Support Us

How We Handle Your Privacy & Data

At Cults Library Trust, we are committed to protecting your privacy and ensuring that any personal information you provide is handled securely and responsibly. We collect and process personal data only when necessary to support our work in reopening Cults Library, engaging with the community, and managing memberships, volunteers, and fundraising efforts.

We do not sell or share your data with third parties for marketing purposes. However, in some cases, we may share relevant information with Aberdeen City Council and other essential partners as required for governance, funding applications, or legal compliance.

Below, we outline how we collect, use, store, and protect your data.

Privacy and Data Protection Policy

Cults Library Trust
 Adopted on: 30th January 2025
 Review Date: 30th January 2027

1. Purpose

Cults Library Trust (“the Trust”) is committed to protecting the privacy and security of personal data. This policy explains how we collect, use, store, and protect personal information, and outlines the rights individuals have in relation to their data.

This policy applies to trustees, staff, volunteers, service users, donors, and members of the public whose data we process.

2. Our Legal Basis for Processing Data

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. Our lawful bases for processing data include:

  • Consent (e.g. for mailing lists or photography)
  • Legal obligation (e.g. charity law compliance)
  • Contractual necessity (e.g. employment or volunteer agreements)
  • Legitimate interest (e.g. managing events, donor stewardship)
  • Vital interest (e.g. safeguarding emergencies)

3. What Data We Collect

We may collect the following personal data:

  • Name, contact details (address, email, phone)
  • Date of birth (for age-specific activities)
  • Emergency contact details
  • Donation records and Gift Aid information
  • Event registration and feedback
  • Volunteer applications and references
  • Safeguarding and Disclosure Scotland check information (where required)
  • Photos or videos (with consent)

We may also collect limited special category data (e.g. health information) where needed to ensure accessibility or safeguarding.

4. How We Use Personal Data

We use personal data to:

  • Communicate with service users, volunteers, supporters, and partners
  • Organise and run events, programs, and library services
  • Manage volunteers and staff
  • Keep accurate financial and fundraising records
  • Ensure safeguarding and health and safety
  • Comply with legal and regulatory obligations

We do not sell or rent your personal data to third parties.

5. Data Sharing

We may share personal data with trusted third parties where necessary, such as:

  • HMRC (for Gift Aid claims)
  • Charity Commission or OSCR
  • IT service providers (e.g. email or donation platforms)
  • Safeguarding agencies (where legally required)

All third parties are required to keep your data secure and use it only for the intended purpose.

6. Data Retention

We only keep personal data for as long as necessary for the purpose it was collected. This may vary depending on legal requirements, such as:

  • Donation records: 6–7 years for financial reporting
  • Volunteer records: up to 3 years after leaving
  • Safeguarding concerns: in line with statutory guidance

When data is no longer needed, it will be securely deleted or destroyed.

7. Your Rights

You have the following rights under data protection law:

  • To be informed about how we use your data
  • To access your personal data
  • To correct inaccurate or incomplete data
  • To request deletion (“right to be forgotten”)
  • To restrict or object to processing
  • To data portability (in certain circumstances)
  • To withdraw consent at any time (where relevant)

To exercise any of these rights, please contact us at:
📧 cultslibrary@gmail.com

If you believe we have not handled your data properly, you can contact the Information Commissioner’s Office (ICO): www.ico.org.uk

8. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Secure password-protected devices and systems
  • Access controls for sensitive information
  • Staff and volunteer training on data protection
  • Confidentiality agreements where needed

9. Photography and Media

We will seek written or verbal consent before taking or publishing photographs or videos of individuals. For children or vulnerable adults, consent will be obtained from a parent, guardian, or carer.

10. Policy Review

This policy will be reviewed at least every 2 years or sooner if there are changes in legislation or our operations.

Signed: David Laing, Chairperson
Review Due: 30th January