Privacy Policy

ASVA respects your privacy.
Any personal information you provide to us including and similar to your name, address, telephone number and e-mail address will not be released, sold, or rented to any entities or individuals outside of ASVA.

Credit card details
ASVA will never ask for Credit Card details and request that you do not enter it on any of the forms on ASVA.

External Sites.
ASVA is not responsible for the content of external internet sites. You are advised to read the privacy policy of external sites before disclosing any personal information.

A ’cookie’ is a small data text file that is placed in your browser and allows ASVA to recognize you each time you visit this site(customisation etc). Cookies themselves do not contain any personal information, and ASVA does not use cookies to collect personal information. Cookies may also be used by 3rd party content providers such as newsfeeds.

Remember The Risks Whenever You Use The Internet
While we do our best to protect your personal information, we cannot guarantee the security of any information that you transmit to ASVA and you are solely responsible for maintaining the secrecy of any passwords or other account information. In addition other Internet sites or services that may be accessible through ASVA have separate data and privacy practices independent of us, and therefore we disclaim any responsibility or liability for their policies or actions.
Please contact those vendors and others directly if you have any questions about their privacy policies.


We have updated our privacy policy to reflect the changes in data-protection laws.

Why do we have a privacy policy?

We are under a legal obligation to let you know what personal information we collect about you, what we use it for and on what basis. We always need a good reason and we also have to explain to you your rights in relation to that information. You have the right to know what information we hold about you and to have a copy of it, and you can ask us to change or sometimes delete it.

The reasons we collect information are set out in this privacy policy. Most of what we do as the membership organisation for visitor attractions in Scotland involves using your name and email address personal information. And we believe that it is very important for our members to trust us with that information. We want you to be confident that we will keep it secure and use it both lawfully and ethically, respecting your privacy.

Our privacy policy explains in detail how we use your personal information. It describes what we do (or what we may do) from the moment you ask for a service from us, when we may use your information through to providing and billing for that service. It also applies to marketing other services that we think will interest you.

But whatever we do with your information, we need a legal basis for doing it. We generally rely on one of three grounds (reasons) for our business processing. Firstly, if you have ordered or take a service from us, we are entitled to process your information so that we can provide that service to you and bill you for it.

Secondly, if we want to collect and use your information for other purposes, we may need to ask for your consent (permission) and, if we do, that permission must always be indicated by a positive action from you (such as ticking a box) and be informed. You are also free to withdraw your permission at any time.

But we do not always need permission. In some cases, having assessed whether our use would be fair and not override your right to privacy, we may come to the view that it falls within the third ground – our ‘legitimate interests’ to use the information in a particular way without your permission. But when we do this, we must tell you as you may have a right to object. And if you object specifically to us sending you marketing material, (for example about training courses or events) then we must then stop.

This is all set out in detail in this policy, which focuses more on those items that we think are likely to be of most interest to you. As well as covering processing for business purposes, we give you information on circumstances in which we may have to, or can choose to, share your information.

Our privacy policy

This policy applies to the services we provide you (such as emails and e-updates). It applies to the personal information held by us about our members, but doesn’t apply to the information we hold about companies or organisations.

It also applies even if you’re not one of our members and you interact with us, such as by:

• using one of our products or services – paid for by someone else
• taking part in a survey or trial
• calling us for information or advice about our services
• generally enquiring about our services

If you need to give us personal information about someone else in relation to our services, the privacy policy will also apply. And if we need the permission of the other person to use that information, we’ll ask you to check they are OK with this. Technology is a fast-changing area and can be complicated. We’ve included a glossary which explains the meaning of any technical terms we use.

What’s not included?

This policy doesn’t apply to information about our employees. It also doesn’t cover other companies or organisations (which advertise our products and services and use cookies, tags and other technology) collecting and using your personal information to offer relevant online advertisements to you. Read for information about how we use cookies on our website. You may be able to link to other organisations’ websites, apps, products, services and social media from our websites. This privacy policy doesn’t apply to how those other organisations use your personal information. You should review their privacy policies before giving them your personal information.

In summary
This privacy policy applies to the services we provide you as our member, but doesn’t apply to companies and organisations that we work with.

Who are we?

At ASVA, we are the trade organisation representing visitor attractions in Scotland.

Accessing and updating how we use your information

We want to make sure that any personal information we hold about you is up to date. So if you think your personal information is inaccurate, you can ask us to correct or remove it at no charge to you. Please contact us on 07458 306982.

Under the Data Protection Act 1998, you have a right to know what personal information we hold about you. If you’d like a copy of the information you are entitled to please write to Gordon Morrison, ASVA, c/o Haines Watt, 3.1 Wallace House, Maxwell Place, Stirling, FK8 1JU, clearly identifying yourself and the information you require. Depending on the nature of/reasons for your request, we may charge you a nominal sum to cover the cost of processing your request and supplying your information to you. We will ask you to provide identification to ensure we do not disclose your information to the wrong people.

You can always tell us that you do not wish to receive direct marketing communications from us. But remember, if you do not want us to get in touch, you may miss out on valuable and exciting offers, information and updates. If you would prefer not to receive direct marketing communications from us, simply let us know at any time by contacting us at: and/or 07458 306982 or by following the opt out instructions in the relevant communication. Please note that this will not stop you from receiving e-newsletters, e-updates and information on events from us.

In Summary
You have the right to access and update the personal information we hold about you. You can also choose when and how we communicate with you and can opt out of marketing messaging at any time. What kinds of personal information do we collect and how do we use it? The personal information we collect depends on the services you have and how you use them. We’ve explained the different ways we use your personal information below.

To provide you with services

We’ll use your personal information to provide you with email updates. This applies when you join us as a member.

This means we’ll:
• record details about the services you order from us
• send you service information messages
• update you on services
• let you create and log in to the online accounts we run
• give information to someone else (if we need to for the service) (if we do this, we still control your personal information and we have strict controls in place to make sure it’s properly protected); and

We use the following to provide services and manage your account:

• Your contact details and other information to confirm your identity and your communications with us. This includes your name, email address, passwords and credentials (eg security questions and answers we may have on your account)
• Your communications with us, including emails and phone calls.

We use this information to carry out our contract (or to prepare a contract) and provide services to you. If you don’t give us the correct information or ask us to delete it, we might not be able to provide you with the service you requested from us. If you tell us you have a disability or otherwise need support, we’ll note that you are a vulnerable member, but only if you give your permission or if we have to for legal or regulatory reasons. For example, if you told us about a disability we need to be aware of when we deliver our services to you, we have to record that information so we don’t repeatedly ask you about it.

Because it is in our interests as a business to use your information

We’ll use your personal information if we consider it is in our legitimate business interests so that we can operate as an efficient and effective business. We use your information to:
• identify, and let you know about, services that interest you
• create aggregated and anonymised information for monthly and annual visitor trend reports

To market to you and to identify services that interest you

We’ll use your personal information to send you direct marketing and to better identify services that interest you. We do that if you’re one of our members or if you’ve been in touch with us another way (such as through the enquiry section on the website).
We use the following for marketing and to identify the services you’re interested in: your contact details. This includes your name and email address

We’ll send you information (about the services we provide) by email or social media channels. We also use the information we have about you to personalise these messages wherever we can as we believe it is important to make them relevant to you. We do this because we have a legitimate business interest in keeping you up to date with our services, making them relevant to you. We also check that you are happy for us to send you marketing messages by email before we do so. In each message we send, you also have the option to opt out. We’ll only market other organisations’ products and services if you have said it is OK for us to do so. You can ask us to stop sending you marketing information or withdraw your permission at any time, as set out in the ’How to contact us and further details’ section below. Read for more details on how we use cookies.

To create aggregated and anonymised data

We’ll use your personal information to create aggregated and anonymised information. Nobody can identify you from that information and we’ll use it to:

• improve and develop our services for our members
• run management and corporate reporting, research and analytics, and to improve the business; and
• provide other organisations with aggregated and anonymous reports

We have a legitimate interest in generating insights that will help us operate our business or would be useful to our partner organisations.

To develop our business and build a better understanding of what our members want

This means we’ll:
• maintain, develop our services, to provide you with a better service
• train our people and suppliers to provide you with services (but we make the information anonymous beforehand wherever possible)
• share personal information within our organisation for administrative purposes, such as sharing contact details so we can get in touch with you; and
• run surveys and market research about our services

We use the following information to do this.
• Your contact details
• Your communications with us, including emails and phone calls (and any recordings made)

If we use this information for market research, training, testing, development purposes or to create a profile about you, we do so because it is in our legitimate business interests of running an efficient and effective business which can adapt to meet our members’ needs.

To meet our legal and regulatory obligations

We might have to release personal information about you to meet any legal and regulatory obligations which might be imposed on us from time to time.

Sharing your information

Who do we share your personal information with, why and how?

We share your personal information with our research company STR (which is a member of the Market Research Society). We make sure your personal information is protected, no matter which organisation holds that information. We also use other service providers to process personal information on our behalf -for example our web hosts. Details of how they handle your personal information are set out below.

Using other service providers

We use other providers to carry out services on our behalf or to help us provide services to you. We also use them to:

• provide member-service, marketing, infrastructure and information-technology services;
• personalise our service and make it work better;
• analyse and improve the information we hold;
• run surveys
• website hosting

Where we use another organisation, we still control your personal information. And we have strict controls in place to make sure it’s properly protected.

Finally, the section above describes the situations in which your personal information is shared to other organisations. When we share your information with other organisations we’ll make sure it’s protected, as far as is reasonably possible.

If we need to transfer your personal information to another organisation for processing in countries that aren’t listed as ’adequate’ by the European Commission, we’ll only do so if we have model contracts or other appropriate safeguards (protection) in place.

If there’s a change (or expected change) in who owns us or any of our assets, we might share personal information to the new (or prospective) owner. If we do, they’ll have to keep it confidential.

For more details, or if you’d like other information about a specific transfer of your personal information, get in touch with us using the contact details referred to above.

The countries we disclose personal information to:

The UK and wider EU are where most of our processing of personal information takes place. Your personal information is used for IT support and maintaining the website/ database

In summary

We share your personal information with other service providers, all of which provide the same high level of security and protection. When sharing outside of our organisation, we make sure that it is protected as far as reasonably possible.

How do we protect your personal information?

We have strict security measures to protect your personal information. We check your identity when you get in touch with us, and we follow our security procedures and apply suitable technical measures, such as encryption, to protect your information.

What do we do if there is a breach of your data?

If the data we hold is breached, or an unauthorised access of personal data takes place that is likely to “result in a risk for your rights and freedoms as an individual or individuals, then we must notify all those individuals affected within 72 hours of becoming aware of the breach and report it to the Information Commissioner’s Office.

How long do we keep your personal information?

We’ll keep:
• your contact details on file while you’re one of our members, and for six years after; and
• details relating to any dispute for six years after it was closed
In other cases we’ll store personal information for the periods needed for the purposes for which the information was collected or for which it is to be further processed. And sometimes we’ll keep it for longer if we need to by law. Otherwise we delete it.

In summary
Your personal information is protected by strict security measures and only kept for certain amounts of time depending on individual circumstances.

Got a question about how we use your information?

If you’d like any more details, or you have comments or questions about our privacy policy, write to us at: If you want to make a complaint on how we have handled your personal information, please contact us and we will investigate the matter and report back to you. If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work. For the UK, that’s the Information Commissioner –

How will we tell you about changes to the policy?

Our privacy policy might change from time to time. We’ll post any changes on this page for at least 30 days. And if the changes are significant – such as additions or updates to privacy policy, we’ll tell you by email or by letter.


We have included a description of how the technical terms we use are generally interpreted:

• Aggregated data means grouped information, for example the total number of calls made in a month or events organised and for how many people.
• Anonymised data means data which has had all personally identifiable information removed.
• Cookies are small text files (up to 4KB) created by a website and stored in the user’s connected device – either temporarily for that session only or permanently on the hard disk (called a persistent cookie). Cookies help the website recognise you and keep track of your preferences.
• Encryption means scrambling information into an unreadable form that can only be translated back using a special key.
• IP address is a unique string of numbers that identifies each device using the internet or a local network.
• Personal information means information that identifies you as an individual, or is capable of doing so.
• Regulatory obligations means our obligations to regulators such as the Information Commissioner’s Office.
• Tags are an instruction inserted on a website that specifies how the site, or a part of the site, should be formatted and how it’s performing.