top of page

Privacy Policy

Data Protection Policy

The Potter’s Hut (Scotland)

Policy version: 1.0
Date: April 2026
Review date: April 2027

 

1. Purpose

The Potter’s Hut is committed to protecting the personal information of its members, students, staff, volunteers, and visitors. This policy sets out how we collect, store, use, and protect personal data in line with data protection legislation applicable in Scotland.

 

2. Scope

This policy applies to:

  • All personal data processed by the The Potter’s Hut

  • All staff, volunteers, trustees, and contractors

  • All formats of information, including digital and paper records

 

3. Legal Framework

This policy complies with:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

The Studio acts as a Data Controller for the personal data it holds.
Regulatory oversight is provided by the Information Commissioner’s Office (ICO).

 

4. Personal Information We Collect

4.1 Members and Students

  • Name

  • Contact details (email, telephone number, postal address)

  • Emergency contact details

  • Class bookings, attendance, and membership records

  • Payment and invoicing records

  • Health or accessibility information (only where voluntarily provided and relevant to safety)

4.2 Staff and Volunteers

  • Name and contact details

  • Role, availability, and training records

  • Payroll, expenses, or honoraria information (where applicable)

  • Right-to-work documentation (where legally required)

4.3 Website and Online Services

  • Enquiry and booking information

  • Mailing list sign-ups

  • Limited technical data collected via website forms

 

5. Lawful Basis for Processing

We process personal data only where there is a lawful basis, including:

  • Contract – managing memberships, classes, and studio access

  • Consent – newsletters, marketing, and optional health information

  • Legal obligation – accounting, tax, and employment records

  • Legitimate interests – studio administration, safety, and communication

 

6. Storage of Personal Information

6.1 Digital Records

  • Stored on password-protected computers or secure cloud-based systems

  • Access restricted to authorised staff and volunteers

  • Devices protected with up-to-date security software

6.2 Paper Records

  • Stored in locked cabinets or secure areas within the studio

  • Access limited to authorised personnel

  • Paper records are kept to a minimum wherever possible

 

7. Data Security

We take reasonable and proportionate steps to protect personal information, including:

  • Access controls and password management

  • Secure handling and disposal of records

  • Regular review of who has access to personal data

  • Clear expectations for staff and volunteers regarding confidentiality

 

8. Data Retention

Personal data is retained only for as long as necessary:

  • Membership and class records: up to 6 years after last activity

  • Financial records: 6 years (to meet HMRC requirements)

  • Mailing list data: until consent is withdrawn

  • Accident or incident records: in line with health and safety guidance

Data is securely deleted, shredded, or anonymised once no longer required.

 

9. Sharing Personal Information

The Potter’s Hut does not sell personal data.

Personal information may be shared only:

  • With trusted service providers (e.g. booking systems or payment processors)

  • Where required by law

  • In an emergency, to protect someone’s vital interests

All third parties are expected to comply with UK data protection requirements.

 

10. Individual Rights

Individuals have the right to:

  • Access their personal data

  • Request correction of inaccurate or incomplete data

  • Request deletion of data where appropriate

  • Withdraw consent at any time

  • Object to certain types of processing

  • Make a complaint to the Information Commissioner’s Office

Requests should be made using the contact details below.

 

11. Data Breaches

Any actual or suspected data breach must be reported immediately to Studio management.
Where required, the breach will be reported to the ICO within 72 hours and affected individuals will be informed.

 

12. Responsibilities

  • The Studio is responsible for ensuring compliance with this policy

  • All staff and volunteers must follow this policy and report concerns promptly.

bottom of page