processing | Retention period |
Name and contact details | To deliver purchases to you, and to send you order updates, and for fraud prevention and detection | Performance of contract Compliance with legal obligations | For three years since you last logged on to the Site |
Payment information | To take payment and give refunds, and for fraud prevention and detection | Performance of contract Compliance with legal obligations | For six years since the payment |
Contact history | To provide customer service and support, and to train our staff | Performance of contract Compliance with legal obligations | For six years since you last logged on to the Site |
Browser, device and Site usage information | To improve the site | Performance of contract Compliance with legal obligations | For three years since you last logged on to the Site |
Information from linked accounts | To enable you to log into the Site simply without having to create a specific account | Performance of contract Compliance with legal obligations | For three years since you last logged on to the Site |
Customer comments and product reviews | To improve our products and services, and Where relevant, to establish, exercise or defend legal claims | Performance of contract Compliance with legal obligations | For six years |
Information generated in the course of the use of our products and services | For internal research and development purposes, and To improve and test the features and functions of our Site | Performance of contract Compliance with legal obligations | For four years |
Information collected through cookies and similar technologies | To conduct and store site usage analytics, statistical and trend analysis and market research, and To generate customer profiles to facilitate marketing initiatives | Performance of contract Compliance with legal obligations | Three years after you last visited the Site |
2021/07/13