Who we are
Our website address is: https://www.cyberscotland.com.
CyberScotland is the name for a partnership of not for profit organisations who come together to provide the services outlined above. In order to provide these service we ask for and use personal data which is needed for us to help and support businesses.
The partnership organisations are:
- Scottish Government
- Police Scotland
- Scottish Business Resilience Centre (SBRC)
- Scottish Enterprise
- Scottish Council for Voluntary Organisations (SCVO)
- Skills Development Scotland
- Education Scotland
- National Cyber Security Centre
- Highlands and Islands Enterprise
This notice sets out how your personal data will be used. It will also tell you about your privacy rights, who to contact to obtain further information and how your person data will be protected from misuse and loss.
The partnership organisations are joint controllers of the personal data collected and used by the CyberScotland partnership. SBRC is the lead organisation and any queries, updates or requests should be sent to: [email protected]
Newsletters and updates
Our website allows you to sign up to receive our newsletters. We will collect and use your name, organisation and email address so that we can provide you with this service and send you our newsletter and other relevant updates including information about events that CyberScotland and the members of the partnership are holding. We will also promote similar events and training opportunities by organisations outwith the partnership.
We use MailChimp to assist us with this. The data you provide to us will not be used by MailChimp for their own purposes and will be held securely. MailChimp stores data in the United States and more information about how it looks after your data can be found here.
If you contact us about putting on an event during CyberScotland week or at other times, we need to collect more information and some of this will be personal data including:
- Name and job title;
- Organisation or academic institution you are associated with;
- Contact information such as email address or telephone number;
- The location of your business or event
- Logo or image that we will use to promote your event which may include personal data
We will use this information to contact you in relation to the event and to answer any queries you have about CyberScotland Week and any other events you are involved in which the partnership is hosting.
We may also contact you from time to time for research purposes in relation to our services, projects or work themes.
Statistical and analytical reports will be provided to the Scottish Government but any information provided will be anonymised and will not identify you as an individual.
Sharing tools and other websites
As we want your experience of our website to be as informative and useful as possible, we provide a number of links to websites operated by third parties. Links to other websites, plug-ins and applications.
Retention of your information
We will only hold onto your information for as long as it is needed to provide you with the service you have requested.
For example, if you ask us to stop sending you our newsletter, we will delete your personal data securely unless it is being used for another purpose. This include holding onto minimal contact details to ensure that you do not hear from us again.
We will retain contact details of the organisations who put on events for two years after the end of the event. If the organisation has had no further engagement with CyberScotland in that two years, we will delete your personal data.
You can ask us to update or delete your personal data at any time using the contact details above.
Your Rights under Data Protection Laws
You have a number of legal rights in relation to your personal data. These are listed in brief below. A fee will not generally be charged for exercising any of these rights unless your requests are manifestly excessive.
Your right of access: You have the right to ask us for copies of your personal information.
Your right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
If you would like to exercise any of these rights, or if you have any concerns about how your information is being used, please contact us using the contact details above.
We will do our best to assist you but if are still concerned then you always have the right to complain to the Information Commissioner’s Office. Contact details are available at www.ico.org.uk/complaints
We take appropriate measures to keep all personal information as secure as possible however, transmission of information via the internet is never completely secure. We cannot guarantee the security of your data transmitted online or through the website and you do so at your own risk. Our website encrypts the content and data in-transit using an HTTPS connection.
Once we have received your information, strict security policies are in place in all the organisations who make up the CyberScotland Partnership. All staff members handling the data are aware of their obligations to use the information only as authorised and keep it confidential as appropriate. All personal data is only accessible to those who need to use it.
Changes to this privacy notice
Changes may be made to this privacy notice at any time and if these changes are substantial we will let you know. We may also notify you in other ways from time to time about the processing of your personal data.
This policy was updated in February 2021 and shall be regularly monitored and reviewed, at least every two years.