Some of the language used in privacy notices can be specialised. The Information Commissioner's website provides .
The purpose of the processing is to respond to individual rights requests under the UK GDPR in line with statutory obligations.
Normal personal data including names and contact details, biographical information depending on the request including for example previous interaction with the Scottish Parliamentary Corporate Body (SPCB).
Depending on the request, we may process special category data, as defined by the UK General Data Protection Regulation such as race; ethnic origin; political views; religion; trade union membership; health or sexual orientation.
Personal data is provided to us directly from individuals making an individual rights request (data subjects).
Data protection law states that we must have a legal basis for handling your personal data.
This processing is necessary to comply with statutory requirements (Article 6(1)(c) UK GDPR):
To respond to individual rights requests under the UK GDPR, which may include holding and sharing internally the request details in order to prepare a response and respond to any follow up questions from the data subject or from the Office of the UK Information Commissioner.
For special category data, the legal basis for the processing is that it is necessary for reasons of substantial public interest on the basis of Union or UK law (Article 9(2)(g) UK GDPR, section 10(3) and paragraph 6(1) and (2)(a) of the Data Protection Act 2018 (DPA)). Being able to fully give effect to data subjects’ rights is in the substantial public interest.
Not processing the personal data would mean that the SPCB’s statutory requirement to reply to subject access requests would not be met.
The data may be shared with offices within the parliament only for the purposes of replying to the request. The personal data may also be shared with the UK Information Commissioner’s Office should the requester be dissatisfied with the decision of the SPCB and require further investigation.
We retain the names, addresses, email addresses and telephone numbers together with other biographical information electronically for a period of 3 years, in accordance with Scottish Parliament records management policy.
In line with the principles underlying the National Guidance for Child Protection in Scotland (2014), published by the Scottish Government, our staff may report a concern to the relevant authorities if they come across an issue during their work which causes them to think that a child may be at risk of abuse or harm.
Data protection legislation sets out the rights which individuals have in relation to personal data held about them by data controllers. Applicable rights are listed below. You can exercise your data subject rights in particular circumstances depending on the purpose for which the data controller is processing the data and the legal basis upon which the processing takes place.
The following rights may apply:
You have the right to request a copy of the personal information about you that we hold.
Further information on how to make a data protection 'subject access request'.
You have the right to ask us to correct the personal data we hold about you. We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
You have the right to ask us to delete personal information about you where:
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information, but you don't want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Where we use your personal information with your consent, you may withdraw that consent at any time and we will stop using your personal information for the purposes for which consent was given.
Please contact us in any of the ways set out below if you wish to exercise any of these rights.
We keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained using the contact information below.
This privacy statement was last updated on 8 November 2023.
If you have any further questions about the way in which we process personal data, or
about how to exercise your rights, please contact the Head of Information Governance
at:
The Scottish Parliament
Edinburgh
EH99 1SP
Telephone: 0131 348 5281
(Calls are welcome through the Text Relay service or in British Sign Language through .)
Email: [email protected]
Please contact us if you require information in another language or format
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner's Office online at: .
Or by phone at: 0303 123 1113