Privacy Policy

Privacy notice for Mountain Bothies Association

The MBA takes your privacy seriously. We are a “controller” of the personal information that you provide to us and this privacy notice sets out how, why and for how long we will use your personal data, as well as who it is shared with. It also explains your legal rights as a data subject and how to exercise them.

What we need from you

When you register as a member of the MBA or renew your membership (including if you are registering or renewing on behalf of a young person aged 16 or under), we may ask you for some or all of the following personal information:

  • Contact details – name, address, email address and phone number.
  • Date of birth – to calculate membership category.
  • Payment details – bank account number, sort code, card details.
  • Participation details – Area and Work Parties

If you do not provide us with all of the personal information that we need this may affect our ability to offer you our membership services and benefits.

Why we need your personal information – contractual purposes

We need to collect our members’ personal information so that we can manage their relationship with us. We may use our members’ personal information to:

  • Provide you with core member services, including confirmation of membership, membership card, end of year renewal.
  • Set up an online membership account enabling you to manage your membership and communication preferences.
  • Organise Bothy Maintenance activities and manage risk and safety if you attend a work party or Area Meeting.

Why we need your personal information – legitimate purposes

We also process our members’ personal information in pursuit of our legitimate interests to:

  • Provide you with news and updates about the activity of the MBA, opportunities to get involved in work parties, training, Area and General meetings or other events.
  • Raise awareness of the MBA’s activities by capturing photos, videos, or live streaming at events. We may use this for promotion, education and development purposes.
  • Respond to and investigate your questions, comments, support needs, complaints, concerns or allegations.

Why we need your personal information – legal obligations

We are under a legal obligation to process certain personal information relating to our members for the purposes of complying with obligations under:

  • The Protection of Vulnerable Groups (Scotland) Act 2007, which requires us to check that our coaches and volunteers are able to undertake regulated work with children and vulnerable adults.
  • The Equality Act 2010, which requires us to process personal information to make reasonable adjustments where necessary.
  • The Charities and Trustee Investment (Scotland) Act 2005 and the Companies Act 2006 both of which require us to maintain a register of members, including name, address, date admitted to membership and date on which membership ceased, to hold general meetings, issue notices and AGM voting arrangements.

Other uses of your personal information

We may ask you if we can process your personal information for other purposes. Where we do so, we will provide you with an additional privacy notice explaining how we will use your information for these purposes.

Who we share your personal information with

We may be required to share personal information with statutory or regulatory authorities to comply with statutory obligations. Such organisations include the Health & Safety Executive, Disclosure Scotland, and Police Scotland for the purposes of safeguarding children. We may also share personal information with professional and legal advisors for the purpose of obtaining advice.

Third party suppliers with access to members’ personal data

The MBA will use third party suppliers to provide services. These suppliers may process personal data on our behalf as “processors” and are subject to contractual conditions to only process that personal information under our instructions and protect it.

When we share personal information with external third parties, we only share such information strictly required for the specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes. At present Henderson Black & Co provides our membership database and process payment transactions securely on our behalf.

How we protect your personal information

Your personal information is accessed by MBA officers only for the purposes set out above. It is stored electronically by the MBA and is password protected.

How long we keep your personal information

We only keep your personal information for as long as necessary to provide you with membership services. Unless you ask us not to, we will review and delete your personal information where you have not renewed your membership with us for three years.

You have a right to:

  • Change your communication preferences or restrict the processing of your personal data for specific purposes.
  • Request that we correct your personal data if you believe it is inaccurate or incomplete.
  • Request that we delete your personal information.
  • Access the personal data that we hold about you through a “subject access request”.

You can contact the MBA at www.mountainbothies.org.uk

If you are dissatisfied, you have a right to raise a complaint with the Information Commissioner’s Office at www.ico.org.uk

© Copyright Mountain Bothies Association, Edenbank House, 22 Crossgate, Cupar, Fife, KY15 5HW
Mountain Bothies Association is a charity registered in Scotland, no. SC008685 and a company limited by guarantee and registered in Scotland, no. SC191425