Privacy Policy

Privacy Policy

This document details the Moray School Bank (MSB) Privacy Policy and procedure with the respect to the collection and use of data.

Our privacy commitment

MSB is absolutely committed to respecting and protecting your data whilst it is in our care. We have strict policies and procedures in place to protect your data and we are committed to the General Data Protection Regulations and the Privacy and Electronic Communications (EC Directive) Regulations 2003 and abide by its requirements.  Processing of your Personal Data as described in this policy is allowed by one or more lawful grounds including:

  • With your consent. For example, we only use your information to send you marketing communications by email or text with your consent. We also may ask for your explicit consent if you share sensitive personal information with us.
  • To perform our contractual obligations to you. For example if you are a party or to take steps at your request prior to entering a contract. We may rely on this basis where you apply to work for us.
  • To comply with our legal obligations. For example, we may rely on this basis where we are obliged to share your personal information with a regulator or HMRC.
  • To pursue our legitimate interests. Where the processing is reasonably necessary for the purpose of a legitimate interest pursued by us or a third party and your privacy rights do not override the legitimate interest. Our “legitimate interests” include pursuing the aims and ideals of MSB through our work and fundraising through direct marketing campaigns and special events. However, “legitimate interests” can also include your interests, such as when you have requested information from us, and those of third parties, such as our beneficiaries.

What personal data will we collect.

Depending on your activity (i.e. if you are volunteering or donating) the information we collect from you directly or from third parties whom we work with, may include:

  • Name
  • Email address
  • Postal address
  • Telephone number
  • Contact preference
  • Bank account details for setting up a regular direct debit
  • Credit card details for processing a payment
  • Date of birth
  • Gender, where appropriate
  • Taxpayer status for Gift Aid
  • If you are a minor, we may collect the name and contact details of a parent or guardian and, where appropriate the name and location of your school


How we will use your information

We will use your information for a number of purposes, including the following:

  • To process your donations including to Claim Gift Aid (if applicable)
  • To tell your story to promote our fundraising and charity aims ,ONLY if you have agreed
  • To process your referral
  • To send you fundraising packs
  • To help us run and fulfil prize draws, competitions, auctions or events
  • To reply to any questions, suggestions, issue or complaints you have contacted us about


How do we process ‘sensitive’ personal information

Under data protection law, certain categories of personal information is clause as sensitive. This includes health information, information regarding race, religious beliefs, and political opinion (‘Sensitive Persons Data’). We only collect this information if there is a clear reason for us doing so, such as in relation to a referral and this will be made clear on the referral form.

Security of the information we collect.

The servers we use are protected using HTTP and SSL technology, so whilst your data is in our care we know it’s as secure as it can be. Our staff are trained in data security, and our staff policies and procedures help our staff to understand what is required of them under their obligations to us, and also their responsibilities under the General Data Protection Regulation and other privacy legislation. When we ask another organisation to provide a service for us, we ensure that they have appropriate security measures in place. If we or our service providers transfer any information out of the European Economic Area (EEA), it will only be transferred on the basis of an agreement with the service provider, designed to protect your data in the appropriate form in accordance with data protection laws.

How will we collect and use your personal data

We may collect information about you directly when you interact with us such as collect when you register on one of our websites; make a donation to us via our online fundraising platforms or text donate facilities.  You may be referred to us or provide information in person at one of our events. Or indirectly when you interact with a third party who we work with, for example where you have made a donation to us through a third-party website (e.g. Just Giving or Virgin Money Giving) and have given them permission to share your information with us.

With regard to each of your visits to our website we may automatically collect technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; to process personal information for the purposes of customer analysis and direct marketing to help us with our activities and to provide you with the most relevant information.

We are legally required to hold some personal information to fulfil statuary obligations, for example the collection of Gift Aid or to support certain financial transactions. We also hold information about your details so that we can respect your preferences for being contacted by us.

Will we share your data with other companies?

We do not rent or sell your personal information to other organisations for use by them in their own direct marketing activities.

Except as otherwise stated in this Privacy Policy or in the data collection statements that will always be visible when we collect your information and where we give you the opportunity to select your preferences, we may release your data to external companies such as donation and payment services companies; event organisers when you participate in an event; companies who help us send out our fundraising packs.

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or in order to enforce or apply our terms of use for our website. This includes exchanging information with other companies and organisations for the purposes of fraud detection and protection.

How long will we keep your personal information?

We will retain your Personal Data in accordance with our retention policy and will keep it no longer than reasonably necessary for the purposes for which we hold it, taking into account relevant legal, regulatory, tax and accounting requirements. Where personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by us on a day to day basis. For further information you can contact us via email 

How can I opt out of Marketing?

If you receive a marketing email from one of us, you will have the option to “opt-out” by replying to our email with ‘STOP’.  If you receive a marketing call from us, please let the call operator know you do not wish to receive any further calls.

If you have indicated that you do not wish to be contacted for marketing purposes we will maintain your details in a suppression list to ensure that we do not contact you again for marketing purposes. However, we may still need to contact you for administrative purposes, such as:

  • Processing a donation you have made and any related Gift Aid.
  • Providing you with information you need to relation to an event you have registered for.

Leaving our website and moving on to third party websites

When you click on advertisements or links on any of our site, you will leave that site and go to a third party site, which is outside of our control. When we place an advertisement on one of our sites, it does not signify that we are endorsing that advertiser’s product or service. We do not accept responsibility for content, have no control over and our Privacy Policy does not apply to these companies, sites or content and if such third party sites collect Personal Data, we cannot control how this data is processed, stored or used. We advise that you read their data collection statements, which accompany any registration and their Privacy Policies before you submit your personal information.

Cookies and how we use them

“Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a website. We use cookies for a number of reasons:

  • To provide you with a more personal and interactive experience on our site.
  • For statistical purposes to track how many users we have and how often they visit our websites.
  • We use organisations to collect anonymous user information so they can analyse how the website is being used and the number of visitors.

You have the ability to accept or decline cookies, but please be aware that for some parts of our site to work, you will need to accept cookies. For more information please visit and/or For more information on how we use cookies please read the MSB Cookie Policy.

What are your rights?

Under GDPR, you have a number of rights, which are aimed at giving you control about how your personal data is used by us.

Access your personal data

You have the right to see what information we hold about you and the purposes for which we are using it. This is known as a Subject Access Request(SAR). In responding to such a request, we may ask for proof of your identity, to ensure that we do not send you personal data to another person. We will respond to any requests as soon as possible, but at least within 30 days. To make a SAR please email this to us

Amend or delete your personal data

You may ask us to make any changes that you consider necessary to make the information accurate, please let us know and we will rectify this as soon as possible. Please email us the changes to  We will require that you satisfactorily identify yourself to demonstrate your entitlement to view this data.

If you wish for your personal data to be deleted we will review any request on a case-by-case basis. We will respond to you as soon as possible, at least within 30 days of receiving your request.

Where we rely on legitimate interests to obtain and use your personal data then you have the right to object if you believe your fundamental rights and freedoms outweigh our legitimate interests.

Where processing is carried out based upon your consent, you have the right to withdraw this consent.

Questions regarding this Privacy Policy

If you have comments or questions related to this Privacy Policy please email us and we will respond as promptly and as fully as we can.

Complaints will be responded to within 30 days. If you are not satisfied with the response you should refer your complaint to the ICO

Changes to this Privacy Policy

This Privacy Policy will be amended from time-to-time if we make any important changes in the way that we collect, store and use personal data. We may notify you by sending an email to your last known email address or writing to your last known postal address to direct you to the Privacy Policy if the changes are material. Our dispatch of a communication to you will, in any event, constitute notification. Any changes will be effective immediately.

This Privacy Policy was last revised in May 2020