Some of the language used in privacy notices can be specialised. The Information Commissioner's website provides a useful introduction to key terms and concepts.
The Scottish Parliament is hosting the 2025 Business in the Parliament Conference which provides an opportunity for Members and representatives from the business sector in Scotland to come together to discuss business issues. Participants will be attending in person. As well as registration information, images of speakers and attendees will be taken and footage of the event, including what speakers and attendees say during the formal conference sessions will be recorded and will be made public after the event as on demand footage on the Business in the Parliament website and SPTV and excerpts or full sessions will be made available via online video conferencing platforms and Scottish Parliament social media platforms. The names and organisations of participants (including their chosen panel sessions) will be listed in the conference programme, available in paper format to those attending the conference to facilitate the organisation of panel sessions and support networking opportunities.
CCTV is also recorded in and around the building. Please refer to our specific privacy notice relating to CCTV.
Registration information previously collected for the event in 2024 using Eventbrite has been retained on our secure network. Information about individuals wishing to attend the 2025 event will be recorded using MS Forms which will include any accessibility information and dietary requirements.
Read the Microsoft Privacy Statement
Any email correspondence with the Business in the Parliament Team or the Economy and Fair Work Committee will be managed in accordance with our Privacy Notice relating to correspondence with Scottish Parliament committees.
The purpose of the processing by the Scottish Parliamentary Corporate Body (SPCB) is to enable participants to register for the conference and, where relevant, to facilitate participation for invited participants.
The Scottish Parliamentary Corporate Body (SPCB) processes any personal data you send in line with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Personal data consists of data from which a living individual is identified or is identifiable. The SPCB will only use your personal data for the purposes set out in this privacy notice and for which it was collected and in line with the legal basis for which it is being processed.
Further information about how the Scottish Parliament processes personal data
The personal data used is normal category data. This will include your title, name, email address, the organisation you represent and your contact details. This may also include your image and what you say as a speaker or as an attendee at the conference.
We may also receive and temporarily store *special category data about you, including health data and dietary requirements, to facilitate access to the Scottish Parliament building and your participation in the conference.
*Special category data as defined by the UK GDPR. Special category data is personal data that reveals:
Personal data is provided to the Business in the Parliament Conference directly from individuals (data subjects) or other individuals or organisations on their behalf in connection with their attendance at the conference.
Data protection law states that we must have a legal basis for processing your personal data. The legal basis for processing the personal data you provide to the SPCB during the Business in the Parliament Conference is that the processing is necessary for performing a task carried out in the public interest (Article 6(1)(e) UK GDPR) being the facilitation and hosting of an event which promotes democratic engagement.
For special category data, the processing is necessary for reasons of substantial public interest. The substantial public interest is compliance with statutory equality requirements (Article 9(2)(g) UK GDPR and section 10(3) and paragraph 6 of Part 2 to Schedule 1 of the DPA and s29(7) of the Equality Act 2010)
The information gathered when registering for the event will be used by the Economy and Fair Work Committee, and the Scottish Parliament’s Events and Exhibitions Team to organise the conference and to help inform the next conference. This will be securely deleted eight weeks after the event takes place.
Video footage will be held and available publicly on Scottish Parliament TV as set out above.
Further information on how we record and capture images and audio
Data protection law sets out the rights which individuals have in relation to personal data held about them by data controllers. Applicable rights are listed below, although whether you will be able to exercise data subject rights in a particular case may depend on the purpose for which the data controller is processing the data and the legal basis upon which the processing takes place.
For example, the rights allowing for deletion or erasure of personal data, data portability and objecting to the processing of personal data do not apply in cases where personal data is processed for the purpose of complying with a legal obligation – these particular rights will therefore not apply to any personal data processed by us for the purpose of fulfilling our legal obligations under the Lobbying (Scotland) Act 2016.
The following rights apply:
You have the right to request a copy of the personal information about you that we hold. For further information, have a look at our page on Making a Subject Access Request.
We want to make sure that your personal information is accurate, complete, and up-to-date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Please contact us in any of the ways set out in the contact information and further advice sections below if you wish to exercise any of these rights.
In line with the principles underlying the National Guidance for Child Protection in Scotland (2014), published by the Scottish Government, our staff may report a concern to the relevant authorities if they come across an issue in the course of their work which causes them to think that a child may be at risk of abuse or harm.
We keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained using the contact information below.
This privacy statement was last updated on 12 February 2025.
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner's Office online at: https://ico.org.uk/make-a-complaint.
Or by phone at: 0303 123 1113
If you have any further questions about the way in which we process personal data, or
about how to exercise your rights, please contact the Head of Information Governance
at:
The Scottish Parliament
Edinburgh
EH99 1SP
Telephone: 0131 348 5281
(Calls are welcome through the Text Relay service or in British Sign Language through Contact Scotland BSL.)
Email: dataprotection@parliament.scot
Please contact us if you require information in another language or format.
