This page clarifies how we process personal data in order to comply with legal or regulatory requirements. It also explains your associated rights. Please read our general privacy information in addition to the specific information contained in this privacy notice.
| Purpose: Legal and regulatory compliance | |
|---|---|
|
Explanation of the purpose |
We may process personal data that you provide to us or that we obtain from other sources in order to comply with legal or regulatory requirements. For example, information may be used for the National Fraud Initiative (NFI), a counter-fraud exercise led by Audit Scotland (See our Suppliers' data page). We may use correspondence records, including recordings of telephone calls, to investigate, respond to, and/or report instances of suspected abuse or threatening or illegal behaviour. We do not routinely record telephone calls. Calls are only recorded where abuse or threatening or illegal behaviour is suspected. |
|
Legal basis |
Processing of this data is necessary for compliance with legal obligations or for the performance of tasks carried out in the public interest or for our official functions. |
|
Types of personal information |
The types of personal data that we process for this purpose varies depending on the nature of the processing, in particular the nature of the specific legal or regulatory obligation. It is most likely that we will process data such as your name, your contact details, your address, details of your employment with us (if applicable), or details of your registration with us (if applicable) for this purpose. |
|
Sources of personal information |
We may obtain data for this purpose directly from you and from third parties. We may also already hold the data that we need to process for this purpose. |
|
Recipients of the data |
This data will be processed by the National Library of Scotland for this purpose and certain data will be sent to third parties (see 'Will the data be transferred to third parties?'). |
|
Retention period |
We will normally process data for the purpose of complying with legal and regulatory requirements for as long as we are required to do so. We have a detailed range of retention periods for different types of records, some of which may also apply to information processed for the purpose of legal and regulatory compliance. Please see our retention schedules (811 KB; 77 pages) for details, in particular under business classification 06.02.00.00 'Finance' on page 47, 06.08.00.00 'Compliance' on page 65 and 06.09.00.00 'Legal affairs' on page 74. |
|
Your rights in relation to this data |
Your core rights as a data subject apply to this processing. Additionally, the right of objection applies to processing carried out for the performance of tasks carried out in the public interest or for our official functions. |
|
Data may be transferred to third parties for this purpose. Our telephone system is provided by a third party, Exchange Communications Ltd. Telephone calls recorded by the Library will be processed by Exchange Communications Ltd. For more information, please see Exchange Communications Ltd.'s privacy policy. |
|
|
Will the data be transferred outside the UK or the European Economic Area (EEA)? |
No. |
|
Is it obligatory to supply this data and what are the consequences of not supplying the data? |
It may be obligatory to supply data for this purpose, depending on the situation. If you do not supply data for this purpose, it may be that we are unable to meet certain legal or regulatory requirements. We may also be unable to provide certain services or meet certain obligations, such as user registration. |
|
Will the data be used in automated decision-making? |
No. |