Privacy

Here we set out the privacy policy for our website. Please read this for information on how we collect and process your data fairly and in accordance with legislation.

We take your privacy seriously

This website (www.wics.scot) is operated by WICS. We are committed to collecting and using data fairly and in accordance with the requirements of data protection laws. We take your privacy seriously and we ask that you read this policy carefully, as it contains important information on:

  • the personal information we collect about you;
  • what we do with your personal information; and
  • who your personal information might be shared with.

We are the controller of the personal information that we collect from you on our website. We are therefore legally responsible for how we collect, hold and use your personal information. This also means that we are required to comply with data protection laws when collecting, holding and using your personal information.

We have appointed a Data Protection Officer (DPO), who ensures that we comply with data protection laws. If you have any questions about this statement or how we hold or use your personal information, please contact the DPO via email at: DPO@wics.scot

1. What personal information do we collect about you?

Our website is a place for you to find out more about us and the work that we do.

When you visit our website, we collect personal information about you when you:

  • submit an access to information request to us under access to information laws;
  • make a complaint against us;
  • respond to a consultation;
  • apply for employment with us; 
  • submit the SOT customer enquiry form; or
  • otherwise provide feedback or make contact with us.

2. Why do we collect this personal information?

We use such personal information to:

  • communicate with you in response to your contact with us;
  • respond to access to information requests made by you;
  • handle and resolve complaints made by you;
  • process your application for employment with us; 
  • enable retailers that you’ve selected via the SOT enquiry form to provide you with information about their services; or
  • keep the personal information that we hold about you accurate and up-to-date (if you provide any new personal information to us via the website).

We may not be able to respond fully to your information requests or complaints if you do not provide us with sufficient personal information to allow us to do so.

We may also collect information about you via cookie files. Further information about our use of cookies is contained in our cookie statement.

3. What is our legal basis for holding and using your personal information?

Data protection laws require us to have a legal reason for collecting, holding and using your personal information.

Our legal reasons for collecting, holding and using your personal information are:

  • compliance with the legal and regulatory obligations that apply to us, such as access to information laws;
  • exercise of our official authority vested in us in terms of the Water Services etc. (Scotland) Act 2005 and associated legislation; and
  • our legitimate interests – while you have a legitimate interest in the protection of your personal information, we also have an overriding legitimate interest in handling and using your personal information, for example, to ensure the effective functioning and availability of our website.

4. Who do we share your personal information with?

We may share your personal information with our consultants, advisers, market retailers and IT service providers for the purposes described in section 2 of this policy.

We may also share your personal information with law enforcement agencies for the prevention or detection of crime where communications that you send to us via our website would suggest that you have engaged, or are about to engage, in unlawful or criminal activity.

5. How long do we keep your personal information?

We will only keep your personal information for as long as we need to for the purposes described in section 2 of this policy, including to meet any legal, accounting, reporting or regulatory requirements. More information is contained in our data retention policy, which is available by contacting our DPO.

6. How do we keep your personal information secure?

The security of your personal information is of importance to us and we use technical and organisational measures to safeguard your personal information.

However, while we will use reasonable efforts to safeguard your personal information, the use of the Internet is not entirely secure and, for this reason, we cannot guarantee the security of any personal information that is transferred by or to you via the Internet. If you have any concerns about the security of your personal information, please contact our DPO for more information.

Our servers are located within data centres that are information security and quality accredited.

7. Where is your personal information stored?

Our servers are located in the United Kingdom and the information that we collect directly from you will be stored in these servers.

Some of the organisations we share your personal information with (listed in section 4 of this policy) may be based or may make use of data storage facilities that are located outside the United Kingdom. Further information will be available in their respective privacy notices.

Should our processes change and your information is transferred in services located outside the United Kingdom, we will ensure similar protection is afforded to it by: 

  • only transferring it or permitting its transfer to countries that have been deemed to provide an adequate level of protection for personal information under data protection laws; or
  • using specific contracts with such organisations, which are approved for use in the United Kingdom, and which give your personal information the same protection it has in the United Kingdom after it is transferred.

Please contact our DPO for further information on the specific mechanism that we use when transferring your personal information outside the United Kingdom.

8. What rights do you have in relation to your personal information that we collect, hold and use?

It is important that the personal information we collect, hold and use about you is accurate and current. Please keep us informed of any changes by contacting our DPO. However, please be aware that updating your data with WICS does not automatically transfer to the retailer and therefore customers should complete a new enquiry form if they wish to seek responses from retailers using updated data.

Under certain circumstances, the law gives you the right to request:

  • a copy of your personal information and to check that we are holding and using it in accordance with legal requirements;
  • correction of any incomplete or inaccurate personal information that we hold and use about you;
  • deletion of your personal information where there is no good reason for us continuing to hold and use it. You also have the right to ask us to do this where you object to us holding and using your personal information (details below);
  • temporarily suspend the use of your personal information, for example, if you want us to check that it is correct or the reason for processing it;
  • the transfer of the personal information that you have provided to us to you or to another organisation; and
  • that you are not subject to a decision solely taken by computer which produces legal consequences for or otherwise significantly affects you.

You can also object to us holding and using your personal information on grounds relating to your particular situation, unless we have overriding and compelling legitimate grounds for holding and using your personal information in certain situations.

Please contact our DPO if you wish to make any of the above requests. When you make a request, we may ask you for specific information to help us confirm your identity for security reasons. You will not need to pay a fee when you make any of the above requests, but we may charge a reasonable fee or refuse to comply if your request for access is clearly unfounded or excessive.

9. Feedback and complaints

We welcome your feedback on how we hold and use your personal information, and this can be sent to our DPO via email: dpo@wics.scot.  

You have the right to complain to us if you think we have not handled your personal information in accordance with data protection legislation. Specifically, you can complain to us about how we are handling your information if we:

  • have not properly responded to your request for your personal information;
  • are not keeping information secure;
  • hold inaccurate information about you;
  • have disclosed information about you;
  • are keeping information about you for longer than is necessary;
  • have collected information for one reason and is using it for something else; or
  • have not upheld any of your data protection rights.

If you feel the need to make a data protection complaint, please get in touch with our DPO via email: dpo@wics.scot

You have the right to make a complaint to the Information Commissioner, the UK regulator for data protection, about how we hold and use your personal information. The ICO’s contact details are as follows:

Website: https://ico.org.uk/ and complaints can be made here.  

If you would like to receive this policy in alternative format, for example, audio, large print or braille, please contact our DPO.

10. Updates to this policy

We may update this policy at any time, and you should check this policy occasionally to ensure that you are aware of the most recent version that will apply each time you access our website.

Last updated: April 2026.

Was this information useful to you?
 

Any feedback you provide will be considered for future improvements. Please avoid providing personal information here. We don’t respond to individual comments, but you can contact us if you have a specific query.