Some of the language used in privacy notices can be specialised. The Information Commissioner's website provides a useful introduction to key terms and concepts.
The Scottish Parliament is hosting the 2023 Business in Parliament Conference which provides an opportunity for Members and representatives from the business sector in Scotland to come together to discuss business issues. This event will take place in a hybrid format with participants attending in person and remotely via video conferencing. Images of speakers and attendees and what they say during the formal conference sessions (whether attending in person or virtually) will be recorded and will be made public after the event on the Business in Parliament website and excerpts or full sessions may be made available via online video conferencing platforms or Scottish Parliament social media platforms.
CCTV is also recorded in and around the building. Please refer to our specific privacy notice relating to CCTV.
Registration for the conference will be managed via a third-party supplier Eventbrite.
Read Eventbrite’s terms and conditions for processing personal data here.
The purpose of the processing
The purpose of the processing by the Scottish Parliamentary Corporate Body (SPCB) is to enable participants to register for the conference and, where relevant, to facilitate participation for invited participants.
Virtual attendance at the event
The SPCB will use Zoom, a third-party communication tool to enable attendees to watch the keynote speeches and the cross-party panel session online. We ask that participants do not record the session or share the Zoom link or the content of what is being discussed. The event will be recorded and made available to the public on the Business in Parliament website after the event has ended.
More information about the way Zoom collects and stores personal information can be found here.
The SPCB may use SLIDO, a third-party interactive app, to allow participants to pose questions to the speakers. If your question is chosen, the Presiding Officer (PO) will read out your name and organisation and your question to the panel. Your contribution will be made public to attendees in the Debating Chamber and to those accessing the Business in Parliament Conference remotely. Your contribution will also be posted on the Business in Parliament website after the event has ended. Your contribution may be made available on social media.
More information about the way SLIDO collects and stores personal information is available here.
Collecting and holding personal data
The SPCB processes any personal data you send in line with the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Personal data consists of data from which a living individual may be identified. The SPCB will hold any personal data you share with us securely, we will use it only for the purposes set out in this privacy notice and for which it was collected and will only in line with the legal basis for which it is being processed.
Further information about how the Scottish Parliament processes personal data.
Categories of information processed
The personal data used is “normal category” data in accordance with the UK General Data Protection Regulation’s definition. This will include your title, your name, email address, the organisation you represent and your contact details. This may also include your image and what you say as a speaker or as an attendee at the conference.
We may also receive and temporarily store special category data about you, including health data and dietary requirements, to facilitate access to the Scottish Parliament building and your participation in the conference.
Source of the information
Personal data is provided to the Business in Parliament Conference directly from individuals (data subjects) or other individuals or organisations on their behalf, employees of the Scottish Parliamentary Corporate Body (SPCB) or other Parliament passholders, including elected Members of the Scottish Parliament (in their constituency, regional or ministerial capacity) or their staff via emails, written communications, telephone calls, and/or verbally in person.
Legal basis for data processing
Data protection law states that we must have a legal basis for processing your personal data. The legal basis for processing the personal data you provide to the SPCB during the Business in Parliament Conference is that the processing is necessary for performing a task carried out in the public interest (Article 6(1)(e) UK GDPR and section 10(1)(b) and paragraph 6 of Part 2 of Schedule 1 of the Data Protection Act 2018) being the facilitation and hosting of an event which promotes democratic engagement.
For special category data, the processing is necessary for reasons of substantial public interest. The substantial public interest is compliance with statutory equality requirements (Article 9(2)(g) UK GDPR and section 10(3) and paragraph 6(1)(b) Part 2 of Schedule 1 to the Data Protection Act 2018 (DPA) and s29(7) of the Equality Act 2010).
Data sharing and retention of data
The information gathered when registering for the event will be used by the Economy and Fair Work Committee and the Business in Parliament Conference Working Group to organise the conference and to help inform the next conference. This will be securely deleted two weeks after the event takes place.
For further information on how we record and capture images and audio please click here.
Your rights
Data protection legislation sets out the rights which individuals have in relation to personal data held about them by data controllers. Applicable rights are listed below, although whether you will be able to exercise data subject rights in a particular case may depend on the purpose for which the data controller is processing the data and the legal basis upon which the processing takes place.
For example, the rights allowing for deletion or erasure of personal data, data portability and objecting to the processing of personal data do not apply in cases where personal data is processed for the purpose of complying with a legal obligation – these particular rights will therefore not apply to any personal data processed by us for the purpose of fulfilling our legal obligations under the Lobbying (Scotland) Act 2016.
The following rights apply:
Access to your information
You have the right to request a copy of the personal information about you that we hold. For further information, have a look at our page on Making a Subject Access Request.
Correcting your information
We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Objecting to how we may use your information
You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Restricting how we may use your information
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information, but you don't want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Please contact us in any of the ways set out in the Contact information and further advice section if you wish to exercise any of these rights.
Child Protection
In line with the principles underlying the National Guidance for Child Protection in Scotland (2014), published by the Scottish Government, our staff may report a concern to the relevant authorities if they come across an issue in the course of their work which causes them to think that a child may be at risk of abuse or harm.
Changes to our privacy statement
We keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained using the contact information below.
This privacy statement was last updated on 17 November 2022.
Complaints
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner's Office online at: https://ico.org.uk/make-a-complaint.
Or by phone at: 0303 123 1113
Contact information and further advice
If you have any further questions about the way in which we process personal data, or
about how to exercise your rights, please contact the Head of Information Governance
at:
The Scottish Parliament
Edinburgh
EH99 1SP
Telephone: 0131 348 6913
(Calls are welcome through the Text Relay service or in British Sign Language through Contact Scotland BSL.)
Email: dataprotection@parliament.scot
Please contact us if you require information in another language or format