Scottish Drugs Forum (SDF) respects and complies with the EU General Data Protection Regulations (GDPR) 2016.

We comply with these regulations in the following way:

Consent

We explain what you’re consenting to clearly and without ‘legalese’, and ask that you explicitly consent to contact from us.

Breach Notification

In the event of a breach we will notify affected users within 72 hours of first having become aware of the breach.

Right to Access

Users can request confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, we shall provide a copy of the personal data, free of charge, in an electronic format.

Right to be Forgotten

Once we have compared your (the subjects') rights to "the public interest in the availability of the data", we may delete your personal data where you have requested this.

Data Portability

We allow you to receive the personal data concerning you, which we will provide in a 'commonly used and machine readable format' and you have the right to transmit that data to another ‘controller’.

Privacy by Design

We implement appropriate technical and organisational measures, in an effective way, in order to meet the requirements of this Regulation and protect the rights of data subjects'. We hold and process only the data absolutely necessary for the completion of our duties (data minimisation), as well as limiting the access to personal data to those needing to act out the processing.