Privacy Policy

 

1. Who we are 

The Royal Company of Merchants of the City of Edinburgh is a charitable and membership organisation for business and professional people which is dedicated to supporting the young and the elderly.  The Company and its members are actively involved in educational and charitable work. We operate from our office at the Merchants’ Hall at 22 Hanover St, Edinburgh, EH2 2EP. The Royal Company of Merchants was granted the Royal Charter by Charles II and a list of its Institutions can be found at the end of this privacy policy. 

The Royal Company of Merchants of the City of Edinburgh is a data controller and responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy policy).  

2. Purpose 

We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights. 

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them 

3. Contact Details 

If you have any questions about this privacy policy or our privacy practices, please contact our data protection co-ordinator in the following ways: 

Contact: Data Protection Co-ordinator, The Royal Company of Merchants 

Email address: enquiries@mcoe.org.uk.   

Postal address: Merchants’ Hall, 22 Hanover St, Edinburgh, EH2 2EP 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues. You can contact the ICO by writing to them at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephone: 0303 123 1113 or online at: https://ico.org.uk/  We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. 

4. How do we collect personal information? 

We obtain information about you through your direct interactions with us including: 

• when you use our website. 

• emails and website contact submission form when you contact us to make enquiries about our events, hire of the Merchants’ Hall, membership of The Royal Company of Merchants, or to making a donation to one of our charitable trusts.  

• notes of telephone discussions. 

• application forms and other information requests. 

• Direct correspondence with our office. 

5. What personal information do we collect? 

Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows: 

Identity data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth. 

Contact data includes home and business address, email address and telephone numbers. 

Communications includes all emails and written correspondence you have with us. 

Technical data  

For the purpose of better understanding how our website is used and to provide targeted marketing, we also collect the following information when you visit our website: 

• Meta (Facebook) Pixel & conversions API (CAPI). 

• Hashed* email addresses 

• Client IP addresses & client user agents 

• Hashed* phone numbers 

• Facebook Login IDs 

• External IDs 

• Browser IDs 

• Click IDs 

• Lead IDs 

• Subscription IDs 

• Other hashed* information (including gender, date of birth, last name, first name, town/city, country/state, postcode/ZIP, country) 

*hashed information cannot be tied back to you as an individual, and is anonymised and encrypted when it is collected.  

Transaction data includes details about payments to and from you and other details of products and services you have purchased from us. 

If you contact us directly to make a donation or purchase a service from us, your card information is not held by us, it is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below. 

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy. 

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. 

6. How is your information used? 

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: 

• Where we need to perform a contract we are about to enter into or have entered into with you. 

• Where it is necessary for our legitimate interests in conducting and managing our business (or those of a third party) and your interests and fundamental rights do not override those interests. 

• Where we need to comply with a legal obligation. 

Generally, we do not rely on consent as a legal basis for processing your personal data. If we do request your consent to process certain personal data, you have the right to withdraw consent in respect of such data at any time by contacting us. 

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. 

Purpose/ Activity	Lawful basis
We will use your Identity, Contact and Communication data to correspond with you and answer any enquiries and manage our relationship with you.	(a) Performance of a contract with you  (b) Necessary for our legitimate interests (to keep our records updated and to communicate effectively with you)
We will use your Identity, Contact and Transaction data to process a donation that you have made.	(a) Performance of a contract with you. (b) legal obligation to maintain accurate accounting records.
We will use your Contact and Identity data to carry out our obligations arising from any contracts entered into by you and us.	Performance of a contract with you.
We will use your Identity and Contact data to update membership details.	To comply with our legal obligation to ensure your information is up to date and accurate.
We will use your Identity, Contact and Technical data to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
We will use your Identity, Contact and Communication data to send you communications which you have requested and that may be of interest to you. These may include information about membership, events and fundraising activities and promotions of our charitable trusts.	Necessary for our legitimate interests in keeping you up to date on our business and charitable activities.
We will use your Identity and Contact data process a grant or job application	(a) Performance of a contract (b) Legal obligation
We will use your Identity, Contact and Transaction data to process the purchase of tickets or merchandise	Performance of a contract.
Use of tracking technologies	Processing is necessary for the purposes of our legitimate interests in improving and marketing our services, as well as to provide a personalised experience for users.

Marketing 

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that  

you do not wish to be contacted. You can change your marketing preferences at any time by contacting us at: enquiries@mcoe.org.uk. 

7. Do we share personal data with third parties? 

There may be circumstances in which we may also need to share your personal data with certain third parties (strictly on a confidential, business need-to-know basis). Whenever we share personal data, we take all reasonable steps to ensure it will be handled appropriately and securely by the third party and only in accordance with our instructions. 

The third parties to which we may transfer your personal data include:  

• Service providers acting as processors who provide services to us, for example, IT and system administration services and Hickory (Scotland) Ltd for venue management services 

• Professional advisers including lawyers, bankers, accountants, auditors, pension fund managers and insurers who provide consultancy, banking, legal, insurance and accounting services. 

• Any relevant regulatory authority or law enforcement agency, including HM Revenue & Customs, courts or tribunals who require reporting of processing activities in certain circumstances. 

• Any relevant third party if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our members and beneficiaries.  

• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.  

When you access our website, your anonymised data will be shared with Meta Platforms, Inc. using their Meta Pixel and Conversions API products. We are not responsible for the way in which Facebook process your data. To review their Privacy Policy, visit https://www.facebook.com/privacy/policy/ 

We work with Hickory (Scotland) Limited to deliver our event services. When you submit an enquiry to our website regarding events within The Merchants’ Hall, we will pass your personal information such as Name, Email, Phone Number, and your enquiry to Hickory (Scotland) Limited. We are not responsible for the way in which Hickory (Scotland) Limited process your data. To review their Privacy Policy, visit https://hickoryfood.co.uk/privacy-cookies/  

We do not transfer personal data collected in terms of this website privacy policy outside the EEA.  

8. How long do we retain personal information? 

The periods for which we retain personal information depends on the purpose for which the information was obtained but, in general terms, we will retain personal data for so long as required by law, or as may be required for record keeping and legal claims purposes or to fulfil our statutory obligations (for example the collection of Gift Aid).  

The Merchant Company of Edinburgh is an historic organisation where our archives hold membership details dating back to 1670. We feel that there is a strong public and research interest in our archives and to maintain a historic record of our membership, both past and present, we would retain basic details only of our members indefinitely. Appropriate physical and technical controls are in place to maintain the security and integrity of our membership lists. For more information on how we process personal data for members please see our separate Privacy Policy for Membership. 

9. Data Security 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have  

a business needs to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. 

10. Cookies 

Our website makes use of cookie files to distinguish you from other users of our site, to provide you with a bespoke user experience tailored to your individual preferences. A cookie file (a small file of letters and numbers) will be placed on your computer or other access device each time you visit our site. 

We also use analytical cookie files. These allow us to recognise and count the number of visitors to our site and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily. 

If you wish to delete any such cookie files, please refer to the instructions for your file management software to locate the file or directory that stores cookies. Our cookies will contain the domain name mcoe.org.uk within the file name. 

You may refuse to accept cookie files when visiting our site, by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you choose this setting, you may not get an optimal web site experience and be unable to access certain parts of our site. 

11. Third-party links 

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit. 

12. Your rights where we are processing your information 

The law in the UK gives certain rights to individuals whose information is being processed by a third party. The following is a quick summary of these rights: 

Your right of access – You have the right to ask us for copies of your personal information. 

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. 

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances. 

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. 

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). 

Please contact us at enquiries@mcoe.org.uk if you wish to exercise any of these rights. 

LIST OF INSTITUTIONS 

THE MERCHANTS’ HALL LIMITED (Registered Number. SC193385) 

THE WIDOWS’ FUND OF THE COMPANY OF MERCHANTS OF THE CITY OF EDINBURGH 

THE MERCHANT COMPANY ENDOWMENTS TRUST (Charity No: SC 002002) 

MCET LIMITED (Registered Number: SC 215839) 

EDINBURGH MERCHANT COMPANY RETIREMENT BENEFITS SCHEME 

THE MERCHANT COMPANY EDUCATION BOARD (Charity No. SC009747) 

EDINBURGH MERCHANT COMPANY ENTERPRISE FUND LIMITED (Registered Number: SC 544235 & Charity NO. SC047319) 

The Royal Company of Merchants of the City of Edinburgh Charitable Trust (Charity No. SC051300)