Local Authority Privacy Statement for Scottish National Standardised Assessments
Each local authority listed in Annex A to this Privacy Statement is the Data Controller for Scottish National Standardised Assessments in its local authority area. As such, the local authorities are required by UK data protection laws to provide this privacy statement to let you know what personal data is being collecting from you, why it is being collected and what will be done with it.
Who we are:
Local authorities are established under the Local Government etc. (Scotland) Act 1994 and their head offices are listed in Annex A to this Privacy Statement. You can contact the relevant Data Protection Officers using the details also set out in Annex A.
Why do we need your personal information and what do we do with it?
You are giving your child’s personal data to your local authority to allow them to discharge their statutory functions in relation to their duty to provide education which includes the Scottish National Standardised Assessments (SNSA). The personal information will also be used to maintain accounts for the SNSAs.
Legal basis for using your information:
The services are provided to you as part of each council’s statutory function as your local authority. You can find more details of each local authority’s role on their websites listed in Annex A to this Privacy Statement. Processing your personal information is necessary for the performance of a task carried out in the public interest by your council.
You will already have given your council personal information about your child to allow them to comply with their obligations as Education Authority and may additionally have provided information relating to your child’s ethnic background in order to allow the council to meet its obligations under the Equality Act 2010. If you provided personal data relating to your child’s ethnicity to your Council, it will be processed by the council in connection with the provision of SNSA. Processing this personal information is necessary for compliance with a legal obligation to which your council is subject and processing is necessary for reasons of substantial public interest.
Who do we share your information with?
Local authorities are legally obliged to safeguard public funds so are required to verify and check your details internally for fraud prevention. They may share this information with other public bodies (and also receive information from these other bodies) for fraud checking purposes. They are also legally obliged to share certain data with other public bodies, such as HMRC and will do so where the law requires this. They will also generally comply with requests for specific information from other regulatory and law enforcement bodies where this is necessary and appropriate. Your information is also analysed internally to help your local authority improve its services. This data sharing is in accordance with Information Use and Privacy Policies and covered in the full privacy statements on local authority websites (links to which are provided in Annex A, as explained above). It also forms part of local authority requirements in line with Records Management Plans approved in terms of the Public Records (Scotland) Act 2011.
Personal information that you provide to your local authority will be shared with their data processor, the Scottish Government and its sub-processors ACER International (UK) Limited and TWIG World Limited. Service providers can change from time to time and this Privacy Statement will be updated accordingly. Your details will not be passed to any other third party without informing you beforehand.
How long do we keep your information for?
Your personal information is only kept for the minimum amount of time necessary. Sometimes this time period is set out in the law, but in most cases it is based on the business need. Councils maintain records retention and disposal schedules which sets out how long different types of information are held for. You can view these on the websites listed in Annex A or you can request a hard copy from the contact address set out in Annex A.
Your rights under data protection law:
- access to your information – you have the right to request a copy of the personal information that local authorities hold about you.
- correcting your information – we want to make sure that your personal information is accurate, complete and up to date. Therefore you may ask your local authority to correct any personal information about you that you believe does not meet these standards.
- Deletion of your information – you have the right to ask your local authority to delete personal information about you where:
- you think that it no longer needs to hold the information for the purposes for which it was originally obtained
- it is using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below
- you have a genuine objection to our use of your personal information – see Objecting to how we may use your information below
- its use of your personal information is contrary to law or our other legal obligations.
Objecting to how we may use your information – You have the right at any time to tell your local authority to stop using your personal information for direct marketing purposes. You shall have the right to object, on grounds relating to your particular situation, at any time to processing of your child’s personal data and your local authority shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of your child or for the establishment, exercise or defence of legal claims.
Restricting how we may use your information – in some cases, you may ask your local authority to restrict how they use your personal information. This right might apply, for example, where they are checking the accuracy of personal information that they hold about you or are assessing the objection you have made to their use of your information. This right might also apply if the local authority no longer have a basis for using your personal information but you don't want them to delete the data. Where this right is realistically applied will mean that they may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Withdrawing consent to use your information – Where your local authority use your personal information with your consent you may withdraw that consent at any time and they will stop using your personal information for the purpose(s) for which consent was given.
Please contact your local authority as stated above if you wish to exercise any of these rights.
Local authorities aim to directly resolve all complaints about how we handle personal information. If your complaint is about how your local authority has handled your personal information, you can contact the Data Protection Officer using the details set out in Annex A to this Privacy Statement.
However, you also have the right to lodge a complaint about data protection matters with the Information Commissioner's Office, who can be contacted by post at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. By phone on 0303 123 1113 (local rate) or 01625 545 745. Visit their website for more information at- https://ico.org.uk/concerns
If your complaint is not about a data protection matter you can find details on how to make a complaint on each local authority website, as detailed in Annex A.
For more details on how we process your personal information visit the privacy information pages for your local authority as set out in Annex A, If you do not have access to the internet you can contact your local authority via telephone to request hard copies of our documents.