This privacy notice explains what data we collect, how we use your personal information, and your legal rights relating to your personal information. COSLA is committed to protecting and respecting your privacy.
Information you supply will be processed by COSLA in accordance with the requirements and principles of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Who are we?
COSLA is the voice of Local Government in Scotland. We provide political leadership on national issues, and work with councils to improve local services and strengthen local democracy.
COSLA is not just about politics. We're also responsible for providing national services to councils and their partners through the myjobscotland recruitment portal, Trading Standards Scotland service, and Business Gateway National Unit.
COSLA is a membership organisation and is registered with the Information Commissioner as a data controller under the following address (our headquarters) and registration number:
Convention of Scottish Local Authorities, Verity House, 19 Haymarket Yards, Edinburgh, EH12 5BH - Registration No: Z6216554.
COSLA is the data controller in relation to the processing of your personal data for the following: COSLA website, COSLA Conference Centre, Strategic Migration Partnership (SMP) website, myjobscotland, and Trading Standards Scotland (TSS) website.
We are required by law to treat your personal information legally and fairly. We must also give you the means to correct it if it is wrong, allow you to object to our processing it and, in some instances, delete it from our systems if you ask us to do so.
What information do we collect about you?
We collect and process data about you in different ways, depending on the service you are using. We collect data through the following services:
- Contacting us via our website or dedicated email address
- Our newsletters
- Surveys that we run
- Our websites (COSLA, TSS, SMP, Employers’ Organisation, myjobscotland)
- Event registrations
- COSLA Excellence Awards
Please refer to the relevant section below.
Personal data you give us when you contact us:
- Email address
- Phone number
- Any supplementary information you choose to submit
If you want to contact us you can do so using a form on our website. To allow us to contact you and keep you up to date with your request you must give us a valid email address.
You can also contact us directly by email at: firstname.lastname@example.org
We will store your personal information securely on our server and use it to follow up on any requests or to contact you for more information.
Our legal basis for processing your information is that we have a legitimate interest to communicate effectively with our partners and customers to ensure that we meet our business objectives and commitments.
Newsletters and bulk emails
Personal data you give us when you subscribe to our newsletters:
- Email address
- IP Address
We use the Mailchimp service for sending out newsletters, and bulk emails, (e.g. Inside COSLA, COSLA Excellence Awards) and we will subscribe you to a mailing list using that service.
When we send you a newsletter, we also gather statistics around email opening and clicks to help us monitor and improve our newsletters. You can find out more about this in Mailchimp’s privacy notice at https://mailchimp.com/legal/privacy/.
Our legal basis for processing your personal data is that we have a legitimate interest to process your personal data so that we can send you information that relates to your role e.g. elected member, Heads of Personnel, myjobscotland SuperUser, Excellence Awards applicant.
Personal data you give us when you complete one of our surveys:
- Email address
- IP address
We use Microsoft Forms for sending out surveys.
You can find out more on the relevant privacy notice at https://support.office.com/en-gb/article/security-and-privacy-in-microsoft-forms-7e57f9ba-4aeb-4b1b-9e21-b75318532cd9 .
Our legal basis for processing your personal data is that we have a legitimate interest to process your personal data and it’s so that we can process survey responses and analyse the results.
We use Google Analytics to collect standard internet log information and information about how you use the site. The information we collect is:
- Which web browser you are using
- The pages on our website that you visit
- The address of the website that you reached us from, including any search term used
We anonymise the last octet (i.e. last three figures) of your IP address.
Our legal basis for processing your personal data in this way is that we have a legitimate interest to understand how people are using our website so that we can improve the content and services we offer.
Personal data we collect about you when you organise or register for an event:
- Email address
- Phone number
- Job title
- Dietary requirements
- Access requirements
We use the COSLA Events Management System (secure SQL Server database) to collect event organisation information.
Our legal basis for processing your personal data if you are organising an event is contract, legal, and legitimate interest. It will allow us to book conference centre space, provide you with facility updates, generate and process the contract/invoice/payment, provide specific requirements (e.g. dietary, accessibility), analyse attendance and usage of the conference centre facilities, resolve complaints/queries/disputes, and handle any legal claims.
Our legal basis for processing your personal data if you are registering to attend an event is legitimate interest so we can provide you with a service.
How do we use the data we collect?
We use personal data held about you in the following ways:
- To allow you to sign up for newsletters/mailing lists so that we can send you information about what we are doing and meetings/events you might be interested in;
- To develop and improve the content of the newsletters we offer
- To canvass your views and opinions on a range of services that we or others might offer;
- To help you with any queries you may have in relation to the COSLA and the services we offer;
- To develop and improve the website and the services we offer;
- To book conference space and services we offer;
- To generate a contract/invoice
- To register your attendance at events;
- To ensure dietary and accessibility requirements are met;
- To fulfil our legal obligations.
Disclosure of your personal data
We will not sell your information or disclose it for direct marketing purposes.
We will disclose the personal data we process about you to the following third parties for the purposes indicated in the table below:
Name, email address, IP address
The Mailchimp email service
To send you newsletters periodically
Name, email address, IP address
The Microsoft Forms service
To allow you to participate in our surveys
Name, email address, address, job title, organisation, phone number, access requirements, and dietary requirements
To register you for one of our events
Name, email address, address, organisation, job title, organisation, phone number, access requirements, dietary requirements
COSLA Events Management System
To register you for one of our events. To book a space at the conference centre.
To protect our web forms from spam
Username, email address, organisation
To allow you to access secure area of site, to invoice you for use of service
COSLA Employers’ Organisation
The COSLA Employers’ Organisation website is a source of information about pay and conditions for the local government workforce. The database provides information for employers regarding collective bargaining agreements, employee schemes of services, and associated guidance. The website is a subscription only service. Individuals need to log-in to access this section.
Our legal basis for processing your personal data if access the Employers’ Organisation site event is legitimate interest so we can provide you with a service.
Disclosure to other parties
In addition, we may disclose your personal data to third parties:
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request;
- In order to:
- protect the rights, property or safety of our users or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
Where we store your personal data
Personal data you provide to us is stored on computer equipment in the UK with the following exceptions:
We use the Mailchimp service to send you periodic newsletters/emails and this means that some of your data is transferred to servers in the USA.
The Mailchimp service is covered by both the EU-US and Swiss-US Privacy Shield regimes and is used by many EU and worldwide businesses. As such, in our opinion, it poses a minimal threat to your privacy rights and freedoms.
You can read more about Mailchimp’s privacy measures at: https://mailchimp.com/legal/privacy/
We use Eventbrite to handle registrations for events. This means that some of your data is transferred to the US.
Eventbrite has certified its compliance with the EU-US Privacy Shield regarding collection, use and retention of customer data. As such, in our opinion, it poses a minimal threat to your privacy rights and freedoms.
We use the Google Analytics and Google reCAPTCHA services. This means that some of your data is transferred to servers outside the European Union/EEA. More information about these services is included below.
How long we will keep your data for
The following table shows what personal information we hold and how long it is held for.
How long we hold it
Retained for as long as you subscribe; deleted immediately when you unsubscribe
Contact form data
Retained for the period it takes us to respond to your query satisfactorily or after one calendar year
Employers’ Organisation log-in
Retained for as long as you subscribe; deleted immediately when you unsubscribe; deleted after 2 years
Website analytics logs
2 years for event registration information; 7 years for billing information which is retained for audit purposes
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data in transit; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features as outlined above to try to prevent unauthorised access to your personal data.
You have the following rights:
- You can seek to restrict our processing of your personal data or object to us processing your personal data at any time by contacting us at email@example.com or by writing to us at our main office address listed above.
- You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you think that we have infringed your rights. You can find more information about reporting a matter to the ICO at the following link: https://ico.org.uk/
- You have the right to access personal data held by us about you. If you wish to view, correct or update any information we hold about you please get in touch by email to firstname.lastname@example.org or by writing to us at our main office address listed above.
- In certain circumstances you have the right to ask us to delete all the information we hold about you. If you wish to do so, please get in touch by email to email@example.com or by writing to us at our main office address listed above. Please note that we may be obliged to retain some information about you to allow us to fulfil our legal obligations.
Please be aware that we are legally obliged to verify your identity using reasonable means before you can exercise your rights.
Upon being signed up for our newsletters, we will send an e-mail to the registered e-mail address. We will only share your personal information with technical services that are needed to deliver your newsletter. You are free to unsubscribe to our newsletter service whenever you want by clicking on the unsubscribe button in the newsletter or by sending an e-mail to firstname.lastname@example.org
Our website may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy notices and that we do not accept any responsibility or liability for these notices or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these notices before you submit any personal data to these websites or use these services.
You can prevent the storage of cookies by disabling them in your browser. You can find out how to do this by visiting http://www.allaboutcookies.org
Please note that if you disable cookies, some of the functionality on our website may not be available to you or may not work as expected.
In addition, you may prevent the collection of analytics data by Google by downloading an add-on for your browser by visiting https://tools.google.com/dlpage/gaoptout?hl=en-GB
Once you install the add-on, an opt-out cookie will be set which prevents the future collection of your data when visiting our website.
Our website uses Google reCAPTCHA, a service provided by Google that helps protect our website from spam by using analysis techniques that can identify if a user is human rather than a machine.
Your entry in the reCAPTCHA field will be sent to Google in the USA and processed by Google for this purpose. The reCAPTCHA application will also send your IP address and other data to Google to enable it to provide the reCAPTCHA service. By using reCAPTCHA, you agree to Google processing your data for this purpose. The IP address provided as part of Google reCAPTCHA will not be merged with other Google data.
Changes to privacy notice
Any changes we may make to our privacy notice in the future will be posted on our website and, where appropriate, notified to you when you next visit. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of our services.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed by email to email@example.com or in writing to our main office address above.
Last Updated 22/01/2021