Privacy and cookies

Finance and Integrated Service Support privacy notice

How your personal information is used by Finance and Integrated Service Support

Here at Midlothian Council, we take your privacy seriously. Under the Data Protection Act 2018, you have a right to know how we collect, use and share your personal data. The information below provides a general description of the kinds of personal data we collect in Finance and Integrated Service Support as part of the provision of a wide range of support and frontline services and how we might use and share it.

You can find more detailed information about how and why we use your data in individual Privacy Notices, which we issue when we collect your data. The information we collect will depend on the work we need to do, or the service you get from us. Specific information about how we use your personal data is covered in service-specific privacy notices (as they become available).

Service-specific privacy notices

Our Privacy Promise

We promise to collect, process, store and share your data safely and securely.

What lets us collect your information?

We have a legal duty to provide some Services. When we do this we are generally working under the following legislation:

  • Scottish Public Services Ombudsman Act 2002
  • Health and Safety at Work etc. Act 1974
  • Civic Government (Scotland) Act 1982
  • Children’s Hearings (Scotland) Act 2011
  • Employment Rights Act 1996
  • Licensing (Scotland) Act 2005
  • Housing (Scotland) Act 2006
  • Adult Support and Protection (Scotland) Act 2007
  • Adults With Incapacity (Scotland) Act 2000
  • Mental Health (Care and Treatment) (Scotland) Act 2003
  • Children (Scotland) Act 1995
  • Adoption and Children (Scotland) Act 2007
  • Debtors (Scotland) Act 1987
  • Equality Act 2010
  • Town and Country Planning (Scotland) Act 1997
  • Building (Scotland) Act 2003
  • Road Traffic Regulation Act 1984
  • Local Government (Scotland) Act 1973
  • Local Government (Scotland) Act 1975
  • Local Government etc. (Scotland) Act 1994
  • Public Services Reform (Scotland) Act 2010

What kinds of personal data do we collect?

The personal data we collect might include your name, date of birth, address, National Insurance number, or other information that identifies you.  If necessary, we might also collect what is called ‘special category’ data – that is, sensitive information such as medical/health information. We will always make it clear what information we are collecting, how we will use it, and why and with whom we will share it through a service-specific Privacy Notice.

How do we collect your personal data?

We collect your personal data in many different ways. You might give us your personal data yourself, by entering your information in a form on the Council website, intranet or system or by contacting a Council officer in person, in writing or over the phone. We might also receive your personal data from other agencies or local authorities. If we share information regularly with another organisation, the conditions for sharing your personal data are set out in an Information Sharing Agreement.

How do we use your personal data?

Your personal data may be used so that Finance and Integrated Service Support can deliver its main functions. These functions include providing services for customers in the following categories:

  • Business Services
  • Communications and Marketing
  • Digital Services
  • Financial Services
  • Employment and Reward
  • Human Resources and Organisational Development
  • Legal Services
  • Procurement

Specific information about how we use your personal data is covered in service-specific Privacy Notices.

We use your personal information to respond to comments, compliments or complaints about our services council wide. We may use customer feedback internally to help us improve our services. We may also need your information if you choose to escalate your complaint to the Scottish Public Services Ombudsman.

Why do we share your personal data?

We might share your personal data in order to effectively deliver our services.  This might be because another agency has been contracted to provide a service, or because responsibility for particular services is shared across multiple agencies or authorities, such as Lothian Pension Fund or Scottish Public Pension Authority (SPPA) with who we share information for our employees for Pension purposes. We may also share personal data with Royal Mail CFH docmail limited, who carry out our online print and post service council wide.

Specific information about how and why your personal data is shared is covered in service-specific Privacy Notices.

With whom do we share your personal data?

If necessary, we might share your personal data with other agencies and authorities, depending on the service being provided. We will only share your personal data if it is necessary to do so, and the appropriate conditions have been met.

In general, the external bodies with whom we share information might include:

  • Other Local Authorities
  • Central government or government agencies
  • Regulators
  • Police
  • Courts
  • Solicitors
  • Third sector partner organisations
  • Contractors
  • Councillors

Personal data also might be shared between Midlothian Council services, including Schools.

Specific information about other bodies with whom we share your personal data is covered in service-specific Privacy Notices.

How long do we keep your personal data?

Your personal data is kept in line with Midlothian Council’s Retention Schedule. The retention schedule sets out the kinds of information the Council creates and uses, how long it should be kept, and what should be done with it at the end of its ‘life’.

Further information

You can find out more about how we use your information to detect and prevent fraud or crime, information collected through our website, recorded telephone calls, CCTV, the rights you have under the Data Protection Act, and how to contact us by referring to the overarching Midlothian Privacy Notice.

Related Downloads

Related pages