Who are we?
Under the purposes of data protection law, Advice Direct Scotland as data controller, are responsible for ensuring the personal information of those engaging with our services is kept safe and secure. This means we only will use your information for the purposes of monitoring, research and improving the overall efficiency of our service.
We are registered as a data controller with the Information Commissioner’s Office. Our registration number is Z9035412.
Types of data or information we collect
Your personal data encompasses any information which allows you to be identified. Any data acquired which retains your anonymity is not considered either personal data or personal information.
We may process the following data about you:
- Any information you provide either through our website or via telephone which includes your name, address, email address, contact number, gender, date of birth, financial or credit card information.
- Our forms of correspondence with you (whether via telephone or online).
- Information obtained through email or social networking tools such as Facebook, Instagram, LinkedIn or Twitter.
- Details of your visits to our website. This may include data concerning your geographical location, traffic, communication tools used, and services engaged with (further information on this can be found in the Cookies section below).
Purposes and Lawful Basis of Collecting Data
Legitimate Interests (GDPR, Article 6(1)(f)) – We need to process your data to provide you with our services. To assist you in your enquiry to provide relevant and applicable guidance, advice and information
Legitimate Interests (GDPR, Article 6(1)(f)) –We need to process your data to provide you with this service. To forward you relevant information or advice via email or text, following the resolution of your query.
Legitimate Interests (GDPR, Article 6(1)(f)) –We may need to process your data to protect our organisation. Protecting ADS’s legitimate business interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation)
Legitimate Interests (GDPR, Article 6(1)(f)) – To monitor use of our websites and online services. We may use your information to help us check, improve and protect our products, content, services and websites, both online and offline. To monitor any customer account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime
Legal Obligation (GDPR, Article 6(1)(c)) – To comply with applicable law and legislation. We are legally obliged to process data for this purpose. To provide our funders with anonymous statistics on service use.
Consent (GDPR, Article 6(1)(a))-We require consent to collect and process data. To share relevant data to organisations that require confirmation of certain information for referrals to take place.
Who has access to your information?
Advice Direct Scotland will not sell or rent any personal information to third parties. Furthermore, we will not share any information with third parties for marketing purposes. All personal data is treated confidentially and is only shared when there is a legal basis for doing so.
Advice Direct Scotland may share details of your case with your local Trading Standards. We will not share any details without prior consent noted during your contact with us.
We may share your personal data with Consumer Scotland in order for them to undertake their statutory functions i.e. providing consumer advocacy and advice, undertaking research and investigations, and providing information to consumers.
How long do we keep your personal data?
Operating in line with established data protection principles, we only retain personal information from you when we have an ongoing legitimate need to do so. consumeradvice.scot has a record retention schedule which outlines our periods for retaining all personal information and this record is updated regularly. Once your information is no longer required, all data is safely destroyed.
Name, contact details, specific enquiry details and circumstances, trader details, emails, advisor notes/comments, website data
Generic referral data, generic outcome data, generic categorisation data
Under data protection law, you have the following rights:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
- You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you in most cases.
Please contact us at DPO@advice.scot if you wish to make a request.
Cookies help us track various aspects of user visitations to our website. This includes the length of a user visit, their geographic location and patterns of user navigation on our site.
You can switch off cookies on your computer, although this may result in a loss of functionality when accessing our website.
How we keep your data secure
As a controller of personal data, we have in place appropriate technical and organisational measures to ensure we implement the data protection principles outlined.
Our approach to data protection is monitored by a core team involving both Senior and Junior Management. Guided by our ISO/IEC 27001:2013 accredited Information Security Management System and delivered by all personnel, our data protection approach is designed to ensure that our operations are resilient. All data we hold is stored in Tier 3 and Tier 4 Data Centres with multiple redundancies and extremely strict access requirements.
If any personal information is stored on a third party, cloud-based solution, we ensure that the third party complies with data protection principles when processing your data.
Where can you find more information about ADS’s handling of your data?
If you have any outstanding questions or requests regarding this policy or our privacy practices in general, you can contact us by email through DPO@advice.scot.
If you are not happy with our response or require further information regarding data processing rules and regulations, you can contact the Information Commissioner’s Office: https://ico.org.uk/.
Review of this policy
We keep this Policy under regular review. This Policy was last updated in October 2022.