Dundee-Nablus Twinning Association

رابطة توأمة نابلس دندي

Privacy Policy

This policy was adopted by the DNTA Committee on: 12th March 2026
It was last reviewed: not yet due for review
Due for review by: 1st April 2028

This is the Privacy Policy for the Dundee-Nablus Twinning Association (DNTA). We are a voluntary organisation originally established by the City of Dundee District Council in 1993 to provide community support for the official municipal twinning between the City of Dundee and the City of Nablus. We are governed by a constitution which is published on our website: dundee-nablus.org.uk

This policy includes references to the UK General Data Protection Regulations (GDPR) as required by various Acts of Parliament.

The Committee of Dundee-Nablus Twinning Association understands the need to treat all personal data of members, friends and others with due respect both for the individuals concerned and the relevant legislation.

We do not pass on membership data; we do not sell or trade it with other organisations. We avoid holding sensitive information like credit/debit card details but use accredited and regulated third parties to manage such payments on our behalf.

This policy explains how we manage these requirements to handle personal data in our activities.

This policy should be read in conjunction with our Retention and Review Policy.

Reviews and Changes to this policy

We review this policy every two years. It can be reviewed and changed at other times by the DNTA Committee, or otherwise according to the Constitution of DNTA.

Partner organisations

Wherever possible, we retain any information within our own organisation. In some cases, we use third parties to provide services. As Data Controllers, we retain responsibility for relevant information handled by these third parties. Here we explain some particulars.

Note that organizations listed here might themselves use third party services; these will be listed on their pages.

Mailchimp

We use Mailchimp to send emails to members and friends who have asked to join our mailing list. There is an unsubscribe option in each email we send. You have the right to withdraw your consent to any such communications whenever you wish, and we respect all unsubscribe requests. However, we require members to receive our communications by email if they want to participate in our governance or other activities.

For Mailchimp we only store names, email addresses, membership status, mailing list membership. We estimate the relevance of some emails so that we do not send reminders of events in Dundee to our subscribers in Nablus.

Mailchimp is based in the USA; our use of Mailchimp complies with UK GDPR requirements because Mailchimp’s owners (Intuit) have certified that they are compliant.  You can read about this here.   You may view the relevant listing by searching “Intuit” here, and read the Intuit Data Privacy Framework certification page here.

Membermojo

We use membermojo to hold records of our members. This includes those who are applying for membership, those who are members, and those who have previously been members. We retain information about former members as allowed by law to enable us to manage any remaining responsibilities (such as not sending them information which is no longer relevant to them).

Membermojo acts as a Data Processor for our membership data. Membermojo is compliant with UK GDPR, and you can read about this here.

Stripe

As part of the membermojo system, members may pay their subscriptions and make other payments by credit or debit card. This uses the services of Stripe. Stripe Payments UK Limited are regulated by the Financial Conduct Authority (FCA) as documented here (Reference number: 90046).

Square

We use Square to take payments for sales and other purposes. We do not store any information about your cards. Squareup Europe Ltd is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (registered reference no. 900846) for the issuing of electronic money and provision of payment services.

Standing orders

In the past, we would ask you for bank details so that we could write to your bank manager to ask them to set up a standing order in our favour. This required us to handle your bank account details. We no longer offer this option but there might still be some historical uses of this facility. Modern bank transfers are managed by the member or their nominated bank account holder so that we no longer need details of your accounts other than anything which our bank might make available to us through normal banking procedures.

Google Groups

We mostly use Google Groups for committee and related discussions but might make use of this for wider purposes.

WhatsApp

We use WhatsApp for smaller groups of members and others usually for specific purposes.

WordPress

Our website is hosted by 34SP.com and runs various software applications including WordPress and plugins. No member data is hosted here. However, anyone who is registered on the site with site editing powers will have some data stored to enable their access to be secured.

Embedded content from other websites

Our website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Website cookies

We do not use cookies on our website (unless we have provided you with an account to login and edit the site).

Bluesky

We have a presence on Bluesky and a (currently) dormant presence on Facebook and X (formerly Twitter). We do not add members or others to these services.

FONSA

We sometimes work in partnership with FONSA (Friends of Nablus and Surrounding Areas) which is a registered Scottish charity SC038502. Where donations to our campaigns are made through our systems, we pass on those funds to FONSA where they are the vehicle for managing and dispensing the project funds. When our donors have indicated that they are willing and eligible for Gift Aid we are required by law to pass the details to FONSA so that they can satisfy their legal obligations.

Data held

We use information for a variety of purposes including:

  • receive donations or funding and organise fundraising activities:
  • service updates or marketing purposes
  • comply with legal requirements:
  • for dealing with queries, complaints or claims

The information we, or our partners, hold about you might include:

  • Names, addresses and contact details
  • Payment details (including card or bank information for transfers and direct debits)
  • Information relating to compliments or complaints
  • Correspondence
  • Identification documents
  • Purchase or service history
  • Payment or banking details
  • Donation history
  • Taxpayer information (for Gift Aid purposes)
  • Marketing preferences
  • IP addresses
  • Website and app user journey information

Lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide services and goods, including delivery and third-party referrals include:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object, though you have the right to withdraw your consent at any time.
  • Legitimate interests – we collect and use your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are to make available services or goods which are relevant to DNTA’s objectives to which our members and friends have either explicitly or implicitly accepted in signing up to our membership or mailing lists. This section mostly applies to those in public office such as councillors, MPs, MSPs or those with public roles.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out below.

Data Retention and Review

Please see our Retention and Review Policy.

Contact Us

If you have any questions regarding this Privacy Policy, please email Secretary@dundee-nablus.org.uk.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details above.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint