Privacy Policy – Scottish Health Competent Authority

This privacy policy tells you what to expect when the Scottish Health Competent Authority (SHCA) collects your personal information.

Who we are

Scottish Ministers

St Andrew’s House
Regent Road
Edinburgh
EH1 3DG

Phone Number: 0131 244 4026

E-mail:

NIS SG Health Competent Authority healthca@gov.scot
Central Enquiries Unit ceu@gov.scot

Website: www.scotland.gov.uk

The Scottish Government, on behalf of Scottish Ministers, is the devolved government for Scotland signed into act through the Scotland Act 1998. Its head office is located at St Andrews House, Regent Road, Edinburgh, EH1 3DG and you can contact our Digital Health and Social Care team by post at this address, or by e-mail at healthca@gov.scot

The Network Information Systems Regulations 2018 is designed to boost the overall level of security for network and information systems that support the delivery of essential services within the EU. It applies to those sectors which are vital for our economy and society, providing services such as the supply of electricity and water and the provision of healthcare and transport.

The Legal Basis of collecting this information

The legal basis is provided by the Network and Information Systems Regulations 2018, under regulation 11 (1) imposes on designated OES in the digital infrastructure subsector a duty to report to the competent authority any incident which has a significant impact on the continuity of the essential service which it provides.

The information we require:

Name and contact details – including current role, email, phone
Additional information provided when asked a question or giving feedback
Website user statistics supplied by Google Analytics.

How we process your information

The reporting of an Incident as an Operator of Essential Services (OES) under the NIS Directive
Notification to the Digital Health and Care Division regarding a personal data breach which meets the Thresholds for Incident Reporting to the Information Commissioner’s Office.
Answering any queries or giving feedback.

How we handle your information

Information provided to the SHCA is protected in the same way we protect our own confidential information: held securely, with restricted access to relevant colleagues.
The personal data you send us can be viewed by authorised people in the Scottish government.
All Information collected is stored within eRDM our corporate records system, and restricted to certain individuals who require access.
SHCA retains personal data for as long as it is necessary for the purposes set out in this document and for as long as the law requires.
After Three years your personal information shall be redacted from the Incident Report and any associated metadata.

Who the information will be shared with

The National Cyber Security Centre (NCSC), Police Scotland and relevant departments’ within the Scottish Government to help identify investigation and mitigation opportunities.
We won’t share details with regulators, such as the Information Commissioner, without first seeking your consent.
If you contact us asking for information, we may need to contact other government bodies to find that information.

Visitors to our websites

We use a third party service, Google Analytics, to collect information site usage through the use of a set of cookies.

Three Google Analytic cookies are stored: “_gat”, “_gid” and “_ga”. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Information you have given to us about other people

If you have provided anyone else’s details on the Incident Reporting form, please make sure that you have told them that you have given their information to the Scottish Government. This information will be immediately deleted. If more information on how we will use the information provided is required contact the address, or dpa@gov.scot

Your rights under data protection law

You have a right of access to any personal data we hold about you by making a Subject Access Request (SAR).

In addition, if you believe that the data we hold is inaccurate or incomplete you can ask us to update our records.

For more information on the rights you have over how your personal data is handled, please visit your data matters | ICO

Complaints

If you have any concerns about our use of your personal information, you can make a complaint to us by sending an email to dpa@gov.scot

or writing to us at:

Data Protection Officer
Victoria Quay
Edinburgh
EH6 6QQ

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.