Cromarty Community Development Trust — Privacy and Data Protection Policy

Purpose
We are committed to protecting personal data and respecting the privacy rights of individuals in accordance with the UK GDPR and the Data Protection Act 2018.

Data We Collect

• Names, contact details (for bookings)
  
• Emergency contact information (optional)
  
• Health-related information for accessibility (only if provided voluntarily)
  

How We Use It

• To manage bookings
  
• To provide a safe and inclusive service
  
• To contact users in case of emergency or changes
  

‍

Legal Basis
We collect and store personal data based on:

• Consent (e.g. signing up to a newsletter)
  
• Legitimate interests (e.g. managing sauna bookings safely)
  

Storage and Security

• Data is stored securely (password-protected files, encrypted drives)
  
• Only authorised personnel can access this data
  
• Retained only as long as necessary
  

Your Rights
Individuals have the right to access, correct, delete, or object to their data being processed. Contact [email address] to make a request.

Data Breach Protocol
In the event of a serious data breach, we will notify the ICO within 72 hours and affected individuals if appropriate.

Contact:
Data Protection Officer

Signed: Matt Hall  Chair of Board
Date: 14th July 2025

‍