COSLA Website Privacy Statement

This privacy notice explains what data we collect, how we use your personal information, and your legal rights relating to your personal information. COSLA is committed to protecting and respecting your privacy.

Information you supply will be processed by COSLA in accordance with the requirements and principles of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Who are we?

COSLA is the voice of Local Government in Scotland. We provide political leadership on national issues, and work with councils to improve local services and strengthen local democracy.

COSLA is not just about politics. We're also responsible for providing national services to councils and their partners through the myjobscotland recruitment portal, Trading Standards Scotland service, and Business Gateway National Unit.

COSLA is a membership organisation and is registered with the Information Commissioner as a data controller under the following address (our headquarters) and registration number:

Convention of Scottish Local Authorities, Verity House, 19 Haymarket Yards, Edinburgh, EH12 5BH - Registration No: Z6216554.

COSLA is the data controller in relation to the processing of your personal data for the following: COSLA website, COSLA Conference Centre, Strategic Migration Partnership (SMP) website, myjobscotland, and Trading Standards Scotland (TSS) website.

We are required by law to treat your personal information legally and fairly. We must also give you the means to correct it if it is wrong, allow you to object to our processing it and, in some instances, delete it from our systems if you ask us to do so.

What information do we collect about you?

We collect and process data about you in different ways, depending on the service you are using. We collect data through the following services:

  • Contacting us via our website or dedicated email address
  • Our newsletters
  • Surveys that we run
  • Our websites (COSLA, TSS, SMP, Employers’ Organisation, myjobscotland)
  • Event registrations
  • COSLA Excellence Awards

Please refer to the relevant section below.

Contacting us

Personal data you give us when you contact us:

  • Name
  • Email address
  • Phone number
  • Any supplementary information you choose to submit

If you want to contact us you can do so using a form on our website. To allow us to contact you and keep you up to date with your request you must give us a valid email address.

You can also contact us directly by email at: info@cosla.gov.uk

We will store your personal information securely on our server and use it to follow up on any requests or to contact you for more information.

Our legal basis for processing your information is that we have a legitimate interest to communicate effectively with our partners and customers to ensure that we meet our business objectives and commitments.

Newsletters and bulk emails

Personal data you give us when you subscribe to our newsletters:

  • Name
  • Email address
  • IP Address

We use the Mailchimp service for sending out newsletters, and bulk emails, (e.g. Inside COSLA, COSLA Excellence Awards) and we will subscribe you to a mailing list using that service.

When we send you a newsletter, we also gather statistics around email opening and clicks to help us monitor and improve our newsletters. You can find out more about this in Mailchimp’s privacy notice at https://mailchimp.com/legal/privacy/.

Our legal basis for processing your personal data is that we have a legitimate interest to process your personal data so that we can send you information that relates to your role e.g. elected member, Heads of Personnel, myjobscotland SuperUser, Excellence Awards applicant.

Surveys

Personal data you give us when you complete one of our surveys:

  • Name
  • Email address

We use Microsoft Forms for sending out surveys.

You can find out more on the relevant privacy notice at https://support.office.com/en-gb/article/security-and-privacy-in-microsoft-forms-7e57f9ba-4aeb-4b1b-9e21-b75318532cd9 .

Our legal basis for processing your personal data is that we have a legitimate interest to process your personal data and it’s so that we can process survey responses and analyse the results.

Website

We use Google Analytics to collect standard internet log information and information about how you use the site. The information we collect is:

  • Which web browser you are using
  • The pages on our website that you visit
  • The address of the website that you reached us from, including any search term used

We anonymise the last octet (i.e. last three figures) of your IP address.

Our legal basis for processing your personal data in this way is that we have a legitimate interest to understand how people are using our website so that we can improve the content and services we offer.

COSLA Events

Personal data we collect about you when you organise or register for an event:

  • Name
  • Email address
  • Phone number
  • Address
  • Job title
  • Organisation
  • Dietary requirements
  • Access requirements

We use the COSLA Events Management System (secure SQL Server database) to collect event organisation information.

Our legal basis for processing your personal data if you are organising an event is contract, legal, and legitimate interest. It will allow us to book conference centre space, provide you with facility updates, generate and process the contract/invoice/payment, provide specific requirements (e.g. dietary, accessibility), analyse attendance and usage of the conference centre facilities, resolve complaints/queries/disputes, and handle any legal claims.

We may use Eventbrite to collect event registration information and your personal data will be stored on Eventbrite servers. See the Eventbrite privacy policy.

Our legal basis for processing your personal data if you are registering to attend an event is legitimate interest so we can provide you with a service.

How do we use the data we collect?

We use personal data held about you in the following ways:

  • To allow you to sign up for newsletters/mailing lists so that we can send you information about what we are doing and meetings/events you might be interested in;
  • To develop and improve the content of the newsletters we offer
  • To canvass your views and opinions on a range of services that we or others might offer;
  • To help you with any queries you may have in relation to the COSLA and the services we offer;
  • To develop and improve the website and the services we offer;
  • To book conference space and services we offer;
  • To generate a contract/invoice
  • To register your attendance at events;
  • To ensure dietary and accessibility requirements are met;
  • To fulfil our legal obligations.

Disclosure of your personal data

We will not sell your information or disclose it for direct marketing purposes.

We will disclose the personal data we process about you to the following third parties for the purposes indicated in the table below:

Personal Data

Recipient

Purpose

Name, email address, IP address

The Mailchimp email service

To send you newsletters periodically

Name and email address (if requested)

The Microsoft Forms service

To allow you to participate in our surveys

Name, email address, address, job title, organisation, phone number, access requirements, and dietary requirements

Eventbrite

To register you for one of our events

Name, email address, address, organisation, job title, organisation, phone number, access requirements, dietary requirements

COSLA Events Management System

To register you for one of our events. To book a space at the conference centre.

IP address

Google reCAPTCHA

To protect our web forms from spam

Username, email address, organisation

Employers’ Organisation

To allow you to access secure area of site, to invoice you for use of service

COSLA Employers’ Organisation

The COSLA Employers’ Organisation website is a source of information about pay and conditions for the local government workforce. The database provides information for employers regarding collective bargaining agreements, employee schemes of services, and associated guidance. The website is a subscription only service. Individuals need to log-in to access this section.

Our legal basis for processing your personal data if access the Employers’ Organisation site event is legitimate interest so we can provide you with a service.

Disclosure to other parties

In addition, we may disclose your personal data to third parties:

  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request;
  • In order to:
    • enforce or apply any Terms of Use or other agreements you have agreed to with us or to investigate potential breaches; or
    • protect the rights, property or safety of our users or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

Where we store your personal data

Personal data you provide to us is stored on computer equipment in the UK with the following exceptions:

We use the Mailchimp service to send you periodic newsletters/emails and this means that some of your data is transferred to servers in the USA.

The Mailchimp service is covered by both the EU-US and Swiss-US Privacy Shield regimes and is used by many EU and worldwide businesses. As such, in our opinion, it poses a minimal threat to your privacy rights and freedoms.

You can read more about Mailchimp’s privacy measures at: https://mailchimp.com/legal/privacy/

We use Eventbrite to handle registrations for events. This means that some of your data is transferred to the US.

Eventbrite has certified its compliance with the EU-US Privacy Shield regarding collection, use and retention of customer data.  As such, in our opinion, it poses a minimal threat to your privacy rights and freedoms.

We use the Google Analytics and Google reCAPTCHA services. This means that some of your data is transferred to servers outside the European Union/EEA.  More information about these services is included below.

How long we will keep your data for

The following table shows what personal information we hold and how long it is held for.

Personal Data

How long we hold it

Newsletter

Retained for as long as you subscribe; deleted immediately when you unsubscribe

Contact form data

Retained for the period it takes us to respond to your query satisfactorily or after one calendar year

Survey

1 year

Employers’ Organisation log-in

Retained for as long as you subscribe; deleted immediately when you unsubscribe; deleted after 2 years

Website analytics logs

26 months

Event registrations

2 years for event registration information; 7 years for billing information which is retained for audit purposes

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data in transit; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features as outlined above to try to prevent unauthorised access to your personal data.

Your rights

You have the following rights:

  • You can seek to restrict our processing of your personal data or object to us processing your personal data at any time by contacting us at info@cosla.gov.uk or by writing to us at our main office address listed above.
  • You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you think that we have infringed your rights. You can find more information about reporting a matter to the ICO at the following link: https://ico.org.uk/
  • You have the right to access personal data held by us about you.  If you wish to view, correct or update any information we hold about you please get in touch by email to info@cosla.gov.uk or by writing to us at our main office address listed above.
  • In certain circumstances you have the right to ask us to delete all the information we hold about you. If you wish to do so, please get in touch by email to info@cosla.gov.uk or by writing to us at our main office address listed above. Please note that we may be obliged to retain some information about you to allow us to fulfil our legal obligations.

Please be aware that we are legally obliged to verify your identity using reasonable means before you can exercise your rights.

Our newsletters

Upon being signed up for our newsletters, we will send an e-mail to the registered e-mail address. We will only share your personal information with technical services that are needed to deliver your newsletter. You are free to unsubscribe to our newsletter service whenever you want by clicking on the unsubscribe button in the newsletter or by sending an e-mail to info@cosla.gov.uk

Our website

Our website may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy notices and that we do not accept any responsibility or liability for these notices or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these notices before you submit any personal data to these websites or use these services.

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics also uses cookies. The information generated by the cookie about your use of this website is usually transmitted to and stored by Google on servers outside the European Union/EEA. Google will use this information to evaluate your use of our website, to compile reports on website activity and to provide other services related to website activity and internet usage to us. We anonymise the last octet (i.e. last 3 figures) of an IP address and the partial IP address provided as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by disabling them in your browser. You can find out how to do this by visiting http://www.allaboutcookies.org

Please note that if you disable cookies, some of the functionality on our website may not be available to you or may not work as expected.

In addition, you may prevent the collection of analytics data by Google by downloading an add-on for your browser by visiting  https://tools.google.com/dlpage/gaoptout?hl=en-GB

Once you install the add-on, an opt-out cookie will be set which prevents the future collection of your data when visiting our website.

For more information about Google’s Terms of Use and Privacy, please visit https://www.google.com/analytics/learn/privacy.html

reCAPTCHA

Our website uses Google reCAPTCHA, a service provided by Google that helps protect our website from spam by using analysis techniques that can identify if a user is human rather than a machine.

Your entry in the reCAPTCHA field will be sent to Google in the USA and processed by Google for this purpose. The reCAPTCHA application will also send your IP address and other data to Google to enable it to provide the reCAPTCHA service. By using reCAPTCHA, you agree to Google processing your data for this purpose. The IP address provided as part of Google reCAPTCHA will not be merged with other Google data.

For more information about Google’s Terms of use and Privacy for reCAPTCHA, please visit https://www.google.com/about/company/user-consent-policy.html

Cookies

We uses cookies (small text files that we place on your device) to help provide our services to you.  For more information, please read our Cookie Policy.

Changes to privacy notice

Any changes we may make to our privacy notice in the future will be posted on our website and, where appropriate, notified to you when you next visit. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of our services.

Contact

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed by email to info@cosla.gov.uk or in writing to our main office address above.

Version 1.3

Last Updated 06/12/2023

  • Meetings, Webinars and Live Broadcasting

    Purpose and lawful basis for processing

    Our purpose for collecting this information is so we can facilitate online meetings (e.g. COSLA Board meetings, COSLA Leaders’ meetings, ad-hoc meetings) focus groups, video conferencing, webinars or live broadcast events.

    If a meeting or event is recorded it is to provide wider access those who are unable to attend, and/or to provide a record/minutes of the discussion within the meeting.

    The lawful basis we rely on for processing your personal data is Article 6(1)(f) – Legitimate Interest or Article 6 (1)(a) – Consent, under UK GDPR.


    What we need

    If you are an attendee or presenter at one of these events, we will need your name, and email address (preferably the email address you use for work purposes), and in some cases the name of your company/organisation, and/or job title. We request this information to enable you to join the online meeting.

    We receive your personal information from you, your company/organisation, or it is publicly available.

    We may record some meetings/events. COSLA does not record all meetings/events by default so you will be notified in advance if a COSLA meeting/event is to be recorded.

    The categories of personal data being collected may include:
    • Your name, email address, organisation, job title
    • Video and Photo: Recording a meeting means that if you have your picture or video image on screen, the recording will include that, and also whatever you have in the background which may be your home or your office. Background filters are recommended that place an image in the background or blur the background. Video might be automatically switched off by the organiser when attending a webinar.
    • Audio: Recording a meeting means any audio within the meeting will also be included. Audio might be automatically switched off by the organiser when attending a webinar.
    • Shared Documents / Desktop Sharing: Any documents or Desktop Sharing will be captured within the recording.
    • Chat/Q&A/Reactions function: Any comments added to the Chat or Q&A function, or interaction with the Reactions function, will be captured within the recording.
    • Live transcription: Any comments in the meeting will be captured if live transcription has been activated by the meeting organiser.

    The meeting organiser will advise which of these apply.

    What we do with it

    We use your email address to provide you with the meeting/event details. This will include information about any recording taking place, and if live transcription is to be used.

    Recordings/transcripts will not be shared onwards with others outside of the meeting invitees without express permission.

    For some meetings/events we may publish the recording, or snippets of the recording, on the COSLA website, YouTube Channel, Vimeo, or social media channels so it is accessible to a wider audience. If a meeting/event recording will be published, we will always notify you before the meeting/event.

    We don’t publish delegate lists for meetings, focus groups, webinars or live broadcast events but your name and email address may be visible to others in attendance during the event.

    We will not make any disclosures to third parties for marketing purposes.

    Your data will be secure and confidential at all times, and we will only collect the personal information that is required to provide you with our service.

    How long we keep it

    COSLA will keep your information for as long as is necessary. We will keep your email address and any recording of the meeting/event for 6 months.

    For information about how long we hold personal data, please contact the meeting organiser.

    Your information will be securely disposed of once it is no longer required.

    What are your rights?

    For more information on your rights, please see COSLA’s Privacy Statement.

    If you wish to exercise any of these rights, please contact dataprotection@cosla.gov.uk

    Do we use any data processors?

    We use Microsoft Teams to deliver our webinar and live broadcast events. Microsoft online services are used for the recording and may be used for the transcription of meetings. More information is available in the Privacy section of the Microsoft Trust Centre. All meetings/events via Microsoft Teams will have a link to Microsoft’s privacy statement.

    We may use YouTube, Vimeo, and our social media channels to publish the recordings of some meetings/events. Visit YouTube Privacy Notice, Vimeo Privacy Notice, X (formerly Twitter) Privacy Notice, Facebook Privacy Notice and Instagram Privacy Notice.

    We may use Slido when running interactive online events, for instance when we want to use live polls, Q&As, and quizzes. You can read the Slido privacy notice here. Use of Slido is not required in order to attend our meetings/events.

    We may use Mentimeter when running interactive online events, for instance when we want to use live polls, Q&As, and quizzes. You can read the Mentimeter privacy notice here. Use of Mentimeter is not required in order to attend our meetings/events.

    Do we transfer data overseas?

    Yes – transfers of data are to Microsoft, Google, Vimeo, X Corp, Meta, Cisco, Mentimeter data centres as applicable.

    Last Updated 24/04/2024