Privacy notice

Disclaimer

Environmental Standards Scotland (ESS) seeks to ensure that the information published on its website is up to date and accurate. However, the information on the website does not constitute legal or professional advice and ESS cannot accept any liability for actions arising from its use. ESS cannot be held responsible for the contents of any pages referenced by an external link.

Any personal data collected through this website will be treated as confidential in line with the principles of the Data Protection Act 2018 and General Data Protection Regulation.

Who we are

This is the general privacy notice of Environmental Standards Scotland (“ESS”, “we”, “us” or “our”). ESS was established under the UK Withdrawal from the European Union (Continuity) (Scotland) Act 2021 (“the Continuity Act”) to fill the gap in environmental governance caused by the UK’s departure from the European Union. ESS’ principal place of business is at Thistle House, 91 Haymarket Terrace, Edinburgh. Our registration number on the ICO Register of Data Controllers is ZB213951.

We are responsible for scrutinising the actions of all public authorities – including the Scottish Government and its agencies, as well organisations carrying out functions on behalf of public authorities – to ensure that they are complying with the law.

ESS is a non-ministerial office, independent of Scottish Government and accountable to the Scottish Parliament.

Everyone has rights with regard to how their personal information is handled. During the course of our activities ESS will collect, store and process personal information about our customers, staff and all other individuals who work with us or contact us in order to provide our public services. We recognise the fundamental importance of handling this information in an appropriate and lawful manner to maintain the confidence and trust of our customers and staff in our processing of their Personal Data. Protecting the confidentiality and integrity of Personal Data is a critical responsibility that we take seriously at all times. If ESS fails to comply with Data Protection Law, then it may be subject to enforcement and sanctions from the Information Commissioner.

What is personal information

Personal information can be anything that identifies and relates to a living person. This can include information that, when put together with other information, can then identify a person.

There may also be situations where we process special categories of personal information that need more protection due to its sensitivity. It’s often information you would not want widely known and is very personal to you.

Why we use your personal information

We collect and use personal information to enable us to carry out our statutory duties (encompassing our public task), which may include:

• • investigation of environmental complaints
  • undertaking formal enforcement actions
  • the use of CCTV and mobile systems for crime prevention
  • developing policy and undertaking consultations
  • providing advice and information and undertaking research
  • maintaining our own accounts and records
  • delivering internal support functions, including corporate administration and the support and management of our employees
  • and all activities that we are required to carry out as a controller and as a public authority

How the law allows us to use your personal information

We must have a legal basis for using your personal information and make it clear to you, which one is being used. These include:

• • if you, or your legal representative, have given us consent
  • if you have entered into a contract with us, including if you are an employee
  • it is required by law (legal obligation)
  • it is necessary to protect someone in an emergency (vital interests)
  • it is necessary to perform our statutory duties (public task)

We will retain personal information for as long as it required for the legal basis noted above and in accordance with our retention schedule.

Where we need to process any of your personal information, which is defined as special category information, we must also ensure that we have an additional legal basis for doing so. These include:

• • if you, or your legal representative, have given us consent
  • it is required by law (legal obligation)
  • it is necessary to protect someone in an emergency (vital interests)
  • necessary for the establishment, exercise or defence of legal claims
  • it is necessary to perform our statutory duties (public task)

How we share personal information

We sometimes need to share your personal information with other organisations for statutory or regulatory reasons, or because doing so is in the general public interest.  Any sharing will be carried out lawfully and securely in accordance with the Data Protection Principles.

These organisations include:

• • UK government bodies (for example HMRC)
  • Scottish Government, its agencies and non-ministerial departments (for example Revenue Scotland)
  • Local government and administration (for example relating to planning consultations)
  • Law enforcement and regulatory agencies (for example Police Scotland and the Crown Office and Procurator Fiscal Services)
  • Audit Scotland and the Audit Commission (for National Fraud Initiative)

Like most organisations, we ask third parties who are part of our own supply chain to collect and use your personal information in order to help us perform our functions. In each case they do this under explicit instructions from us and are not allowed to pass your information to others without our permission, or to use it for any further purpose.

These organisations include:

• • the suppliers of our IT systems and infrastructure
  • suppliers of communications systems and services
  • suppliers of office and building services
  • suppliers of professional services (such as recruitment specialist or legal advisors)

They retain your information only as long as is necessary and we ensure that they return to us, or destroy, any remaining information at the end of our contract with them.

As a public body, ESS is required to comply with statutory obligations to provide access to information (for example the Freedom of Information (Scotland) Act and the Environmental Information (Scotland) Regulations 2004). It may be necessary for us to disclose your personal information to a third party in response to a relevant statutory request.

Your rights regarding your personal information held by ESS

We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact ESS’ Data Protection Officer at enquiries@ess.thegateedinburgh.com. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Changes to our privacy statement

We keep this privacy notice under regular review and will place any updates on the ESS website.  Electronic copies of the privacy notice may also be obtained by contacting enquiries@ess.thegateedinburgh.com

Complaints

If you have any concerns about our use of your personal information, you can make a complaint to us at enquiries@ess.thegateedinburgh.com.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

This privacy notice was last updated on 14 November 2023.