Disclosure Scotland's privacy statement

Disclosure Scotland is an Executive Agency of the Scottish Government. We provide criminal records checks under Part V of the Police Act 1997 and the Protection of Vulnerable Groups (Scotland) Act 2007. 

Disclosure Scotland is committed to ensuring all personal information is collected and processed in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018. This means information can only be used for business, regulatory or legal reasons.

Disclosure Scotland uses personal information:

• to decide if you qualify for certain levels of disclosures
• to prevent, detect and investigate crime
• to check Police Criminal History Systems for any relevant convictions you may have
• to apply the Rehabilitation of Offenders Act 1974 as amended by Part 2 of the Management of Offenders (Scotland) Act 2019
• for audit purposes
• for statistical analysis and research
• to send you any certificates or communications
• to improve service levels

Sharing your information

The information you provide may be shared with other people to: 

• process your application 
• check it's correct 
• verify your identity 

We may also share information: 

• to prevent, detect and investigate crime 
• to apprehend and prosecute offenders 
• to safeguard children and protected adults 

We may share information with:

• police forces, to support application processing, prevent and detect crime, and protect vulnerable groups
• employers who have a legal right to see the information under Part 5 of the Police Act 1997 and the Protection of Vulnerable Groups (Scotland) Act 2007
• regulatory bodies who monitor professional competence and maintain standards for the professions they regulate
• NHS Tribunal
• courts services
• Police Criminal Records Office
• UK or overseas government departments and law enforcement agencies
• TransUnion (a data processor of Disclosure Scotland) to verify your identity

Protecting your information

Your personal information will be: 

• handled fairly and lawfully
• only kept and used for limited purposes
• adequate, relevant and not excessive 
• accurate and kept up to date
• kept no longer than necessary
• processed in line with the data subjects' rights
• held securely
• protected if it's transferred to other countries

Your information will not be made available for commercial use without your permission. 

Staff and systems

All our staff, suppliers and contractors are security vetted by the Scottish Government security unit. All staff are trained in data protection and aware of their responsibilities. 

We carry out regular compliance checks to the standard set out by the Information Commissioner's Office (ICO) and make continual security checks on our IT systems.

Your individual rights

You have a number of individual rights. You can: 

• ask us to amend any data if it's incorrect 
• ask us not to process information used for the disclosure certificate if you have a particular reason 
• asking us to make non-automated decisions regarding your data 
• claim compensation for damage caused through a data protection breach 
• access the data we hold 
• stop direct marketing 

Read more about your individual rights from the Information Commissioner's Office. 

Withdrawing your application

You can withdraw your application any time before your certificate is printed. If you withdraw your application, we will delete the personal information you provided. 

How to contact Disclosure Scotland

Email dsdpo@disclosurescotland.gov.scot for more information. You can also read our full privacy policy.  

You can contact us if you're unhappy with the way we handle your personal data. 

If you're unhappy with the answer you get, or need advice about the use of your personal data, you can contact the Information Commissioner's Office (ICO).