What we do with personal information
Find out what we do with your personal information:
- How we use your personal information
- Where we store your personal information
- How long we store your personal information for
- How we keep your personal information secure
- When we transfer your personal information beyond the European Economic Area (EEA)
- The reasons we share your personal information
- When we make an automated decision about your personal information
- What happens if you don’t want to provide your information
We collect and use your personal information so we can provide services, regulatory functions and administrative activities. Which of those services or activities your personal information is used for depends on the reason you contact us but it may include:
- Providing a service you have asked for
- Communicating and providing services and information appropriate to your needs
- Delivering health and social care services and protecting public health
- Preventing fraud and the protecting public funds
- Protecting you from harm or injury
- For law enforcement when we are legally obliged to undertake such processing, for example licensing, planning enforcement, trading standards and food safety
- The purpose you provided the information and monitoring our performance in responding to you and the quality of our services
- Helping to investigate any concerns or complaints and answering enquiries under access legislation
- Improving your customer experience and the experience of visitors to our websites
- Delivering services and providing support to you by ensuring other statutory, voluntary agencies or suppliers with whom we are working, are able to deliver 'joined up' services to you
- Where there is a substantial public interest and this is authorised by law
- Managing our employment relationships and duties including recruitment and ensuring the health and safety of our staff
- When it is in our legitimate interests or the interest of a third party who could be providing a service to you
- Making sure that the council meets all its legal duties and statutory functions and where it is necessary for exercising or defending legal rights
- Processing and monitoring financial transactions including collecting taxes, administering grants and welfare benefits
- Archiving, research and statistical purposes - this helps us to prioritise activities, target and plan when to provide services
We store the majority of your information on secure servers within the European Economic Area (EEA). Some service areas may have contracts in place that require your information to be stored outside of the EEA. If this is the case then the details of whether your information will be transferred outside of the EEA will be outlined in our service specific privacy notices.
We use a 'corporate retention schedule' based on the Scottish Council of Archives Retention Schedules outlining how long we keep certain types of information. Unless stated otherwise we only keep your personal information for as long as it takes to complete the job we needed your information for. We will let you know in our area specific privacy notices if we are legally required to keep your information for any other length of time.
We are committed to making sure your personal information is safe and protected from accidental loss or alteration, inappropriate access, misuse or theft. As well as technical, physical and organisational measures, we make sure our staff are well trained, informed and security aware to minimise privacy risks from human error and threats from unauthorised access to your data.
We require the people we work with to implement appropriate security measures and only allow them to process your personal information for specific purposes under our instructions.
We are required to comply with the Data Protection Act (DPA) and the General Data Protection Regulation (GDPR) (pdf 960KB) to make sure information is managed securely and we review this every year as part of our data protection and security toolkit. The toolkit ensures that we are operating at an adequate standard in relation to data protection, confidentiality and security.
If we do transfer your information beyond the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We will only send your data outside the EEA:
- with your consent
- to comply with a lawful and legitimate request
- if we use service providers or contractors in non EEA countries
We may disclose your personal information to other organisations who assist us in providing services or technical operations like storing data and hosting on our behalf.
These practical arrangements and the laws governing the sharing and disclosure of personal information often differ from one service to another. Because of this, each of our service specific areas provides additional information about how we collect and use your information.
When we use or share you information more widely, we ensure that you can't be identified when it is not necessary. We anonymise and de-personalise your information by removing personal details as soon as possible.
Sometimes we make decisions using computerised systems or programmes that don't involve a human being. We call these automated decisions. If we process your personal information using an automated decision then our service specific privacy notices will contain the information about which decisions are automated.
If you decide not to provide the information we ask you for, we may not be able to perform the service you have asked us for such as paying you or providing a benefit. Alternatively we may be prevented from carrying out our legal duties such as ensuring the health and safety of our workers.