Privacy Policy
Disclaimer
SEPA seeks to ensure that the information published on its web site is up to date and accurate. However, the information on the website does not constitute legal or professional advice and SEPA cannot accept any liability for actions arising from its use. SEPA cannot be held responsible for the contents of any pages referenced by an external link.
SEPA privacy notice
- Who we are
- What is personal information
- Why we use your personal information
- How the law allows us to use your personal information
- Individuals named in our public registers
- How we share personal information
- Your rights regarding your personal information held by SEPA
- Changes to our privacy statement
- Complaints
- Cookies
- Third Party Cookies
- What if I don't want to accept cookies?
This is the general privacy notice of the Scottish Environment Protection Agency (“SEPA”, “we”, “us” or “our”) established by the Environment Act 1995 and having its principal place of business at Strathallan House, Castle Business Park, Stirling, FK9 4TZ. Our registration number on the ICO Register of Data Controllers is Z6161946.
Everyone has rights with regard to how their personal information is handled. During the course of our activities SEPA will collect, store and process personal information about our customers, staff and all other individuals who work with us or contact us in order to provide our public services. We recognise the fundamental importance of handling this information in an appropriate and lawful manner to maintain the confidence and trust of our customers and staff in our processing of their Personal Data. Protecting the confidentiality and integrity of Personal Data is a critical responsibility that we take seriously at all times. If SEPA fails to comply with Data Protection Law, then it may be subject to enforcement and sanctions from the Information Commissioner.
Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can then identify a person.
There may also be situations where we process special categories of personal information that need more protection due to its sensitivity. It’s often information you would not want widely known and is very personal to you.)
Why we use your personal information
We collect and use personal information to enable us to carry out our regulatory and flooding duties (encompassing our public task), which may include:
- granting and administering of licences and maintaining public registers
- investigating of environmental complaints
- undertaking formal enforcement actions
- provision of flood warning service
- the use of CCTV and mobile systems for crime prevention
- developing policy and undertaking consultations
- providing advice and information and undertaking research
- maintaining our own accounts and records
- delivering internal support functions, including corporate administration and the support and management of our employees
- and all activities that we are required to carry out as a controller and as a public authority
How the law allows us to use your personal information
We must have a legal basis for using your personal information and make it clear to you, which one is being used. These include:
- if you, or your legal representative, have given us consent
- if you have entered into a contract with us, including if you are an employee
- it is required by law (legal obligation)
- it is necessary to protect someone in an emergency (vital interests)
- it is necessary to perform our statutory duties (public task)
We will retain personal information for as long as it required for the legal basis noted above and in accordance with our retention schedule.
Where we need to process any of your personal information, which is defined as special category information, we must also ensure that we have an additional legal basis for doing so. These include:
- If you, or your legal representative, have given us consent
- it is required by law (legal obligation)
- it is necessary to protect someone in an emergency (vital interests)
- necessary for the establishment, exercise or defence of legal claims
- it is necessary to perform our statutory duties (public task)
We have prepared more detailed privacy notices for some of our services, to provide you with additional information about how we use personal information. These will be accessible here.
Individuals named in our public registers
As a regulatory authority, we compile and maintain public registers, as part of our statutory duties, and make these registers available for public inspection.
To compile the public registers, we collect and use the personal information from applicants for authorisations and permits issued by SEPA. We collect this information via an application form, usually sent to us by an applicant or agent acting on their behalf. Once processed, this information is entered on the public register and is available for public inspection. We keep this data for the period set down in our statutory obligations.
How we share personal information
We sometimes need to share your personal information with other organisations for statutory or regulatory reasons, or because doing so is in the general public interest. Any sharing will be carried out lawfully and securely in accordance with the Data Protection Principles.
These organisations include:
- UK government bodies (for example HMRC)
- Scottish Government, its agencies and non-ministerial departments (for example Revenue Scotland)
- Local government and administration (for example relating to planning consultations)
- Law enforcement and regulatory agencies (for example Police Scotland and the Crown Office and Procurator Fiscal Services)
- Audit Scotland and the Audit Commission (for National Fraud Initiative)
Like most organisations, we ask third parties who are part of our own supply chain to collect and use your personal information in order to help us perform our functions. In each case they do this under explicit instructions from us and are not allowed to pass your information to others without our permission, or to use it for any further purpose.
These organisations include
- the suppliers of our IT systems and infrastructure
- suppliers of communications systems and services
- suppliers of office and building services
- suppliers of professional services (such as recruitment specialist or legal advisors)
They retain your information only as long as is necessary and we ensure that they return to us, or destroy, any remaining information at the end of our contract with them.
As a public body, SEPA is required to comply with statutory obligations to provide access to information (for example the Freedom of Information (Scotland) Act and the Environmental Information (Scotland) Regulations 2004). It may be necessary for us to disclose your personal information to a third party in response to a relevant statutory request.
Your rights regarding your personal information held by SEPA
|
Right |
What it means |
|
Information |
You have the right to clear information about how we collect and use your personal information – this privacy notice is one example of how we do this |
|
Access |
To request a copy of your information, please complete the Data Subject Access Request Form or contact dataprotection@sepa.org.uk. |
|
Correction |
You have the right to ask for any personal information that is inaccurate or incomplete to be corrected |
|
In certain circumstances, you will have the following extra rights: |
|
|
Erasure |
You have the right to ask for your personal data to be deleted under certain circumstance |
|
Objection to processing |
You have the right to object to our use or your personal information under certain circumstances |
|
Restriction on processing |
If you make an objection, our use of your personal information may be temporarily suspended whilst we deal with your request |
|
Portability |
You have the right to ask for a copy of your personal information in a machine readable format to pass to another organisation under certain circumstances |
We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact SEPA’s Data Protection Officer, Alison M. Mackinnon at dataprotection@sepa.org.uk or by calling 01698 839 022 and ask to speak to the Data Protection Officer.
Changes to our privacy statement
We keep this privacy notice under regular review and will place any updates on the SEPA website. Paper copies of the privacy notice may also be obtained by contacting dataprotection@sepa.org.uk.
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office. They can be contacted at https://ico.org.uk/concerns/ or 0303 123 1113.
This privacy notice was last updated on 03 February 2021.
Using our website
Cookies
We use the Cookiebot cookies tool on our website to gain consent for the optional cookies we use.
Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool.
You can read more about how we use cookies, and how to change your cookies preferences, on SEPA cookies policy page.
Feedback
If you have any questions about any of the above please contact feedback@sepa.org.uk