General information about the data protection principles and your rights can be found in the Scottish Courts and Tribunals Service privacy notice, available here.
Information about how the Scottish Sentencing Council processes personal data is as follows:
What is being processed?
The Scottish Sentencing Council was established in 2015 under the Criminal Justice and Licensing (Scotland) Act 2010. It is an advisory body with statutory objectives to promote consistency in sentencing practice, assist the development of policy in relation to sentencing, and promote greater awareness and understanding of sentencing policy and practice. The Council’s responsibilities include preparing sentencing guidelines for the courts, publishing guideline judgments issued by the courts, and publishing information about sentences handed down by the courts. The Council has broad powers to enable it to carry out its functions, including to publish information about sentencing, carry out research about sentencing, and provide general advice or guidance in this area.
The Scottish Courts and Tribunals Service has a statutory obligation under section 62 of the Judiciary and Courts (Scotland) Act 2008 and The Scottish Courts and Tribunals Service (Administrative Support) (Specified Persons) Order 2015 to provide, or ensure the provision of, the property, services and staff required for the purposes of the Council.
The Council processes a limited amount of personal data. In particular, such data may be contained in:
- Correspondence sent to the Council;
- Responses to consultation exercises carried out by the Council;
- Contact details for members of the Council, those who have applied for membership of the Council, and staff; and
- Contact details for organisations or individuals the Council requires to correspond with as part of its work.
Information on user anonymity for use of the Scottish Sentencing Council website is available separately at https://www.scottishsentencingcouncil.org.uk/privacy/website-privacy.
Why are we processing this information?
Processing of this information is “necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller” in terms of Article 6(1)(e) of the GDPR. In order to carry out its functions, the Council requires the ability to:
- Respond to correspondence and requests for advice or information received from individuals and to retain such information for a reasonable period of time in order to inform the Council’s work;
- Carry out consultation exercises, particularly with regard to the development of sentencing guidelines;
- Contact its own members or staff, or those who have applied for membership; and
- Contact interested organisations and individuals to discuss the development of sentencing guidelines or other aspects of the Council’s work.
How will my personal data be retained?
The Council retains personal data as follows:
- Any correspondence containing personal data will be securely destroyed after 5 years.
- Any policy development documents containing personal data will be securely destroyed after 5 years.
- Personal data relating to Council staff will be securely destroyed at the end of their period in post.
- In relation to the membership of the Council:
- Information relating to unsuccessful applicants deemed not appointable will be securely destroyed 90 days after appointment of the successful applicant.
- Information relating to unsuccessful applicants deemed appointable will be securely destroyed 12 months after the appointment of the successful candidate.
- The successful applicant’s information will be destroyed at the end of their term (members cannot sit for more than one term).
- Expressions of interest for Council membership will be destroyed following the next recruitment round to the relevant position on the Council.
- Expressions of interest to work with the Council in another capacity will be destroyed after one year.
What categories of personal data are you processing?
The Council does not currently actively seek to process any of the special categories of personal data (e.g. race/ethnicity, trade union membership, genetic data, biometric data), but it is possible that unsolicited correspondence or consultation responses may include special category data. If relevant to the work of the Council, this will be processed under Article 9(1)(g) of GDPR: “processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject”.
Special category data which is not relevant to the work of the Council will not be retained.
Where do you get my personal data from?
Personal data is gathered directly from the individuals in question or, in the case of maintaining contact details for interested individuals or organisations, it may be gathered from other organisations or publicly available sources.
Do you share my personal data with anyone else?
Personal data is not routinely shared with anyone other than Council Members and the Council Secretariat and access controls are in place to ensure that only those with a need to access information do so.
Do you transfer my personal data to other countries?
Do you use automated decision making or profiling? If so, how do you use my personal data to make decisions about me?