Some of the language used in privacy notices can be specialised. The Information Commissioner's website provides .
During the course of our work we collect/use personal data to evaluate and investigate an incident/claim in order to determine SPCB liability and make recompense if appropriate. Full information on the nature and circumstances of all losses and special payments must be collated and recorded.
We store names, addresses, email addresses and telephone numbers for the purpose of contacting individuals to obtain further details relating to an incident/claim, to advise the outcome of the investigation, and if applicable process the authorised special payment (please refer to Privacy Notice – Processing Payment of Invoices and Reimbursement of Fees and Expenses). We also record if any appeals are raised and the basis of that appeal.
Annually we report on the categories of loss, and, if a loss was significant then disclosure of the amount would be required in the SPCB Annual Report and Accounts, all personal details which would identify an individual would not be included in the disclosure.
Normal category data which may be processed includes: name, address, telephone number, email address and bank details for SPCB employees, 成人快手, 成人快手’ staff, suppliers, customers and visitors to the Scottish Parliament.
Special category data relating to health may be processed where an incident has resulted in an individual suffering an injury and details of the injury are required.
Personal data is provided to us directly from the individual (data subject) such as via:
If a supplier, customer or visitor to the Scottish Parliament is affected, then the member of staff who is responsible for them or Visitors Services (if a visitor to the Main Hall), takes a note of the incident and contact details for the individual involved, confirms any damage incurred and then completes the form on their behalf.
The legal basis for the processing of personal data or the purposes described above is that it is necessary for a task carried out in the public interest (Article 6 (1)(e) of the UK General Data Protection Regulation, section 8(d) of the Data Protection Act 2018 (DPA)). The task is to protect and monitor the expenditure of the SPCB’s publicly funded budget, which is a core task of the SPCB, and, therefore a Crown function in accordance with section 8(d) DPA.
The legal basis for sharing personal data relating to losses and special payments with internal audit and external auditors which is referred to in note 2 below, is to ensure they are processed demonstrating good governance, accountability, integrity and ensure the relevant control measures are in place to reduce risk to the public purse. This processing is in the public interest in terms of Article 6(1)(e) UK GDPR and section 8(d) DPA.
The legal basis for sharing personal data with the Police Scotland Unit in the Scottish Parliament which is referred to in note 3 below, is to make comments and provide an appropriate reference number for Finance to monitor action. This processing is in the public interest in terms of Article 6(1)(e) UK GDPR and section 8(d) UK GDPR).
Not processing personal data as described above would result in the SPCB being unable to investigate the nature and circumstances of the incident/claim in order to determine if the SPCB is liable; and where applicable, this would also result in non-payment.
Where necessary, personal data is shared both internally within the SPCB; and externally with other government agencies and organisations. We share your data with the following:
Personal data is shared internally with the relevant business areas in order to ensure the appropriate losses and special payments procedure is followed for:
Where relevant, access to personal data is restricted to Finance and the business areas.
All data relating to losses and special payments can be shared (usually on a sample basis) with both internal audit (and support) and external auditors.
Where the loss involves theft or criminal damage, personal data is shared with the Police Scotland Unit within the Scottish Parliament.
In addition, where special payments have been authorised, please refer to the Privacy Notice on Processing Payment of Invoices and Reimbursement of Fees and Expenses.
Personal data is retained in electronic format, in accordance with the Scottish Parliament records management policy, and access is limited as appropriate. All Theft, Damage and Accounting Losses forms and any supporting documentation is retained for the current financial year plus 6 years. Where special payments have been authorised, please refer to the Privacy Notice on Processing Payment of Invoices and Reimbursement of Fees and Expenses.
In line with the principles underlying the National Guidance for Child Protection in Scotland (2014), published by the Scottish Government, our staff may report a concern to the relevant authorities if they come across an issue during their work which causes them to think that a child may be at risk of abuse or harm.
Data protection legislation sets out the rights which individuals have in relation to personal data held about them by data controllers. Applicable rights are listed below. You can exercise your data subject rights in particular circumstances depending on the purpose for which the data controller is processing the data and the legal basis upon which the processing takes place.
The following rights may apply:
You have the right to request a copy of the personal information about you that we hold.
Further information on how to make a data protection 'subject access request'.
You have the right to ask us to correct the personal data we hold about you. We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
You have the right to ask us to delete personal information about you where:
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information, but you don't want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Where we use your personal information with your consent, you may withdraw that consent at any time and we will stop using your personal information for the purposes for which consent was given.
Please contact us in any of the ways set out below if you wish to exercise any of these rights.
We keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained using the contact information below.
This privacy statement was last updated on 27 January 2021.
If you have any further questions about the way in which we process personal data, or about how to exercise your rights, please contact the Head of Information Governance at:
The Scottish Parliament
Edinburgh
EH99 1SP
Telephone: 0131 348 6913
(Calls are welcome through the Text Relay service or in British Sign Language through contactSCOTLAND-BSL.)
Email: [email protected]
Please contact us if you require information in another language or format
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner's Office online at: .
Or by phone at: 0303 123 1113