Privacy Policy

Miricyl

Scottish Charitable Incorporated Organisation (SCIO)

Charity Number: SC049538


Last updated: 6 January 2026



Miricyl is committed to protecting your privacy and handling your personal data in a transparent, lawful and secure way. This Privacy Policy explains how we collect, use, store and protect personal data when you use our website, create an account, or interact with us.


1. Who we are

Miricyl is a Scottish charity. For the purposes of UK data protection law, Miricyl is the data controller responsible for your personal data.


Contact details:

Miricyl

2 Eglinton Crescent, Edinburgh, EH12 5DH

Email: info@miricyl.org


For data protection and privacy enquiries, please contact our Data Protection Lead at the email address above.


2. What personal data we collect

Depending on how you use our website, we may collect the following categories of personal data:


a) Information you provide directly

  • Name
  • Email address
  • Account login details (passwords are stored in encrypted/hashed form only)
  • Information you choose to save to your account (such as favourites, preferences, or saved content)
  • Messages or enquiries you send to us
  • Donation-related information (where applicable)

b) Information collected automatically

  • IP address
  • Device and browser information
  • Usage data relating to how you interact with our website
  • Cookie and consent preferences

3. How we use your personal data

We use personal data for the following purposes:

  • To provide and manage user accounts
  • To allow users to save information and personalise their experience
  • To respond to enquiries and communications
  • To administer donations and maintain financial records
  • To improve and maintain our website and services
  • To ensure the security and integrity of our platform
  • To comply with legal and regulatory obligations

4. Lawful bases for processing

We process personal data under the following lawful bases:

  • Contract – where processing is necessary to provide a user account or requested services
  • Legitimate interests – to operate, improve and secure our website and services
  • Consent – where you have given clear consent (for example, for non-essential cookies)
  • Legal obligation – where we are required to process data by law (e.g. financial or regulatory requirements)

5. User accounts

When you create an account:

  • You are responsible for keeping your login credentials secure
  • You may access, update or delete your account information at any time
  • You may request deletion of your account by contacting us or using available account tools

When an account is deleted, associated personal data will be deleted or anonymised unless we are required to retain it for legal or regulatory reasons.


6. Data sharing and processors

We may share personal data with trusted third-party service providers who act as data processors, such as:

  • Website hosting providers
  • Analytics and security service providers
  • Donation and payment service providers (where applicable)

All processors act under written agreements and are required to protect your personal data.

We do not sell personal data.


7. International transfers

Some of our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as UK adequacy regulations or approved contractual clauses.


8. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected.


In particular:

  • Account data is retained for the duration of an active user account
  • Data is deleted or anonymised when an account is closed, unless retention is required by law
  • Communications are retained only as long as necessary to respond and maintain records

You may request deletion of your personal data at any time, subject to legal obligations.


9. Your rights

Under UK data protection law, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, please contact us using the details above. We aim to respond within one month.


10. Automated decision-making

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.


11. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse.


12. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be published on this page, with the updated date shown at the top.