Scotland on Tap logo

Privacy Policy

Here we set out the privacy policy for our website. Please read this for information on how we collect and process your data fairly and in accordance with legislation.  

This website (www.scotlandontap.gov.uk) is operated by WICS. We are committed to collecting and using data fairly and in accordance with the requirements of data protection laws. We take your privacy seriously and we ask that you read this policy carefully, as it contains important information on:  

We are the controller of the personal information that we collect from you on our website. We are therefore legally responsible for how we collect, hold and use your personal information. This also means that we are required to comply with data protection laws when collecting, holding and using your personal information.

We have appointed a Data Protection Officer (DPO), who ensures that we comply with data protection laws. If you have any questions about this statement or how we hold or use your personal information, please contact the DPO via email at: [email protected].

Your attention is particularly drawn to section 3 of this policy, which confirms that you consent to your personal information and sensitive personal information being held and used by us as described in section 2 of this policy.

1. What personal information do we collect about you?

Our website is a place for you to find out more about us and the work that we do.

When you visit our website, we collect personal information about you when you:


2. Why do we collect this personal information?

We use such personal information to:

We may not be able to respond fully to your information requests or complaints if you do not provide us with sufficient personal information to allow us to do so.

We may also collect information about you via cookie files. Further information about the cookies we use and why is outlined below: 

 

Name of Cookie Owner Purpose of cookie
Google Analytics Google Inc. This is a web analytics service provided by Google Inc., which uses cookies to show us how you found and explored our website, and how we can enhance your experience. It provides us with information about how you used our website e.g. how long you stayed on the website, the average number of pages viewed and also tells us how many visitors we have had.




3. What is our legal basis for holding and using your personal information? 

Data protection laws require us to have a legal reason for collecting, holding and using your personal information.  

Our legal reasons for collecting, holding and using your personal information are:

In some circumstances, we may rely on your consent as our legal reason. By providing us with your personal information and sensitive personal information (relating to your health, racial or ethnic origin, religious or other beliefs or sexual orientation – known as ‘special categories‘ of personal information under data protection laws) and the personal information and special categories of personal information of other individuals via our website, you:

You and the other individuals have the right to withdraw your consent to us holding and using your and their personal information and special categories personal information by contacting us. Once you/they have withdrawn your/their consent, we will no longer use your/their personal information and special categories personal information for the purpose(s) set out in section 2 of this policy, which you originally agreed to, unless we have another legal reason for doing so.

4. Who do we share your personal information with?

We will only share your personal information with the suppliers that you selected in the enquiry form.  

5. How long do we keep your personal information?

We will only keep your personal information for as long as we need to for the purposes described in section 2 of this policy, including to meet any legal, accounting, reporting or regulatory requirements. More information is contained in our data retention policy, which is available by contacting our DPO.

6. How do we keep your personal information secure?

The security of your personal information is of importance to us and we use technical and organisational measures to safeguard your personal information.

However, while we will use reasonable efforts to safeguard your personal information, the use of the Internet is not entirely secure and, for this reason, we cannot guarantee the security of any personal information that is transferred by or to you via the Internet. If you have any concerns about the security of your personal information, please contact our DPO for more information.

Our servers are located within data centres that are information security and quality accredited.

7. Where is your personal information stored?

Our servers are located in the United Kingdom and the information that we collect directly from you will be stored in these servers.

Some of the organisations we share your personal information with (see section 4 of this policy) may be based or may make use of data storage facilities that are located outside the United Kingdom. Their handling and use of your personal information will involve us and/or them transferring it outside the United Kingdom. When we and/or they do this, we will ensure similar protection is afforded to it by:

Please contact our DPO for further information on the specific mechanism that we use when transferring your personal information outside the United Kingdom.

8. What rights do you have in relation to your personal information that we collect, hold and use?

It is important that the personal information that we collect, hold and use about you is accurate and current. Please keep us informed of any changes by contacting our DPO. Under certain circumstances, the law gives you the right to request:

You can also object to us holding and using your personal information on grounds relating to your particular situation, unless we have overriding and compelling legitimate grounds for holding and using your personal information in certain situations.

Please contact our DPO if you wish to make any of the above requests. When you make a request, we may ask you for specific information to help us confirm your identity for security reasons. You will not need to pay a fee when you make any of the above requests, but we may charge a reasonable fee or refuse to comply if your request for access is clearly unfounded or excessive.

9. Feedback and complaints

We welcome your feedback on how we hold and use your personal information, and this can be sent to our DPO.
 
You have the right to make a complaint to the Information Commissioner, the UK regulator for data protection, about how we hold and use your personal information. The Information Commissioner’s website is: https://ico.org.uk/ and complaints can be made here.

If you would like to receive this policy in alternative format, for example, audio, large print or braille, please contact our DPO.

10. Updates to this policy

We may update this policy at any time, and you should check this policy occasionally to ensure that you are aware of the most recent version that will apply each time you access our website.

Last updated: August 2022