Privacy Policies

Service Users Supporters Employees Applicants Volunteers

Privacy Notice

Who Are We? 

We are the Social Care Council of the Church of Scotland, operating as CrossReach. We provide support for those in Scotland who find themselves in need of social care at any stage of their life. Most of our funding comes from local authorities, but we also rely on donations and legacies to help continue our vital work. 

About This Privacy Notice 

This privacy notice tells you what to expect when CrossReach collects personal information about you. We are legally obliged by the EU General Data Protection Regulation 2016 (GDPR) to make sure that we use your personal information only for the purpose for which it was requested, to make sure it is kept securely, to allow you to request access to it at any time without charge, and to securely dispose of it in the correct time frame, among other things. For the purpose of the GDPR, CrossReach and CrossReach Trading Ltd. control the data – they are the ‘data controller’. 

What Information Do We Collect? 

Depending on how you choose to interact with us, the personal information we collect from you/you share with us may include your name, postal address, email address, telephone or mobile number, financial details, date of birth and religious affiliation. 

How Do We Collect Information? 

We obtain personal information about you when you enquire about our services and ways to support us; register with us; send us emails; sign up for our newsletter; make a donation; purchase items from our shop; participate in our fundraising activities; apply for one of our volunteering roles; set up an account with us or otherwise provide us with your personal information. 

You may give us your personal information indirectly through a donation on a third party fundraising site to which CrossReach is signed up, such as Just Giving/or Edinburgh Marathon Festival. These third parties will ask you whether you are happy to be contacted by us. We will not use your information to contact you unless you give explicit permission on these sites (for example, ticking a box) or unless you have already given us permission directly to contact you. You should check the Privacy Policy of these third parties when you provide your information to understand fully how they will process your data. 

We also gather general information about your use of our website, such as which pages you visit most often and which services, events or news items are of most interest to you. We may also track which pages you visit when you click on links in CrossReach emails. 

Information is also collected from ‘cookies’ placed on CrossReach’s main website and our trading shop site. ‘Cookie’ is a name for a small file, usually of letters and numbers, which is downloaded onto your device, like your computer, mobile ‘phone or tablet when you visit a website. Cookies let websites recognise your device so that the sites can work, or work better, and also gather information about how you use the site. A cookie, by itself, cannot be used to identify you. We use three categories of cookie as defined by the International Chamber of Commerce in their UK Cookie Guide: 

  • Strictly necessary cookies which are essential for you to move around our websites, place orders in a shopping basket etc.; 
  • Performance cookies which collect anonymous information about how you use our site, like which pages are visited most. No information which can identify you is kept; 
  • Functionality cookies which ‘remember’ your choices so as to improve your experience of the site, such as text size or location. They may also be used to remember services you have asked for such as watching a video or commenting on a blog. They are anonymous. 

You can turn off cookies within your browser by going to 'Tools | Internet Options | Privacy' and selecting to block cookies. If you turn off cookies, you may not be able to use the full features of a website. 

How Do We Use Your Information? 

Legitimate interest and/or consent are the legal bases we rely on for the collection, storage and use of your personal information. 

When we rely on legitimate interest, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate interests do not automatically override your interests. 

When we rely on consent, we make sure that this has been freely given, and is specific, informed and unambiguous. 

We will rely on legitimate interest and/or consent to: 

  • provide you with information (including fundraising or campaigning activities), services or products you have requested or which we feel may interest you, where you have not objected to being contacted or have actively consented to being contacted. 
  • process personal information for the purposes of customer analysis and direct marketing to help us with our activities and to provide you with the most relevant information. 
  • use strictly necessary cookies on our trading shop website to record, store and process personal information for customer orders. 
  • use performance and functionality cookies on our main website and our trading shop website to monitor and analyse information to enhance your experience of these sites. This information is anonymous. 
  • as necessary, disclose your information if required to do so by law (for example, for gift aid purposes or in response to a valid request from a competent authority), or in order to enforce our conditions of sale and other agreements. We may share your information with a limited number of third parties solely for the purpose of providing you with relevant information (mailing house) or fulfilling your trading orders (order fulfilment house). This is always carried out under our instruction as the data controller and is never for their marketing purposes. Where we need to use third party organisations to process personal data on our behalf, we have in place a contract with the organisation to ensure that the data is properly protected and treated in accordance with GDPR. 


We respect any personal information that you share with us. You can choose not to hear from us or change your preferences for how we contact you at any time. Simply email your request to or post to: 

Supporter Relations 
Charis House 
47 Milton Road East 
Edinburgh EH15 2SR 

or phone 0131 454 4374 

Storing your Information 

We take the security of your personal information extremely seriously. 

We have in place appropriate physical, technical and organisational measures to protect the personal information we have under our control, in both electronic and paper form, from improper access, use, alteration, destruction and loss. 

We will keep your information for the purposes for which it was given and will not keep it any longer than is required to fulfil these purposes, unless required to do so to fulfil statutory obligations (for example, to claim Gift Aid). 

Any debit or credit card details we receive via our trading shop website are passed securely to Sellerdeck Payments, our payment processing partner, according to the Payment Card Industry Security Standards. 

Accessing and Updating Your Information 

We aim to ensure that all information we hold about you is accurate andkept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will ensure it is amended and updated as soon as possible. We will restrict the processing of your information until we can be sure that it is accurate. 

You may request a copy of any personal information that CrossReach has about you. Please email or write to us including a Subject Access Request form. CrossReach does not make a charge for supplying this information and will reply within 40 days of receipt of your request. 

Charis House, 
47 Milton Road East, 
EH15 2SR 

Tel: 0131 454 4374 


You may request that any personal information that CrossReach has about you be deleted or removed from our records, without undue delay, under the following circumstances: 

  • when the personal data is no longer necessary for the purpose for which it was originally collected/processed 
  • when you have withdrawn your consent for us to process and use your data in the ways described in this Privacy Notice (unless we need to retain for statutory purposes) 

To do this, please use any of the means to contact us listed above. 

We will inform any third parties, with whom we share your details under contract, of the requirement also to delete/remove your information from their records. 

The personal information you share with us is yours. You have the right to obtain this information and re-use it for your own purposes. Should you request it, we will provide you with the information in a commonly-used, machine-readable format (for example, CSV file) without undue delay. 

Your Rights 

Under the GDPR you have the following rights: 

The right to be informed of the information processing 

This privacy notice provides you with this information. 

The right to access your information 

You may request access at any time to the information we hold about you by sending us a Subject Access Request Form, as described in this Privacy Notice. 

The right to rectification 

You are entitled to request that your personal information be corrected if it is inaccurate or incomplete. This is also covered in this Privacy Notice. 

The right to erasure 

This is also known as the ‘the right to be forgotten’. You can request that your personal details be deleted or removed from our records under the circumstances listed in this Privacy Notice. You should however be aware that we will retain information relating to you if we have a legal obligation to do so. 

The right to restrict processing 

This is your right to ‘block’ or suppress the processing of personal information. As described in this Privacy Notice, we will restrict the processing of your information in the event of an identified inaccuracy until this is rectified. 

The right to data portability 

This is your right to request a copy of your personal information for your own use across other services, as described in this Privacy Notice. 

The right to object 

This is your right to object to our processing of your personal information for the uses described in this Privacy Notice. We will offer you this right to ‘opt out’ in our first and every subsequent communication with you. 

Rights in relation to automated decision making and profiling 

You have the right to object to the processing of your information by automated means where this might lead to a decision with a significant effect on you. CrossReach does not and never will use automated decision making and profiling. 

Your Right to complain 

If you wish to raise a complaint outwith CrossReach, you have the right to complain to the Information Commissioner’s Office about anything relating to the processing of your personal information by CrossReach. You can contact the ICO via its website at or at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.