Who we are
This is the Privacy Notice of the Scottish Parliamentary Corporate Body ('the SPCB')
How we use your information generally
This Privacy Notice explains how we collect and use personal information about you.
In general terms, we collect and use personal information to fulfil the following functions and associated activities of the Scottish Parliament:
- Parliamentary functions
- Education and learning
- Legal services including legal advice to the SPCB and MSPs
- Licensing and registration including registration of Members Interests
- Supporting and managing employees
- Advertising, marketing and public relations
- Accounts and records
- Information and databank administration
- Property management
- Data matching
- Crime prevention and prosecution of offenders
The GDPR sets out the rights which individuals have in relation to personal information held about them by data controllers. These rights are listed below, although whether you will be able to exercise each of these rights in a particular case may depend on the purpose for which the data controller is processing the data and the legal basis upon which the processing takes place (see the individual privacy notices listed above for further details in relation to specific processing activities).
Access to your information - You have the right to request a copy of the personal information about you that we hold. For further information, see our Data Subjects' Access Request Policy.
Correcting your information - We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information - You have the right to ask us to delete personal information about you where:
You consider that we no longer require the information for the purposes for which it was obtained.
We are using that information with your consent and you have withdrawn your consent - see Withdrawing consent to using your information below
You have validly objected to our use of your personal information - see Objecting to how we may use your information below
Our use of your personal information is contrary to law or our other legal obligations
Objecting to how we may use your information - You have the right at any tie to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Restricting how we may use your information - in some cases, you may ask us to restrict how we use your personal information. This right may apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don't want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Automated processing - if we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.
Withdrawing consent using your information - Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us in any of the ways set out in the Contact information and further advice section if you wish to exercise any of these rights.
Specific privacy statements
The following privacy statements contain detailed information on how we handle personal data in relation to each of our specific functions and activities.
Freedom of Information (Scotland) Act 2002
Please Note: The Scottish Parliament is covered by the Freedom of Information (Scotland) Act 2002. The Act requires us to disclose information we hold to the requester unless we are permitted to withhold it by an exemption. This includes personal data we hold. If the request covers personal data, the interests of the data subject must be considered but ultimately, we may be required by law to release the information to the person who has made the request.
Visiting and contacting the Parliament
Events and Exhibitions
Using our website and our use of social media
Requests to use our Corporate Identity
Health and Safety
Parliamentary business - general
Parliamentary business - Petitions
Parliamentary business - Committees
Parliamentary business - Private Bills
Data protection and Freedom of Information
Media and Broadcasting
Information about external visitors
Contractors, Suppliers and Customers
Changes to our privacy statement
We keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained using the contact information below.
This privacy statement was last updated on [10 May 2018].
Contact information and further advice
If you have any further questions about the way in which we process personal data, or about how to exercise your rights, please contact the Head of Information and Governance at:
The Scottish Parliament, Edinburgh, EH99 1SP
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner's Office:
By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF