The Organisation (to include Cowane’s Trust, Cowane’s Residential Care, Patrons of Spittal’s
Hospital Trust and Cowane’s Hospital Trading Limited) is committed to being transparent about
how it collects and uses the personal data of individuals including tenants, customers, suppliers and
other people the organisation has a relationship with or may need to contact. This policy sets out
the Organisation’s commitment to data protection and individual rights and obligations in relation
to personal data.

Within the organisation there is an appointed person with responsibility for data protection
compliance. Please contact us at 49 St John Street, Stirling FK8 1ED, Telephone 01786 472247,
email should you have any questions about this policy, or require further


This Privacy Notice is a public document available to anyone to explain how the organisation
collects and processes personal information in order to conduct normal business activities.

How we collect your information

We collect information from you via a variety of sources, including;
• by e-mail, telephone, post and social media
• when you meet with us
We may receive information about you from third parties.

What information does the organisation collect?

We collect a range of information about you. This includes:
• your name, address, date of birth and contact details, including email address and telephone
• other personal information that may vary in relation to the service provided
• our correspondence and communications with you
• details of services provided
• information from publicly available sources
The organisation may collect this information in a variety of ways including from third parties.

Why does the organisation process personal data?

The processing of your information can be summarised as follows:
• to comply with relevant legislation and legal obligations
• to provide you with the relevant services
• to communicate with you by post, email and phone
• to maintain administration records

Who we share data with

we may need to share your information with Government departments and agencies, OSCR,
our auditors, banks, solicitors or with other organisations and agencies where we are legally
allowed to do so
• we share data internally for the purpose of administration
• we may need to share data with our service providers and third parties in order to provide
the service required
The organisation will not transfer your data outside the European Economic Area.

How does the organisation protect data?

The organisation takes the security of your data seriously. It has internal policies and controls in
place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not
accessed except by our employees in the proper performance of their duties.

For how long does the organisation keep data?

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was
collected. A note of more precise times can be found on the individual Privacy Notices relating to
specific services provided.

Your rights

As a data subject, you have a number of rights. You can:
• access and obtain a copy of your data on request;
• require the organisation to change incorrect or incomplete data;
• require the organisation to delete or stop processing your data, for example where the data
is no longer necessary for the purposes of processing; and
• object to the processing of your data where the organisation is relying on its legitimate
interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact us at the address noted above.
If you believe that the organisation has not complied with your data protection rights, you can
complain to the Information Commissioner.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to the organisation. However, if
you do not provide the information, the organisation may not be able to provide you with the
services required.