This website (www.wics.scot) is operated by WICS. We are committed to collecting and using data fairly and in accordance with the requirements of data protection laws. We take your privacy seriously and we ask that you read this policy carefully, as it contains important information on:
- the personal information we collect about you;
- what we do with your personal information; and
- who your personal information might be shared with.
We are the controller of the personal information that we collect from you on our website. We are therefore legally responsible for how we collect, hold and use your personal information. This also means that we are required to comply with data protection laws when collecting, holding and using your personal information.
We have appointed a Data Protection Officer (DPO), who ensures that we comply with data protection laws. If you have any questions about this statement or how we hold or use your personal information, please contact the DPO via email at: DPO@wics.scot
Your attention is particularly drawn to section 3 of this policy, which confirms that you consent to your personal information and sensitive personal information being held and used by us as described in section 2 of this policy.
1. What personal information do we collect about you?
Our website is a place for you to find out more about us and the work that we do.
When you visit our website, we collect personal information about you when you:
- submit an access to information request to us under access to information laws;
- make a complaint against us;
- respond to a consultation;
- apply for employment with us; or
- otherwise provide feedback or make contact with us.
2. Why do we collect this personal information?
We use such personal information to:
- communicate with you in response to your contact with us;
- respond to access to information requests made by you;
- handle and resolve complaints made by you;
- process your application for employment with us; or
- keep the personal information that we hold about you accurate and up-to-date (if you provide any new personal information to us via the website).
We may not be able to respond fully to your information requests or complaints if you do not provide us with sufficient personal information to allow us to do so.
3. What is our legal basis for holding and using your personal information?
Data protection laws require us to have a legal reason for collecting, holding and using your personal information.
Our legal reasons for collecting, holding and using your personal information are:
- compliance with the legal and regulatory obligations that apply to us, such as access to information laws;
- exercise of our official authority vested in us in terms of the Water Services etc. (Scotland) Act 2005 and associated legislation; and
- our legitimate interests – while you have a legitimate interest in the protection of your personal information, we also have an overriding legitimate interest in handling and using your personal information, for example, to ensure the effective functioning and availability of our website.
In some circumstances, we may rely on your consent as our legal reason. By providing us with your personal information and sensitive personal information (relating to your health, racial or ethnic origin, religious or other beliefs or sexual orientation – known as ‘special categories‘ of personal information under data protection laws) and the personal information and special categories of personal information of other individuals via our website, you:
- consent to it being used by us as described in section 2 of this policy; and
- confirm that you have informed the other individuals of 12 years old and above of the content of this policy and they have provided their consent to their personal information and special categories of personal information being used by us as described in section 2 of this policy.
You and the other individuals have the right to withdraw your consent to us holding and using your and their personal information and special categories personal information by contacting us. Once you/they have withdrawn your/their consent, we will no longer use your/their personal information and special categories personal information for the purpose(s) set out in section 2 of this policy, which you originally agreed to, unless we have another legal reason for doing so.
4. Who do we share your personal information with?
We may share your personal information with our consultants, advisers and IT service providers for the purposes described in section 2 of this policy.
We may also share your personal information with law enforcement agencies for the prevention or detection of crime where communications that you send to us via our website would suggest that you have engaged, or are about to engage, in unlawful or criminal activity.
5. How long do we keep your personal information?
We will only keep your personal information for as long as we need to for the purposes described in section 2 of this policy, including to meet any legal, accounting, reporting or regulatory requirements. More information is contained in our data retention policy, which is available by contacting our DPO.
6. How do we keep your personal information secure?
The security of your personal information is of importance to us and we use technical and organisational measures to safeguard your personal information.
However, while we will use reasonable efforts to safeguard your personal information, the use of the Internet is not entirely secure and, for this reason, we cannot guarantee the security of any personal information that is transferred by or to you via the Internet. If you have any concerns about the security of your personal information, please contact our DPO for more information.
Our servers are located within data centres that are information security and quality accredited.
7. Where is your personal information stored?
Our servers are located in the United Kingdom and the information that we collect directly from you will be stored in these servers.
Some of the organisations we share your personal information with (listed in section 4 of this policy) may be based or may make use of data storage facilities that are located outside the United Kingdom. Their handling and use of your personal information will involve us and/or them transferring it outside the United Kingdom. When we and/or they do this, we will ensure similar protection is afforded to it by:
- only transferring it or permitting its transfer to countries that have been deemed to provide an adequate level of protection for personal information under data protection laws; or
- using specific contracts with such organisations, which are approved for use in the United Kingdom, and which give your personal information the same protection it has in the United Kingdom after it is transferred.
Please contact our DPO for further information on the specific mechanism that we use when transferring your personal information outside the United Kingdom.
8. What rights do you have in relation to your personal information that we collect, hold and use?
It is important that the personal information that we collect, hold and use about you is accurate and current. Please keep us informed of any changes by contacting our DPO. Under certain circumstances, the law gives you the right to request:
- a copy of your personal information and to check that we are holding and using it in accordance with legal requirements;
- correction of any incomplete or inaccurate personal information that we hold and use about you;
- deletion of your personal information where there is no good reason for us continuing to hold and use it. You also have the right to ask us to do this where you object to us holding and using your personal information (details below);
- temporarily suspend the use of your personal information, for example, if you want us to check that it is correct or the reason for processing it;
- the transfer of the personal information that you have provided to us to you or to another organisation; and
- that you are not subject to a decision solely taken by computer which produces legal consequences for or otherwise significantly affects you.
You can also object to us holding and using your personal information on grounds relating to your particular situation, unless we have overriding and compelling legitimate grounds for holding and using your personal information in certain situations.
Please contact our DPO if you wish to make any of the above requests. When you make a request, we may ask you for specific information to help us confirm your identity for security reasons. You will not need to pay a fee when you make any of the above requests, but we may charge a reasonable fee or refuse to comply if your request for access is clearly unfounded or excessive.
9. Feedback and complaints
We welcome your feedback on how we hold and use your personal information, and this can be sent to our DPO.
You have the right to make a complaint to the Information Commissioner, the UK regulator for data protection, about how we hold and use your personal information. The Information Commissioner’s website is: https://ico.org.uk/ and complaints can be made here.
If you would like to receive this policy in alternative format, for example, audio, large print or braille, please contact our DPO.
10. Updates to this policy
We may update this policy at any time, and you should check this policy occasionally to ensure that you are aware of the most recent version that will apply each time you access our website.
Last updated: August 2021