In regard to data protection, the SSPR has always taken its responsibility seriously and information gathered has never been forwarded to third parties, been sold, or been used for any other purpose than contacting the member/visitor/client with relevant information pertinent to their interest in the SSPR.
In line with GDPR legislation we will continue to guard and respect your personal data but are obliged to state clearly; how and why we store information about you, our responsibilities and your rights.
Members are asked to complete an application form and give us their name and contact details (address, email, etc) so that we can keep them informed of forthcoming events or remind them to renew their membership. We also ask that from 2018 Members give us explicit consent to be contacted by ticking a box in their membership form. Information gathered is kept in a digital format in a private password protected file sharing service. This information is only accessible to trustees of the charity (Council Members) and any hard copies of this list is kept secure by trustees.
If a Member does not renew their membership, the SSPR will contact them to remind them to renew – for no more than 3 months after the deadline to renew. After this point if we do not hear from you, we will delete your name/contact details from our membership list / mailing list.
If at any point a Member does not wish to be contacted by email, then they must inform us in writing (mail or email) and we will delete their name/contact details from our mailing list. Their membership details will still be kept on file as long as their subscription is still active.
If a Member wishes to cancel their membership, then we will delete all information we hold on them from our mailing list and membership list.
If any Member wishes to find out what information we hold on them, then contact us and we will do so within 30 days (the SSPR is staffed by volunteers).
Visitors to SSPR Meetings are asked whether they’d like to be kept informed of forthcoming SSPR events and add their names and email addresses to our mailing list. Visitors always add their own name and email to our mailing list – SSPR members or trustees cannot add anybody else without their consent. At this point we always verbally inform them that this information is never passed on to third parties/sold or used for any other purpose than being kept informed of SSPR events.
The mailing list is kept in a digital format in a private password protected file sharing service, only accessible to trustees. Any hard copies of this list is held securely by the trustees.
At any point anybody can ask to be taken off our mailing list. We will comply as soon as is possible (the SSPR is staffed by volunteers).
A ‘client’ is someone who contacts the SSPR in regard to their own anomalous experiences. The SSPR takes client confidentiality seriously and the name/identity/identifying features of the client will only be known/shared with the Case Co-ordinator and any Investigation Team (in total, usually this would mean a maximum of 3 or 4 people).
The name and contact details of clients are kept on two hard drives, and/or in the personal emails of investigators and/or in a print-out stored in a file, securely stored in the Case Co-ordinator’s residence (who is always also a trustee). They are not stored in a file-sharing service nor accessible to all trustees. The names of clients are shared on a ‘need to know’ basis.
Any verbal or written report made about the client’s experiences and shared beyond the Co-ordinator and Investigators is anonymised. This means that names are changed and addresses made geographically vague (e.g. Kilmarnock would become ‘a town in the West of Scotland). Sometimes to ensure no links might be made between the client and their story, other details are made vague too; professions might be generalised (e.g. a Physiotherapist would become a ‘healthcare professional’) and any physical attributes not made explicit (e.g. a missing left leg would become ‘a physical disability’).
The SSPR always guards the identity of its clients and recommends that clients do not contact the press or share their experiences on social media. Sometimes clients come to the SSPR after they have already contacted the press and their name is already in the public arena. Only in this circumstance does the SSPR link the actual name of the client with their account – although any information given to the Investigators in confidence is then never publicly shared.
If a client wishes to be contacted, then the SSPR will contact them. However, after two attempts to contact a client, the SSPR will stop attempting contact. The client’s details will remain on file – but only with the Case Co-ordinator and Investigators.
If a client wants to know what information the SSPR holds on them then the SSPR will provide this information within 30 days (the SSPR is staffed by volunteers).
If a client wants their name/contact details to be removed from SSPR files, then the SSPR will comply as soon as possible. However, the SSPR report on the Case will remain in its anonymised form, purged as it is of any personal details.
The SSPR will retain names and contact information of clients for up to 10 years after the last communication, after which details will be deleted/destroyed. We will keep the anonymised Case Reports based on the client’s account indefinitely. This is because the Reports are already purged of personal details/identifying information.
If, at any time, any cloud-stored file sharing service is hacked or any personal hard-drives are stolen, we will inform all members, visitors and clients immediately.