Advice Direct Scotland (ICO Registration Z9035412) (“ADS”) takes your privacy very seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data.
If you contact us through the helpline (0808 800 9060) and services provided through https://www.brexitadvice.scot (including email and livechat), the controller of your data will be ADS.
Our personal information handling policies and procedures have been developed in line with the requirements of the 1995 European Union Data Protection Directive (Directive 95/46/EC), the General Data Protection Regulation (in force from 25 May 2018) and applicable national law.
What information do we collect?
We collect and process personal data about you when you interact with our advisers or automated services. The personal data we process includes:
- Your name;
- Your phone number;
- Your email address;
- Your home address;
- Information related to the browser or device you use to access our website;
And/or any other information you provide.
What is the source of this information?
We collect this information directly from you, our personnel and through our systems and equipment.
How do we use this information and what is the legal basis for this use?
We process the data listed above for the following purposes:
to assist you in your enquiry to provide relevant and applicable guidance, advice and information to discern your eligibility for specialist projects
Legitimate Interests (GDPR, Article 6(1)(f)) – We need to process your data to provide you with our services
to forward you relevant information or advice via email or text, following the resolution of your query
Legitimate Interests (GDPR, Article 6(1)(f)) – We need to process your data to provide you with this service
protecting ADS’s legitimate business interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation)
Legitimate Interests (GDPR, Article 6(1)(f)) – We may need to process your data to protect our organisation
to monitor use of our websites and online services
Legitimate Interests (GDPR, Article 6(1)(f)) – We may use your information to help us check, improve and protect our products, content, services and websites, both online and offline
to monitor any customer account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime
Legitimate Interests (GDPR, Article 6(1)(f)) and Legal Obligation (GDPR, Article 6(1)(c)) – We are legally obliged to process data for this purpose
to provide our funders with anonymous statistics on service use
Legitimate Interests (GDPR, Article 6(1)(f)) – These reports will never include any personally identifiable information, meaning no-one will be able to discern who you are from the information provided
to comply with applicable law and legislation
Legal Obligation (GDPR, Article 6(1)(c)) – We are legally obliged to process data for this purpose
With whom and where will we share your personal data?
- Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws.
- If we make a referral on your behalf, to which you agree, we may share some personal information, such as name and telephone number, with third party organisations for the purposes of facilitating said referral, in line with our legitimate interests.
How long do we keep your personal data?
We will not keep your personal information for any purpose for longer than is necessary and will only retain the personal information that is necessary in relation to the purpose. We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
If you contact us through any or our services, we will keep your information for as long as is necessary to resolve your query and for one month after the query is closed.
We will retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place. In some instances, laws may require ADS to hold certain information for specific periods other than those listed above.
How do we keep your data secure?
As a controller of personal data, we have in place appropriate technical and organisational measures to ensure we implement the data protection principles outlined.
Our approach to data protection is monitored by a core team involving both Senior and Junior Management. Guided by our ISO/IEC 27001:2013 accredited Information Security Management System and delivered by all personnel, our data protection approach is designed to ensure that our operations are resilient. All data we hold is stored in Tier 3 and Tier 4 Data Centres with multiple redundancies and extremely strict access requirements, within the European Economic Area (“EEA”).
If any personal information is stored on a third party, cloud-based solution, we ensure that the third party complies with data protection principles when processing your data.
What are your rights in relation to your personal data?
If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.
You also have the right, with some exceptions and qualifications, to ask us to provide a copy of any personal data we hold about you.
You have a right to be “forgotten”. You can ask us to delete all personally identifiable data stored about you.
Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.
If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we don’t have a good reason to continue to use it; or (d) if we haven’t handled your personal data in accordance with our obligations.
Advice Direct Scotland ensure that this policy is kept under regular review. Any updates or amendments to the document will be posted on our website.
Where can you find more information about ADS’s handling of your data?
If you have any outstanding questions or requests regarding this policy or our privacy practices in general, you can contact us by email through this website. Alternatively, you can write to us at:
Data Protection Officer
Advice Direct Scotland
39 – 69 Bothwell Street
If you are not happy with our response or require further information regarding data processing rules and regulations, you can contact the Information Commissioner’s Office: https://ico.org.uk/.