The Standards Commission is an independent body whose purpose is to encourage high ethical standards in public life through the promotion and enforcement of Codes of Conduct for councillors and those appointed to the boards of devolved public bodies.
- What We Do
- Who We Are
- Standards Commission Meetings
- Who We Cover
- Our Service
- Policies & Procedures
- Data Protection and Privacy
- Policies & Procedures
Data Protection Privacy Statement
1.1 The Standards Commission for Scotland’s (Standards Commission) aim is to help ensure that the highest possible standards are achieved by those appointed or elected to roles within Scottish public life. We do so through our work in promoting the ethical standards framework and adherence to Codes of Conduct, and also through our role in holding Hearings to adjudicate on complaints and impose sanctions on those who fail to meet the expected standards of conduct.
1.2 The aim of this Privacy Statement is to give you information about the personal data we collect, why we collect it, how it is used, how long we keep it for and how we keep it safe. We also provide information about your rights in respect of any information we hold about you. We are committed to protecting the privacy and security of any such information.
1.3 The Standards Commission is registered as a data controller with the Office of the Information Commissioner.
2. Information we collect and why we collect it
2.1 In general terms, we collect and use personal information to fulfil the following functions and associated activities of the Standards Commission:
- Our statutory functions (including the holding of Hearings)
- Our work in promoting the Codes of Conduct and ethical standards framework
- Dealing with and answering enquiries
- Employment: including supporting and managing our employees
2.2 When we receive a report from the Commissioner for Ethical Standards in Public Life (the ESC), a file is made up. The file will normally contain the identity and address of the complainer, the Respondent and other individuals identified as being involved in the complaint, including any witnesses scheduled to appear at the Hearing, together with any documentary evidence provided or subsequently gathered.
2.3 We are permitted, or may be obliged, by law to process personal data. Details of the complaint to be considered at the Hearing, together with other information and documents which relate to it, may be shared with the parties involved in Hearings, being the Commissioner for Ethical Standards in Public Life in Scotland (ESC) and the Respondent. The Respondent and ESC’s names will be included in the Hearing Decision and a press release, which are both published on the Standards Commission’s website after the Hearing has concluded and may also be shared on social media. The name of anyone else involved in a Hearing as a complainer, representative or witness will only be included in the Hearing Decision and / or press release if they are a councillor, a Member of the Scottish Parliament, a Member of the United Kingdom Parliament, or a senior officer of the same Council or Devolved Public Body as the Respondent.
2.4 We may process personal data in order to organise workshops and facilitate and manage training events on the Codes of Conduct and the ethical standards framework. In doing so, we may be required to share the names of attendees with third parties, such as venue providers.
2.6 We use surveys to seek feedback on our Hearings and other work we undertake in order to help identify potential ways of improving the service we provide. We do not process any data included in any response to a survey that could identify an individual. To support this service we use a third party provider, Survey Monkey. Survey Monkey’s privacy notice is available on their website www.surveymonkey.com/mp/legal/privacy-policy .
2.5 If you contact us by telephone, email, letter or by completing our on-line contact form, we may use your email or postal address and any other information you provide to deal with and respond to your query, comment or request.
3. The legal basis for our collection and use of your personal data:
3.1 We process data in order to comply with our legal obligations. For example, we will retain the name and address of the Respondent and the complainer in order to be able to give them notice of the Hearing and the decision made at it. A data sharing agreement is in place for the transfer of personal information between the Standards Commission and the ESC where this information relates to compliance with these legal obligations.
3.2 We process data necessary for the performance of tasks carried out in the public interest or in the exercise of our official authority. For example, we may process information about individuals who are attending training events in order to be able to contact them.
3.3 We process data necessary for the performance of a contract. For example, personal information about Members and employees is kept so that we can pay them.
3.4 We will process personal data lawfully, fairly and in a transparent way. We will only process personal information in relation to our responsibilities and duties. It will not be used in any way which is incompatible with these purposes.
3.5 We will not transfer your data overseas.
4. How long we retain your personal information
4.1 We will keep your personal information for no longer than necessary and in accordance with the Standards Commission’s Information Schedule and Disposing of Records Policy. As you will see from these documents we only retain and keep information as long as it is necessary to comply with legal requirements or for legitimate business reasons.
5. How we keep your information safe
5.1 The Scottish Parliamentary Corporate Body (SPCB) provides us with business information technology services under a Service Level Agreement. These services are supplied on the understanding that the Standards Commission complies with all the provisions in the Scottish Parliament’s Information Security policies and procedures and its Acceptable Use of IT Policy.
5.2 Appropriate measures are taken by the SPCB to ensure personal information is secure and to protect it against unauthorised or unlawful processing, as well as against its accidental loss, destruction or damage.
5.3 In addition access to data held by the Standards Commission is controlled through a system of permissions, which means that staff are only given access to folders on a ‘need to know’ basis. Access to the IT network is provided through the use of passwords, which require to be changed on a regular basis. Any paper files are kept in lockable cabinets. The SPCB has appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Security measures include password protection, IT encryption, access controls, regular security updates, firewalls and regular testing of systems.
5.4 The Standards Commission takes the security of information very seriously. All personal information is subject to the following rules, regardless of whether the processing involves one of the special categories (such as racial or ethnic origin, political opinions or health):
(i) All staff are trained on and understand the importance of the data protection laws
(ii) All staff are security vetted
(iii) All staff are subject to a duty of confidentiality
(iv) Paper files containing personal information are locked away each night
6. Your rights in relation to your personal data
6.1 If we ask you for your consent to hold your data, you have the right to withdraw that consent at any time.
6.2 (i) You have the right to ask us to confirm whether we hold your personal information and if so
- why we hold it
- what we do with it
- what kinds of data we hold about you (and long we keep this information)
- who we share it with
- where we got if from (if we did not get it from you)
(ii) get a copy of your information (making a Subject Access Request).
6.3 You have the right to object to us processing the personal data that we hold about you.
6.4 You have the right to ask us to correct the personal data we hold about you if it is inaccurate or incomplete.
6.5 You have the right to request that the personal data we hold about you is erased if there is no compelling reason for us to continue to process it.
6.6 Where you have sought to exercise any of your rights in relation to the personal data we hold about you, or you consider that we are processing your data unlawfully, you have the right to ask us to restrict processing.
6.7 Requests for information or about these rights should be made in writing and sent to firstname.lastname@example.org. Responses about your rights will be provided within one month of receipt of the request and where information is provided this is usually supplied free of charge.
7.3 To find out more about cookies, including how to control and delete them, please visit www.allaboutcookies.org. Disabling cookies may prevent you from using certain websites. You can find out more about this at www.allaboutcookies.org/manage-cookies.
8. Links to Other Websites
8.1 Our website contains links to other websites. We are not, however, responsible for the content or reliability of the linked websites and do not necessarily endorse any views expressed within them. We cannot guarantee that these links will work all of the time and we have no control over the availability of linked pages.
8.2 This privacy statement does not cover any websites which are accessed through using the links on our website. We encourage you to read the privacy statements on the other websites you visit.
9. Contact us:
9.1 If you wish to contact us about anything in this privacy statement, or for any matter about our use of your personal data, you can email us at email@example.com or write to the Executive Director, Standards Commission for Scotland, T2.21, Scottish Parliament, Edinburgh, EH99 1SP.
9.2 The Scottish Parliamentary Corporate Body provides a Data Protection Officer service to the Standards Commission through an agreement with the Scottish Parliament. This agreement can be read by clicking here. The Data Protection Officer is Claire Turnbull and she can be contacted, during office hours, by telephoning 0131 348 6080 or by email to DPOservice@parliament.scot.
9.3 If, following contact with us or our Data Protection Officer, you are unable to resolve the data protection issue about how we handled your information, you are entitled to make a complaint to the Information Commissioner. More information can be found at www.ico.org.uk or send your complaint to Information Commission’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; Tel: 03030 123 1113.
10. Changes to our privacy statement
10.1 We will keep this privacy statement under regular review and will publish updates on our website.
Version: 2019v1 (22/05/2019)
Data Protection Policy
22nd May 2019