Privacy statement

Who are we?

We are a local authority established under the Local Government etc. (Scotland) Act 1994.

Our head office is located at:

Council Headquarters
Newtown St Boswells
Melrose
TD6 0SA

Contact our Data Protection Officer

By post

The Information Management Team
Legal and Licensing
Regulatory Services
Scottish Borders Council Headquarters
Newtown St Boswells
Melrose
TD6 0SA 

By telephone

Call 0300 100 1800

By email

Email dataprotection@scotborders.gov.uk

Why we need your information and what we do with it

We need you to give us your personal information in order to allow us to provide services to you as the local authority for the Scottish Borders.

We also use your information to :

  • verify your identity where required
  • contact you by post, email or telephone 
  • to maintain our records

Third party information

For a number of areas of activity, we also receive information from third parties.

In the main this is from other public authorities, such as

  • the Assessor
  • Police and Court Service
  • HM Revenues and Customs
  • Department for Work and Pensions

Information could also be from other local authorities and from members of the public. 

Details of how this information is passed between us all is given in the specific privacy statements relating to functions where we routinely receive personal information from third parties.

What is our legal basis for processing your information?

We provide our services to you as part of our statutory function as your local authority.

Your information and services we provide

The precise legal basis for us using your personal information will vary depending on which service we are providing to you.  In most cases this will be because it is necessary for us to use your personal information to perform a task carried out in the public interest by us. 

If we are using your personal information on a different basis to this, this will be explained in the specific privacy statement relating to those functions.

Sensitive information

For some activities, we also need to process more sensitive personal information about you for reasons of substantial public interest as set out in the Data Protection Act 2018.

It is necessary for us to process this more sensitive information for a number of reasons.

These include:

  • to carry out key functions as set out in law
  • in order to meet our legal obligations in relation to employment, social security and social protection law
  • in order to protect your vital interests or the vital interests of others in circumstances where we will not be able to seek your consent
  • where this is necessary for the establishment, exercise or defence of legal claims
  • for purposes of the provision of social care and the management of health and social care systems and services where this is necessary in the public interest in the area of public health
  • for archiving, research and statistical purposes

Who will we share your information with?

We are legally obliged to safeguard public funds so we are required to verify and check your details internally and across the council to prevent fraud. We may share this information with other public bodies for the same purpose.

Sharing your information as required by law

We are also legally obliged to share certain data with other public bodies, such as HMRC and will do so where the law requires this.  In general, we will also comply with requests for specific information from other regulatory and law enforcement bodies where this is necessary and appropriate.

Policies and plans

Your information is also analysed internally to help us improve our services.  This data sharing is in accordance with our Data Protection and Information Use Policy which can be viewed on our web site at [insert link]. It also forms part of our requirements in line with our Records Management Plan approved in terms of the Public Records (Scotland) Act 2011.

We will not sell your personal data to any third parties.

Other organisations and international transfers

Other organisations

We may need to provide other organisations with personal information to allow them to carry out some activities on our behalf.

These organisations may include:

  • payment processing organisations
  • delivery organisations
  • mailing houses
  • contractors or consultants providing services to the council (or directly to service users)

 We select these organisations carefully and put measures in place to make sure that they are not allowed to do anything with your personal information which we could not do ourselves.

International transfers

Almost all council data is held within the European Union (EU). 

Any data transfers outwith the EU require additional internal approvals and we only send data overseas where we have been able to put in place measures to make sure that your personal information is as safe and respected in the overseas country, or countries in question, as it is in the UK. 

If we need to transfer your personal information overseas in relation to a particular activity, this will be explained in the specific privacy statements relating to that function along with a description of the protective measures we have put in place to keep it secure.

How long do we keep your information for?

We only keep your personal information for the minimum amount of time necessary. 

Sometimes this time period is set out in the law, but in most cases it is based on our business need.

Data retention requirements

We have adopted a standardised approach when identifying retention requirements and this is based on the Scottish Records Retention Schedule for Local Authorities (SCARRS), which is a national recommendation issued by Scottish Council on Archives. We will inform you how long your information will be held for within our services privacy notices.

What are your rights under Data Protection Law?

Access to your information

You have the right to request a copy of the personal information that we hold about you.

Correcting your information

We want to make sure that your personal information is accurate, complete and up to date. Therefore you may ask us to correct any personal information about you that you believe does not meet these standards.

Deleting your information

You have the right to ask us to delete personal information about you where:

  • you think that we no longer need to hold the information for the purposes for which it was originally obtained
  • we are using that information with your consent and you have withdrawn your consent - see the 'withdrawing consent to using your information' section below.  Please note that in general we do not rely on consent as the legal basis for processing your personal information
  • you have a genuine objection to our use of your personal information - see 'objecting to how we may use your information' below
  • our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information

You have the right at any time to tell us to stop using your personal information for direct marketing purposes.

Restricting how we may use your information

In some cases, you may ask us to restrict how we use your personal information.  This right might be applied by you, for example, where we are checking the accuracy of personal information that we hold about you or we are assessing the objection you have made to our use of your information.  This right might also apply if we no longer have a basis for using your personal information - but you don't want us to delete the data, for example for legal claims or where there are other public interest grounds to do so.

Withdrawing consent to use your information

Where we use your personal information with your consent, you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Please contact us if you wish to exercise any of these rights.

What information do we hold about other people?

Most of the personal information we hold relates to people we are providing services to.  We also hold information about other people where this is necessary for us to carry out particular functions.

In some cases we will contact these other people directly to inform them:

  • that we have been provided with information about them
  • to also tell them about their rights under data protection law
  • to advise them about the terms of this privacy statement.

In many cases, contacting every individual would be impractical and disproportionate. Therefore the details of what we do with this sort of information and why we hold it is provided in the specific privacy statements relating to functions where we routinely hold information about people who are not our service users.

What are our profiling and automated decision processes?

We make some use of automated decision-making processes but very little use of profiling. 

Where these techniques are used, this will be explained in the specific privacy statements relating to those functions, together with a description of the reason involved in any automated decision-making.

How to make a complaint about handling of personal information

We aim to directly resolve all complaints about how we handle personal information.

If your complaint is about how we have handled your personal information, you can contact our Data Protection Officer:

  • by email to dataprotection@scotborders.gov.uk
  • by telephone on 0300 100 1800

Make a complaint through Information Commissioner's Office (ICO)

You also have the right to lodge a complaint about data protection matters with the Information Commissioner's Office.

By post:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF.

By phone:

Call 0303 123 1113 (local rate) or 01625 545 745.

Directly online:

Visit ICO website to report concerns

Make a complaint about a council service

If your complaint is not about a data protection matter, make a complaint to us directly online.