Privacy notice - notice of incident

This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services.  We are the controller for the personal information we process, unless otherwise stated.

We are a local authority established under the Local Government etc. (Scotland) Act 1994 and have our headquarters at Newtown St Boswells, Melrose TD6 0SA

Our contact details are:  

Data Protection Officer

Our Data Protection Officer is Nuala McKinlay. You can contact her by emailing dataprotection@scotborders.gov.uk or via our postal address Headquarters, Melrose TD6 0SA. Please address the envelope ‘Data Protection Officer’.

How do we get your information?

We will receive information from organisations, such as Scottish Government and directly from you. This exchange will primarily happen electronically.

How we will use your information?

We will use your information to contact you to correspond with you in relation to your notice of incident. We are collecting and using this information to provide the service as part of our statutory function as your local authority. Processing personal information is necessary for the performance of a task carried out in the public interest. The information we will collect includes – name, address, contact telephone number, email address.

Who we may share your information with?

Relevant information may be shared internally and will be dependent on individual needs. This could include, for example, Business Support, Fleet, Insurance.

Your information will be shared with the following third party organisation:

  • our insurance provider, if the noice of incident becomes an insurance claim.

We are legally obliged to safeguard public funds so details will be checked internally for fraud prevention and verification purposes and may be shared with other public bodies for the same purpose. 

We are legally obliged to share certain data with other public bodies such as Police Scotland and will do so where the law requires this and it will be proportionate. 

Your information may also be shared and analysed internally in order to provide management information, inform service delivery reform and similar purposes to meet our duty to achieve best value and continuous service improvement. 

In general, we do not transfer personal data outside either the UK or the European Economic Area (EEA) and on the rare occasions when it does so we will inform you.  We will only transfer data outside the UK and the EEA when it is satisfied that the party which will handle the data and the country it is processing it in will provide adequate safeguards for personal privacy.

How long do we keep your information for?

The information you have provided will be retained for seven years. 

We currently keep some of your information without limit of time. We have a project underway to implement deletion in our CRM (Customer Relationship Management) system and the full range of circumstances where we will keep or delete information is being decided as part of this project and will be detailed here once the project reaches completion.

What basis allows the us to use your information?

The lawful basis for processing your information is public task. The processing is necessary to perform a task in the public interest under Article 6(1)(e) of the UK GDPR. In some circumstances we will have a requirement to process sensitive information, such as health information. The lawful basis for processing sensitive information is that the processing is necessary for reasons of substantial public interest Article 9(1)(g) of the UK GDPR.

What rights do I have over my information?

The rights available to you include:

  • Access to your information – you have the right to request a copy of the information that we hold about you.
  • Correcting your information – we want to make sure that your information is accurate, complete and up to information. Therefore, you may ask us to correct information about you that you believe does not meet these standards.
  • Deletion of your information – you have the right to ask us to delete personal information about you where you think that we no longer need to hold the information for the purposes for which it was originally obtained or you have a genuine objection to our use of your information
  • Objecting or restricting how we may use your information – in some cases, you may ask us to restrict how we use your information.

Is this privacy notice subject to change?

  • Potentially. This privacy notice will be reviewed when necessary.