General information about the data protection principles and your rights can be found in the Scottish Courts and Tribunals Service privacy notice, available here.
Information about how the Scottish Sentencing Council processes personal data is as follows:
What is being processed?
The Scottish Sentencing Council was established in 2015 under the Criminal Justice and Licensing (Scotland) Act 2010. It is an advisory body with statutory objectives to promote consistency in sentencing practice, assist the development of policy in relation to sentencing, and promote greater awareness and understanding of sentencing policy and practice. The Council’s responsibilities include preparing sentencing guidelines for the courts, publishing guideline judgments issued by the courts, and publishing information about sentences handed down by the courts. The Council has broad powers to enable it to carry out its functions, including to publish information about sentencing, carry out research about sentencing, and provide general advice or guidance in this area.
The Scottish Courts and Tribunals Service has a statutory obligation under section 62 of the Judiciary and Courts (Scotland) Act 2008 and The Scottish Courts and Tribunals Service (Administrative Support) (Specified Persons) Order 2015 to provide, or ensure the provision of, the property, services and staff required for the purposes of the Council.
The Council processes a limited amount of personal data. In particular, such data may be contained in:
- Correspondence sent to the Council;
- Responses to consultation exercises carried out by the Council;
- Contact details for members of the Council; advisors to committees; those who have expressed an interest in working with or for the Council; and staff; and
- Contact details for organisations or individuals the Council requires to correspond with as part of its work.
Information on user anonymity for use of the Scottish Sentencing Council website can be found further down this page under Website Privacy.
Why are we processing this information?
Processing of this information is “necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller” in terms of Article 6(1)(e) of the UK General Data Protection Regulation (“GDPR”). In order to carry out its functions, the Council requires the ability to:
- Respond to correspondence and requests for advice or information received from individuals and to retain such information for a reasonable period of time in order to inform the Council’s work;
- Carry out consultation exercises, particularly with regard to the development of sentencing guidelines;
- Contact its own members, committee advisors, or staff, or those who have expressed an interest in working with or for the Council; and
- Contact interested organisations and individuals to discuss the development of sentencing guidelines or other aspects of the Council’s work.
How will my personal data be retained?
The Council retains personal data as follows:
- Routine correspondence containing personal data will be securely destroyed after 5 years.
- Personal data contained in policy development documentation will be securely destroyed after 5 years.
- Any consultation responses which we do not have permission to publish will be securely destroyed 6 months after the High Court has approved the relevant guideline. Where we have permission to publish a response, non-published personal data will be securely destroyed 6 months after the High Court has approved the relevant guideline.
- Personal data relating to Council staff will be securely destroyed at the end of their period in post.
- In relation to the membership of the Council:
o Members’ personal information will be destroyed at the end of their term (members cannot sit for more than one term).
o Expressions of interest for Council membership will be destroyed following the next recruitment round to the relevant position on the Council.
o Expressions of interest made by individuals in their personal capacity in working with the Council in any other capacity will be destroyed after one year.
- Personal data relating to advisors appointed to any of the Council’s committees will be securely destroyed at the end of their period of appointment.
What categories of personal data are you processing?
The Council does not currently actively seek to process any of the special categories of personal data (e.g. race/ethnicity, trade union membership, genetic data, biometric data), but it is possible that unsolicited correspondence or consultation responses may include special category data. If relevant to the work of the Council, this will be processed under Article 9(1)(g) of UK GDPR: “processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject”.
Special category data which is not relevant to the work of the Council will not be retained.
Where do you get my personal data from?
Personal data is gathered directly from the individuals in question or, in the case of maintaining contact details for interested individuals or organisations, it may be gathered from other organisations or publicly available sources.
Do you share my personal data with anyone else?
Personal data is not routinely shared with anyone other than Council members and the Council’s secretariat and access controls are in place to ensure that only those with a need to access information do so. We may share personal data with third party analysts for the sole purpose of analysing and reporting on consultation responses. Any such arrangements will be covered by data protection compliant contracts.
Do you transfer my personal data to other countries?
Do you use automated decision making or profiling? If so, how do you use my personal data to make decisions about me?
User anonymity and personal information
Log files are maintained and analysed of all requests for files on this website's web servers. Log files do not capture personal information but do capture the user's IP address, which is automatically recognised by our web servers.
Aggregated analysis of these log files is used to monitor website usage. These analyses may be made available to the Scottish Sentencing Council (and other Scottish Courts and Tribunals Service staff) to allow them to measure, for example, overall popularity of the site and typical user paths through the site.
Except as stated already, no attempt will be made to identify individual users. You should be aware, however, that access to web pages will generally create log entries in the systems of your ISP or network service provider. These entities may be in a position to identify the client computer equipment used to access a page. Such monitoring would be done by the provider of network services and is beyond the responsibility or control of the Council or the Scottish Courts and Tribunals Service.
We will make no attempt to track or identify individual users, except where there is a reasonable suspicion that unauthorised access to systems is being attempted. In the case of all users, we reserve the right to attempt to identify and track any individual who is reasonably suspected of trying to gain unauthorised access to computer systems or resources operating as part of our web services.
As a condition of use of this site, all users must give permission to use access logs to attempt to track users who are reasonably suspected of gaining, or attempting to gain, unauthorised access.
All log file information collected by us is kept secure and no access to raw log files is given to any third party.