Some of the language used in privacy notices can be specialised. The Information Commissioner's website provides a useful introduction to key terms and concepts.
Many Cross-Party Groups (CPGs) in the Scottish Parliament Committees rely on external organisations or individuals to carry out the role of secretary for the Group. The Standards clerking team maintains a contact list of these secretaries in order to get in touch with people to inform them about CPG activities. This contact may notify people when the rules Groups must comply with are updated, when Groups are not complying with the rules or to remind Groups of the rules they must comply with. The Standards clerking team also publishes agendas, minutes and annual returns for CPG meetings on the Scottish Parliament website.
The Parliament will process standard or normal category personal information in relation to its contact list. This will include a name, organisation (if applicable), email address and phone number. It may also include a home or work address if contact has been made by mail.
Depending on the nature of the information recorded in CPG agendas and minutes we may also process *special category data.
*Special category data includes information revealing an individual’s race; ethnic origin; political or religious views; sex life or sexual orientation; trade union membership; physical or mental health; genetic or biometric data.
Data protection law states that we must have a legal basis for handling personal data.
The legal basis for collecting and holding your personal data for the Cross-Party Group contact list is that it is necessary for the performance of a task carried out in the public interest in terms of Article 6(1)(e) of the UK General Data Protection Regulation (UK GDPR) and section 8(d) of the Data Protection Act 2018 (DPA).
The task is to facilitate interaction between the Chamber Office and the Cross-Party Groups secretaries, which is part of the core function of the Scottish Parliamentary Corporate Body (SPCB) and is therefore a Crown function in accordance with section 8(d) DPA.
The legal basis for sharing personal data contained in agendas and minutes of CPG meetings is that it is necessary for the performance of a task in the public interest (for normal category data) in terms of Article 6(1)(e) of the UK GDPR or (for special category data) where processing is necessary for reasons of substantial public interest in terms of Article 9(2)(g) of the UK GDPR and paragraph 6(b) of Part 2 to Schedule 1 of the DPA.
Your data will not be shared with a third party except under a statutory obligation.
However, secretaries’ email addresses and phone numbers may appear on the Cross-Party Group webpage that is held on the Scottish Parliament website.
The Chamber Office also publishes agendas, minutes of CPG meetings and annual returns from CPGs (which summarise the activity of a CPG in the preceding year).
Contact details are held securely on Scottish Parliament IT systems.
Secretaries have the opportunity to unsubscribe at any time by contacting the Standards clerks. All contact details will then be deleted from the system and you should no longer receive updates regarding Cross-Party Groups.
Data will be reviewed throughout the parliamentary session to ensure it is accurate and up to date. If email correspondence is bounced back from an email address parliament staff will remove the contact from the list.
At the end of a parliamentary session the data will be deleted.
In line with the principles underlying the National Guidance for Child Protection in Scotland (2014), published by the Scottish Government, our staff may report a concern to the relevant authorities if they come across an issue during their work which causes them to think that a child may be at risk of abuse or harm.
Data protection law sets out the rights which individuals have in relation to personal data held about them by data controllers. Applicable rights are listed below, although whether you will be able to exercise data subject rights in a particular case may depend on the purpose for which the data controller is processing the data and the legal basis upon which the processing takes place.
For example, the rights allowing for deletion or erasure of personal data and data portability do not apply in cases where personal data is processed for the purpose of the performance of a task in the public interest.
The following rights apply:
You have the right to request a copy of the personal information about you that we hold.
Further information on how to make a 'data protection subject access request'.
We want to make sure that your personal information is accurate, complete, and up-to-date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information, but you don't want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Please contact us in any of the ways set out below if you wish to exercise any of these rights.
We keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained using the contact information below.
This privacy statement was last updated on 5 July 2024.
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner's Office.
Or by phone at: 0303 123 1113
If you have any further questions about the way in which we process personal data, or
about how to exercise your rights, please contact the Head of Information Governance and Data Protection Officer at:
The Scottish Parliament
Edinburgh
EH99 1SP
Telephone: 0131 348 5281
(Calls are welcome through the Text Relay service or in British Sign Language through contactSCOTLAND-BSL.)
Email: dataprotection@parliament.scot
Please contact us if you require information in another language or format