Data Protection Policy

NatureScot can only use data about people if we also protect people’s privacy and follow data protection law. The law sets out six principles organisations must follow to protect people’s privacy.

These are:

1. Use of data must be fair and comply with the law.
2. Data can only be used for a specific reason and, if it's used again, the new use must be connected to the original reason.
3. The amount of data collected should only be enough as needed to do the job.
4. Information about people must be accurate and kept up-to-date if needed.
5. Information about people can only be kept for as long as needed to do the job and no longer.
6. Information must be kept safe and secure.

The law also states that NatureScot must be open, honest and transparent and help you understand why and how we are using your data. This guide forms part of that obligation.

NatureScot only processes data about people in line with these principles.

NatureScot is the Data Controller for the information covered by this notice. For some types of work we will be joint controllers with other organisations, or use a data processor. We will let the people whose personal data we are using know when NatureScot is not the only data controller or is using a data processor.  

NatureScot’s Data Protection Officer (DPO) helps NatureScot to understand how to protect your personal data and comply with the law. They can also answer any questions you might have about how we use your data.