The Moira Anderson Foundation

Data protection privacy notice

This notice explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you during your time at the Foundation and after it ends. We are required to notify you of this information under data protection legislation. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information about you.

Who collects the information

The Moira Anderson Foundation (‘Company’) is a ‘data controller’ and gathers and uses certain information about you.

Data protection principles

We will comply with the data protection principles when gathering and using personal information, as set out in our data protection policy.

About the information we collect and hold

What information

We may collect the following information during your time at the Foundation:

  • Your name, contact details (i.e. address, home and mobile phone numbers, email address);
  • Information about you including your date of birth, gender and employment status;
  • Your nationality;
  • Information regarding your physical and mental health as well as any medication you may be taking and your GP’s information;
  • Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs;
  • A brief history of the reason why you have decided to attend the Foundation and a signature to confirm your agreement of attendance;
  • COVID-19 UPDATE: We may need to process additional health information for reasons of public interest in the area of public health, including protecting against serious cross-border threats to health where we have a legal duty of confidentiality to our clients.

How we collect the information

We may collect this information from you, any organisation who may have referred you and/or any organisation you are working with.

Why we collect the information and how we use it

We will typically collect and use this information for the following purposes (other purposes that may also apply are explained in our data protection policy).

  • for the purposes of our legitimate interests

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any material changes to information we collect or to the purposes for which we collect and process it.

How we may share the information

With your consent we may share some of the above categories of personal information with other parties, such as medical professionals or other voluntary organisations we advise to refer you on to. The recipient of the information will be bound by confidentiality obligations. 

In exceptional circumstances, we may also be required to share some personal information without your consent in order to follow our Adult Protection procedures. An example of this would be an instance where we believe there is actual or suspected risk of harm to you or another person.

Where information may be held

Information will be held within our offices. We have security measures in place to seek to ensure that there is appropriate security for information we hold including those measures detailed in our data protection policy.

How long we keep your information

We keep your information during and after your time at the Foundation for no longer than is necessary for the purposes for which the personal information is processed.

Your rights to correct and access your information and to ask for it to be erased

Please contact our Data Protection Officer (DPO) Gillian Urquhart who can be contacted by email at gillianurquhart@moiraanderson.org or by phone on 01236 602890, if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice. You also have the right to ask our Data Protection Officer for some but not all of the information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances. Our Data Protection Officer will provide you with further information about the right to be forgotten, if you ask for it.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.


  1. ABOUT THE INFORMATION WE COLLECT AND HOLD
The information we collectHow we collect the informationWhy we collect the informationHow we use and may share the information
Your name, contact details (ie address, home and mobile phone numbers, email address) From youTo contact you when deemed necessaryLegitimate interestTo contact you when deemed necessary (ie for appointments)To refer you to third party organisations
Your nationality From you Legitimate interestTo use for statistical analysis
Information about your physical and mental health From you, from your doctors, from medical and occupational health professionals we engageLegitimate interests: to ensure safe working practicesTo best provide the correct services for youInformation shared with your doctors, with medical and occupational health professionals we engage
Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefsFrom youTo compile reports to secure grantsTo compile reports to secure grants
General information about you (such as date of birth, gender and employment status)From youLegitimate interests: to maintain records For staff administration and for grant reporting purposes
Brief History and SignatureFrom youTo ensure we are giving you the right services that will be most beneficial to youTo ensure that you are aware of and agree to the information providedTo ensure you receive the correct services
Covid 19 – details of additional health informationFrom youTo comply with Track and Trace legislationTo reduce the risk of spreading Covid 19. We may share with Public Health Scotland

You are required (by law) to provide the categories of information marked ‘☐’ above to us to enable us to verify your involvement with the Foundation.