The Health and Social Care Alliance Scotland (the ALLIANCE) is committed to ensuring that your privacy is protected. 

Should we ask you to provide personal and/or sensitive personal information when using our website or communicating orally or in writing with our personnel, including volunteers, then you can be assured that it will be used only in accordance with this privacy policy and in line with the principles of the Data Protection legislation.

This privacy policy explains what to expect when the collects and processes personal information about you.

Who do we collect information about?

Why do we collect information about you?

What information do we collect about you?

Marketing and sharing

Transfer of data overseas


Security of your information

Contact database

Website and Cookies

Other websites

Notice of breach of security

Changes to our privacy policy

Your rights


How to contact us

Who do we collect information about?

The ALLIANCE collects information about our:

  • Members
  • Newsletter/Bulletin sign ups
  • People who attend our events
  • Participants in focus groups/research/campaigns
  • Advisory and Programme Board members
  • ALISS Account holders and users
  • Individuals referred to Community Links Workers (CLW)
  • Self Management Network Scotland (SMNS)
  • Self Management Awards
  • Self Management Fund
  • You Can Make a Difference pledges
  • Other contacts e.g. freelance journalists
  • Photographs
  • Volunteers
  • Board of Directors
  • Supplier including consultants and contractors
  • Financial information including expenses
  • Employees, former employees, job applicants

Why do we collect information about you?

The ALLIANCE will collect personal and sensitive information about you for the following purposes:

  • To administer membership records
  • To support our events
  • To keep you informed about the work of the ALLIANCE and issues relating to the health and social care agenda including events and training courses
  • To give you the opportunity to be involved in policy work, campaigns, events consultations, research, personal stories/case studies and blogs etc.
  • To send you information about third parties which we think you may find interesting
  • To improve the services we provide to you
  • To influence and shape policy
  • To manage our portfolio of work
  • To publicise the work of the ALLIANCE
  • To manage our employees and volunteers
  • To recruit
  • To administer and maintain our accounts
  • To maintain our records

What information do we collect about you?

Personal information collected may include your name, address, telephone number, e-mail address and criminal proceedings, outcomes and sentences, offences and alleged offences.  We may also require sensitive personal information regarding any accessibility or dietary requirements you have and information regarding your health, gender, sexual life (including orientation), race/ethnicity, political opinions, religious, personal life and philosophical beliefs.

If you are involved in focus groups, consultations, blogs, campaigns, awareness raising, personal stories/case studies, events etc, your opinion, feedback, comments, personal circumstances and photographs may be collected by the ALLIANCE.  We may also capture your views on video or audio, depending on the activity.  If we are filming or photographing an event, this will be made clear to all attendees in advance.

If you are involved in activity whereby your travel expenses may be reimbursed, we may require your bank details should you choose to be reimbursed electronically.

Marketing and sharing

The ALLIANCE sometimes needs to share the personal information we process with the individuals themselves and with other organisations.  Where this is necessary we comply with all aspects of the data protection legislation.

The ALLIANCE and its sub-contractors will not sell, distribute, lease or otherwise disclose your personal information to third parties unless we have your written permission, or are required by law to do so.

The ALLIANCE’s sub-contractors may have access to personal data while operating our IT systems (including website), conducting our business or providing you with a service.  However, in doing so, they will be bound by data protection legislation and the ALLIANCE’s privacy policy.

Users of our website are notified when their information is being collected by any outside parties.  We do this so our users can make an informed choice as to whether or not they should proceed with services that require an outside party.

Information about our members and how to contact them is published on our website and is published with the permission of the member.

Any personal data collected through the ALLIANCE’s website will be treated as confidential and in line with the data protection legislation e.g. signing up to newsletters or membership.

Transfer of data overseas

We use third party sites such as Zoom to host public events including membership events and our annual conference.  These events are not designed to elicit personal information from participants, however, should you wish to register to attend these events you must be aware that transfers personal data to the USA and that any personal data you choose to share will be transferred to a country that does not provide adequate data protection (in line with GDPR) and that no adequate safeguards aimed at providing protection for the data are being implemented.

Zoom is also used to record, edit and publish ALLIANCE Live activity.   Participants who consent to participate are subject to the same caveats as above.

The ALLIANCE use Heroku to host its ALISS website.  Heroku is part of Salesforce and its servers are based in the USA.  Salesforce have standard contractual clauses (in line with GDPR requirements) that, together with recognising the judicial authority of the UK, provide adequate safeguards for the processing of data.

With your consent, the ALLIANCE may publish your personal stories etc. on our website and via social media.  In doing so, this information will be transferred overseas and accessible worldwide.

We use a third party provider called Mailjet (this link will take you away from the website),, who are based exclusively in Europe to deliver our newsletters.  We record the addresses of undeliverable emails and those who have unsubscribed and do so in order that we maintain accurate and up to date records.

Our contact database and our IT servers are hosted by Microsoft (West Europe) and are bound by EU data protection legislation.


How long we retain your information will depend on the purpose of processing.  Please read the relevant section e.g. members.

Security of your Information

We are committed to ensuring that your information is secure.

To prevent unauthorised access or disclosure we have put into place physical, electronic and managerial procedures to safeguard and secure information we collect from you.

Physical Controls

All confidential hard copy filing is locked in storage cupboards with limited access.

Electronic Controls

All accounts are password protected accounts.

No information containing personally identifiable information is saved to the hard drives of desktop PCs.

The ALLIANCE staff, sub-contractors and volunteers can access their accounts remotely therefore removing the need for information to be saved to removable media or local hard drives.

Writing personal information to removable media, for which we do not have consent to make public, is prohibited.

The ALLIANCE website and contact database are hosted via the internet and accounts are password protected.

Shared computers for use by visitors to the ALLIANCE have restricted access and cannot access personal information collected by the ALLIANCE.  Shared computers have access only to the hub and scanned drives.  Users should be aware that any information they store on these drive can be viewed by all other users.  Only public information should be stored on this drive.

Users of shared computers should also be aware that other users can access the history of websites that have been previously viewed.

Managerial Controls

ALLIANCE staff and volunteers are made aware of the data protection legislation and policies and procedures of the ALLIANCE at induction.

Contact Data Base

The ALLIANCE’s contact database contains identifiable information of our members and contacts.

The contact database is hosted on Microsoft Azure (West Europe).  The database is accessed only by ALLIANCE staff, volunteers, consultants and sub-contractors; all of whom are bound by the data protection legislation and the ALLIANCE’s privacy policy.


The ALLIANCE hosts three websites including the main website and one other: (this link will take you away from our website)

Connections starting https are encrypted, those starting http are not.

The ALLIANCE uses a third-party services to maintain, host and secure the performance of our websites.  To deliver this service they process the IP addresses of visitors to the websites.


When users enter the ALLIANCE website (excepting ALISS) their computers will automatically be issued with ‘cookies’.  Cookies are text files which identify users’ computers to the ALLIANCE server.  The website then creates “session” cookies to store some of the preferences of users moving around the website, e.g. retaining a text-only preference.  Cookies in themselves do not identify individual users but identify only the computer used and they are deleted on departure from the website.

Many websites do this to track traffic flows, whenever users visit those websites.

The ALLIANCE website uses third-party cookies to measure use of the website including number of visitors, how frequently pages are viewed, and the city and country of origin of users.  This helps to determine what is popular and can influence future content and development.  For this purpose, the ALLIANCE uses Google Analytics to measure and analyse usage of the website.  The information collected by the ALLIANCE will include IP address, pages visited, browser type and operating system.

Users can set their web browsers to accept all cookies, to notify them when a cookie is issued, or not to receive cookies at any time.  The last of these means that certain personalised services cannot then be provided to that user.

More information about how use Cookies can be found on our Cookies page.

For more information on how ALISS use Cookies please see the full ALISS Privacy Policy (this link will take you away from the website).

Other Websites

The ALLIANCE websites contain links to other sites.  Please be aware that the ALLIANCE is not responsible for the privacy practices of such other sites.  We encourage our users to be aware when they leave our site and to read the privacy statements of every website that collects personally identifiable information.  This privacy statement applies solely to information collected by the ALLIANCE.

Notice of Breach of Security

If a security breach causes an unauthorised intrusion to our system that materially affects the information we hold about you, we will notify you as soon as possible and later report what action we took in response.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post the updated privacy statement to the website and any other places we deem appropriate, e.g. the ALLIANCE newsletter, so our users are always aware of what information we collect, how we use it, and under what circumstances, if any we disclose it.

Your Rights

You have the right to:

  • access your information
  • withdraw consent to use of your information
  • have inaccurate personal data corrected
  • be forgotten
  • request the restriction of processing
  • data portability
  • not be subjected to automated decisions and profiling
  • lodge a complaint with the Information Commissioner’s Office (ICO)

Access to your information (Subject Access Request)

Upon written request to the ALLIANCE, individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection legislation. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to;
  • for how long it will be retained and
  • let you have a copy of the information in an intelligible form and portable form
  • tell you if it has been transferred overseas and what safeguards were put it place
  • tell you the source of the information if it did not come directly from you
  • notify you of your right to have the information corrected, made complete or erased
  • advise you of your right to complain to the Information Commissioner’s Office

The ALLIANCE will provide you with this information within one month.  The ALLIANCE can refuse to provide you with this information if we cannot do so without disclosing personal information about another person or if your request is excessive.

To make a subject access request you should submit your request to:


Data Protection, The Health and Social Care Alliance Scotland, Venlaw Building, 349 Bath Street, Glasgow, G2 4AA

Withdraw consent

You should be aware that you can withdraw your consent at any time.  Should you choose to withdraw consent, the ALLIANCE will delete your personal information.

If you have consented to your personal information being made public in reports, on social media or via any other channel, you must note that the ALLIANCE can only delete its future use of your information, unless it has another legal basis to justify holding on to your personal information.

Correction of inaccurate personal data

You have the right to have any inaccurate personal information held by the ALLIANCE to be corrected and you have the right for incomplete personal data to be made complete.  The ALLIANCE encourages individuals to provide us with updates to their personal information in accordance with the purpose for processing.  The ALLIANCE will notify any third parties to whom it disclosed the information of the updates.

Right to be forgotten/data erasure

The right to be forgotten entitles you to have your personal data erased, further dissemination of the data stopped and, potentially, have third parties halt processing of the data.  The conditions for erasure include the data no longer being relevant to the original purposes for processing, or when the data subjects withdraw consent.  These rights exist if there are no overriding legitimate grounds for processing e.g. the performance of a contract.

The ALLIANCE will notify any third parties to whom it disclosed the information of the changes to processing.

Restriction of processing

You have the right to request the restriction of the processing of your information if you contest the accuracy or lawfulness of the personal data.  Restriction means that the information can only be processed with your consent or in defence of a legal claim.

It also applies where you object to the processing and the ALLIANCE is considering whether its legitimate grounds override your individual rights or when processing is unlawful but you oppose erasure and request restriction instead.

If you no longer need the personal data but the individual requires the data to be retained to allow them to establish, exercise or defend a legal claim

Right to Portability

The right to data portability allows individuals to obtain and re-use their personal data for their own purposes across different services.

The right to data portability only applies:

  • to personal data an individual has provided to a controller;
  • where the processing is based on the individual’s consent or for the performance of a contract; and
  • where the processing is carried out by automated means.

The personal data will be provided in a structured, commonly used and machine readable format. Examples of appropriate formats include CSV and XML files.

Automated Decision Making including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling.


Should you wish to complain about how The Health and Social Care Alliance Scotland (the ALLIANCE) have handled any aspect of your personal data, you can contact us using the details below and/or by contacting the Information Commissioner’s Officer (ICO) (this link will take you away from our website) or write to them at:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Tel: 0303 123 1113


How to contact us

If you have any questions or suggestions regarding our privacy policy, please contact our Data Protection Officer at:

Telephone:                      0141 404 0231


Post:                                 The Health and Social Care Alliance Scotland (the ALLIANCE),  Venlaw Building, 349 Bath Street,  Glasgow, G2 4AA

Website URL:        

It should be noted that the ALLIANCE’s e-mail system is not encrypted and anyone sending personally identifiable information via e-mail should be aware of this.


When you consent to become an ALLIANCE member, we will request your name, address, email, telephone number, information on areas of the ALLIANCE work that particularly interests you and newsletters that you would like to receive in addition to our ALLIANCE e-bulletin and quarterly membership newsletter, and involvement network bulletin if you are an individual supporter.

If you are an organisation we will request additional information including your invoice address and the details of your finance contact.

We then use this information to:

  • administer your membership record
  • keep you informed about the work of the ALLIANCE and issues relating to the health and social care agenda including events and training courses
  • give you the opportunity to be involved in policy work, campaigns, consultations, research, personal stories/case studies and blogs
  • send you information about third parties which we think you may find interesting
  • improve the services we provide to you
  • influence and shape policy
  • manage our portfolio of work

We will retain this information for the duration of your membership.  Should you cancel your membership we will delete your personal information within one month.  However, we will retain the details of organisations who have cancelled their memberships.

Newsletter/bulletin sign ups

If you consent to receiving our newsletter (e-bulletins) we will add your details to the appropriate mailing list(s).  Our newsletters have an unsubscribe function at the foot of each page that allows individuals to change their minds and unsubscribe, at any time, from receiving the newsletter.  Alternatively, you can email the ALLIANCE at to withdraw your consent.

People who attend our events

If you consent to attending one of our events, the ALLIANCE will collect your name, contact details, dietary and accessibility requirements.

We will use this information to prepare a delegate list which will be shared by all those attending our events for networking purposes, to inform the venue of any accessibility and dietary requirements you may have, to invoice you for your fee (if applicable), to sign you up to workshops (if applicable) and to keep you informed about the event.  Photographs may be taken at the event and used for publicising the event and the wider ALLIANCE portfolio.  People attending the event are notified that photographs will be taken and can choose not to participate.

We may contact you after the event for feedback and to enquire whether you would like to receive any further information about or become more involved with the ALLIANCE or its programmes.

Once the event has been held, we will retain your data for one year. This is to allow us to follow with regards feedback and enquire whether you would like to receive any of our newsletters or join as a member.  If you are already a member or an existing contact your information will be retained in accordance with your existing relationship.

Participants in focus groups/research/campaigns

If you are participating in any other ALLIANCE activity such as focus groups, blogs, viewpoints, podcasts, opinion pieces, competitions, case studies, social reporting, surveys, campaigns etc.  The ALLIANCE will obtain your consent before processing your information.

How your information is handled will depend on each activity and will be in accordance with the consent provided by you.

If we are working with another organisation and need to provide your information to them, you will be notified of this prior to your giving consent.

You should ensure that you understand prior to giving your consent how your information will be used and with whom it will be shared.

You can withdraw your consent at any time but should be aware that if the information is to be made public via reports and social media, the ALLIANCE will be able to only withdraw its future use of your personal information.  It will not be able to remove the information from materials and channels already in circulation.

Information collected for these types of activity may be personal and sensitive personal data.  You may be asked for you name and contact details, about your condition(s), how you self manage, for your political opinions etc.

The information may be used in reports, newsletters, campaign materials, as training materials, published on social media and our website etc.  These will be shared with Government, Parliament, other third sector organisations, the public, our members, event delegates etc. and will be shared internationally.

Whether you will be identifiable from the information will depend on the consent that you provided e.g. if you appeared in a video you will be identifiable from your appearance.  If you provided a personal story, blog or viewpoint, for example, you may be identifiable from the content, or from your name if you consented to this, and if you completed an online survey your IP address will have been collected by the third party survey site.  Other information may not explicitly identifiable, however, the ALLIANCE cannot guarantee this.

Your personal information will be retained in accordance with the consent you provided.  Information that you have consented to being made public will be retained permanently.

Advisory/Programme Boards

If you consent to volunteer for our various programme and/or advisory boards we will require your name, job title (if applicable), organisation (if applicable) and contact details.

These will be kept for the duration of your tenure and then one further year from your resignation date.


ALISS account holders and users

When you activate an ALISS account you are consenting to us processing your information to administer your account.  We will request a username, name, e-mail address, postcode and phone number to do so.  You will also be required to provide a password, however, this will not be visible or accessible to ALISS and the ALLIANCE.

You may choose to provide additional information should you want to customise your account.

  • You can select preferences such as the postcode area you want to search, the types of activity you are interested in relevant to health and wellbeing services such as advocacy, foodbanks, mental health support, homelessness support, local and national services and money advice etc.
  • You can opt-in to get an e-mail digest provides you with notifications of new services that have been added or changes that have been made to services e.g. change of telephone number. These will be provided by e-mail.
  • You can ask ALISS to remember your postcode for future searches.
  • You can represent your organisation, and the services and locations linked to your organisation, which allows you to manage the information contained within these entries e.g. you can update the details.

When account holders or visitors search the ALISS website, either directly or via another website, we will collect your IP address, web browser, operating system, time of visit, pages visited, length of time on each page, referral site, flash version, network location, actual location (e.g. town) and search query.  This information is collected using Google Analytics and Mixpanel.  This allows us to identify popular and unsuccessful searches so that we may improve the service.

If you are logged in to ALISS then we will also collect your e-mail address and password (although your password is not visible or accessible to the ALLIANCE).

ALISS has a feedback function that allows users to feedback comments, complaints, report bugs and ask questions of ALISS.  All visitors to ALISS can you use this function and to do so you will have to provide us with your name and email address.

Personal information regarding the user account is kept for as long as the user account is active.  If you have registered for an ALISS account and no longer want to use it, you can request that all account information is deleted. Please note that once the request for the deletion is received all account information is deleted at the next available working day and no back up copy is made.

The ALISS website is hosted on Amazon webservices.

Heroku (Salesforce) is the proprietary software that provides the basis for all aspects of the ALISS website.

Amazon, Google, Heroku (Salesforce), Mixpanel Inc are all global organisations based in the USA and covered by the EU-US Privacy Shield.

Please read the full ALISS privacy policy (this link will take you away from our website)

Individuals referred to Community Link Practitioners (CLP)

The ALLIANCE has Community Links Practitioner in various locations in Glasgow.  These practitioners are employed by the ALLIANCE and are based in GP surgeries across Glasgow.

To perform their role, the Community Links Practitioner have access to medical records and are bound by data protection law and confidentiality agreements.

The CLP may keep the individuals’ telephone numbers on their mobile phone, identifiable by initials only.  There may be some personal information shared via text messages e.g. appointment information, and this information will be deleted as soon as no longer required.  The mobile phones are encrypted and password protected and are not shared with anyone else.  These are set to wipe information from the phones after 10 incorrect access attempts.

The GP practices via the CLPs, provide the ALLIANCE with the following information for monitoring and evaluation purposes:

  • Practice code
  • Gender
  • Referral route
  • Programme ID e.g. P1000. This is a unique code that is attached to each programme participant.  It is a code that is used only by the programme and only the CLP working with the individual is able to identify them from this code.
  • Referral reason

This is kept permanently as statistical information and shared with Scottish Government, NHS and others via reports.


The ALLIANCE may take photographs at events and workshops or for case studies, publications, website, social media, promotion or marketing purposes both printed and online.

If we are taking your photograph as part of a case study or campaign then we will require to have your consent prior to taking the shots.

If we are taking photos for a legitimate business reason e.g. as part of a large event, such as a conference or awards ceremony, and you do not wish to be photographed you will be advised in advance to notify the ALLIANCE that you do not want to be photographed.  You may also notify the ALLIANCE and photographer on the day of the activity, if you do not want to be photographed.  The ALLIANCE will ensure notification is openly displayed at any such event.

You may notify us at any point if you wish us to stop using your image, in which case it will not be used in any future publications but will continue to appear in publications and social media channels already in circulation.

The ALLIANCE will retain photographs for a maximum of 1 year unless they are published and then these will be kept permanently.

Self Management Network Scotland (SMNS)

Should you provide your consent to join the SMNS the ALLIANCE will require your name, email, organisation (if applicable), your role or how you would describe yourself, your membership type, which could be living with a long term condition(s), disability, unpaid carer, volunteer, professional etc., and the local authority area you work in.

This is to allow the ALLIANCE to determine what information you would be most interested in and what activity that you would be most like to hear about, and allow the ALLIANCE to provide you with suitable opportunities.

If you withdraw your consent, the ALLIANCE will remove your personal information from the SMNS database.

Self Management Awards

Self management awards are given to individuals and organisations.

If you consent to being nominated for a self management award, the ALLIANCE will require that an application form be completed providing the name of the person submitting the nomination, their job title and organisation, and contact email and phone number.  The ALLIANCE will also require the name of the nominee, their locality, their name as it should appear on the certificate and their contact details together with a short story describing why this person/organisation should receive an award and how they have made an impact on self management.

If an individual is nominated for an award the ALLIANCE will follow up with the individual to ensure that they have consented before publishing their information.

The application will be shared with the judging panel, who may comprise of former winners, Scottish Government representatives, representatives of member organisations and ALLIANCE partners who will be bound by data protection legislation.

The ALLIANCE will share the names of those nominated together with the short story on the ALLIANCE website and share via social media.

Shortlisted candidates and winners will have their names read out at the ALLIANCE awards ceremony including some information about them.  Winners will be widely promoted.

Published information will be kept permanently.

Self Management Fund

If you apply for a grant via the self management fund the ALLIANCE will collect and process the name and address of the organisation, the name of the employee who will act as the main contact and their telephone number and e-mail address.  This information will be used to perform due diligence whilst administering the fund, to contact you to support your application and to notify you whether you have been successful.

Whilst in most cases this information will relate to a business address, the ALLIANCE appreciates that some smaller organisations may use a home office and therefore the information collected will be an individual’s home address and contact details.

The information will be collected on the application form for the Fund which will either be submitted via email to or by post to the ALLIANCE head office.

Grant applications are considered by a Grant Allocation Panel (GAP) that comprises external individuals.  The GAP will be sent the proposed budget and project plan sections of the application forms; none of the personal data will be shared with them.

The names funded organisations together with sums received will be published on the ALLIANCE and Scottish Government websites and shared in reports and on other social media channels.

The ALLIANCE do not require case studies to be provided in monitoring and evaluation reports submitted by funded organisations.  Should a funded organisation choose to include a case study with their report, and if there is any identifiable personal information provided in the case study, the funded organisation is responsible for ensuring their compliance with GDPR and Data Protection Act by ensuring that they have obtained informed consent from the individual(s) highlighted.

The ALLIANCE stores monitoring reports on their secure drives and server and does not share this information further without obtaining further consent from the funded organisation and any individuals highlighted in case studies.

The ALLIANCE will keep the grant information for the duration of your grant and then for 6 years thereafter to comply with legislation.  Unsuccessful applications will be kept for one year after the completion of the grant process.

There may be some occasions where the ALLIANCE will approach funded organisations to create and obtain case studies for other use such as informing policy or for highlighting the impact of the Fund, in these instances the ALLIANCE will adhered to the case study procedure as detailed under ‘Participants in focus groups/research/campaigns’ in this policy.


Should you consent to take part in the You Can Make a Difference campaign, the ALLIANCE will require your name, email address and pledge stating how you can make a different and what barriers may prevent you from doing so.

The ALLIANCE will publish pledges on the website and share via social media.  Your name will be published with your pledge only if you have given explicit consent.

Published information will be kept permanently.

Other Contacts

If we are holding your personal information for legitimate business reasons e.g. if you are a media contact and we may wish to contact you to highlight ALLIANCE business, we will hold your information indefinitely and will check it annually for accuracy.  

Volunteers (except Board members)

When individuals consent to volunteer at the ALLIANCE we will use the information provided by you to process your application.  The information we collect is your name and contact details and for what type of role you are interested in volunteering.

If you are unsuccessful in finding a suitable volunteer role with the ALLIANCE, we will hold your personal information for 6 months from the date you applied and then it will be destroyed or deleted.

If you are successful, we will compile a file relating to your volunteering.  The information contained in this file will be kept secure and will only be used for purposes relevant to your volunteering.

Once you have ceased to volunteer with the ALLIANCE, we will retain the file for one year following the tax year you ceased to volunteer.

Board Members

To join the ALLIANCE board you must be a standard member of the ALLIANCE; the exception being if you are co-opted to the board due to your specific skill set.

When you volunteer to join the ALLIANCE board we will require some basic information from you including your name, membership number, position, organisation you work for, correspondence address and a short biography.

You will need to be nominated by someone within your organisation and we will therefore have to collect their name and position within your organisation.  This does not apply to co-opted board members.

If you are successful we will require to know your title, forename(s), surname, former name(s), country of residence, nationality, date of birth, business occupation, service address, residential address and role at ALLIANCE.  This information is required by Companies House.

Companies House will make public your name (former names), date of appointment, country of residence, nationality, date of birth, role and service address and, once you resign, your date of resignation.

The ALLIANCE will post your name and organisation on our website together with whether you are an office bearer and a co-opted board member.

We are required to keep a register of directors which your details will remain on for the duration of your tenure and then for 10 years further tax years following your resignation date.

Suppliers including consultants and contractors

For the performance of our contract with you, we will request details of suppliers’ names, addresses, mobile phone numbers and bank details.  While most of this information will relate to an organisation, there will be occasions where it is also the individuals’ home address and personal mobile number.

This information will be kept for 6 years following the tax year in which it was collected.

Finance including expenses

If you have chosen to attend a “charged for” activity and you have elected to be invoiced for the payment, we will require your postal address to issue the invoice.

If we have agreed to reimburse your associated travel and subsistence expenses, and you have chosen to be paid electronically, we will require your bank account name, sort code and account number.  If you have chosen to be paid by cheque, we will require your postal address.

This information will be kept for 6 years following the tax year in which it was collected.

Job Applicants, employees and former employees

When individuals apply to work at ALLIANCE, we will request your name, address, telephone number, e-mail address, recruitment history, education, referees, personal statement, whether you consider yourself to be disabled, your accessibility requirements, your right to work in the UK, whether you are registered with a PVG scheme, and whether you are facing any charges for offences or have a criminal record.  This information is required for the performance of the contract into which you are taking steps to enter.

We will also request that you complete an equal opportunity form which collects information on your gender, sexuality, age, employment status and ethnic origin.  This is not mandatory information; if you choose not to provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, including line managers.  We will use the information you supply to us to produce and monitor equal opportunities statistics.

If you have indicated that you consider yourself to be disabled, we will ask if you have any accessibility requirements in order that we can make any reasonable adjustments for your interview and, if you are the successful candidate for your employment.

Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing you beforehand, unless the disclosure is required by law.

Where we take up references, the information will be retained for only 2 weeks from the receipt of the reference.

Application forms may, on some occasions, be shared with external interviewers who are involved in short-listing candidates for interview and participating in interviews.

Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed and deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with the ALLIANCE, we will require to collect additional information for normal employment purposes. The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the ALLIANCE and protect our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.

Much of the information we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as Disclosure Scotland and the Home Office.

The sort of information we hold includes your application form, your contract of employment and any amendments to it; correspondence with or about you, for example letters to you about a pay rise or, at your request, a letter to your mortgage provider confirming your salary; information needed for payroll, benefits and expenses purposes; contact and emergency contact details; records of holiday, sickness and other absence; information needed for equal opportunities monitoring policy; and records relating to your career history, such as your qualifications, training records, appraisals, other performance measures and, where appropriate, disciplinary and grievance records.

We are also required to obtain evidence of your right to work in the UK and this evidence must be retained for the duration of your employment and for 2 years after.  This information includes copies of your passport, visas, status under EU settlement scheme, biometric residence cards or permits and checks undertaken on the government “prove your right to work” tool.  This must be provided prior to your start date.

We will also take your photograph which may be published on our website together with your job title and short biography.

You will, of course, inevitably be referred to in many ALLIANCE documents and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the ALLIANCE.

Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and ALLIANCE sick pay.

Where we process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is not required by law or the information is required to protect your health in an emergency. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.

Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to our external payroll provider (SCVO), pension (TPT Retirement) or childcare voucher schemes (Enjoy Benefits) or the Home Office.

We will also provide information in response to reference requests to third parties, to whom you have provided your consent.

Your personal data will be stored for the entirety of your employment and for a further six tax years to comply with financial and legal requirements.

If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.


Last Reviewed July 2021