Information Charter and Privacy Notice.
This Information Charter sets out how we look after the information that we hold about you, how you can access it, and how we comply with the Data Protection Act 1998 (DPA), Freedom of Information (Scotland) Act 2002 (FoI) and Part 3 of the Revenue Scotland and Tax Powers Act 2014 (RSTPA) - which is about protecting tax payers information. Revenue Scotland holds both personal and non-personal information (data) which are critical to the exercise of our primary function to manage and collect devolved taxes.
In line with the HMG Security Framework requirements for appropriate security governance structure, Revenue Scotland has both a Senior Information Risk Owner (SIRO) and an Information Asset Owner (IAO). The SIRO [Head of Corporate Services] role is to ensure information security policies and procedures are fit for purpose and are reviewed and implemented across all of Revenue Scotland’s business functions. These policies and procedures aim to ensure that the requirements of confidentiality, integrity and availability are maintained.
The Information Asset Owner role is to understand what information is held by Revenue Scotland, what is added and what is removed and who has access and why – providing assurance to the SIRO and ensuring that the information is fully used within the law for the public good.
All Revenue Scotland staff and contractors are trained in and are aware of their responsibilities as set out in these policies.
Privacy Notice – How we process your personal information
Any personal information provided to us will only be used to discharge our statutory functions under the RSTPA and other relevant legislation, maintain our accounts and records and to support and manage our staff. We will only use information for those purposes, but we will share it with others for other purposes where legal and justifiable. The RSTPA is more fully described in our guidance.
At Revenue Scotland we manage, maintain and protect all information according to the requirements of the DPA and other legislation, notably the RSTPA. We also adhere to our own information policies and government best practice.
In certain circumstances we may process your personal information without your consent, and/or we may restrict your access to the information we hold about you. Such circumstances would only arise in relation to our statutory obligations (for example when we are working with the police to investigate tax fraud). In these circumstances there are exemptions from the DPA.
When we ask you for personal information, we undertake:
- to make sure you know why we need it
- to only ask for what we need and not to collect too much or irrelevant information
- to protect it and make sure nobody has access to it who shouldn’t
- to only share it with other organisations when the law allows
- to make sure we don’t keep it longer than necessary
- not to make it available for commercial use.
In return, we ask you to:
- give us accurate information
- where relevant, tell us as soon as possible if there are any relevant changes to the information that you have provided
This helps us keep your information reliable and up to date.
Why do we process personal information?
As the independent tax authority, we process personal information to: enable us to collect and manage the devolved taxes in Scotland, as per the RSTPA; maintain our accounts and records; and to support and manage our staff.
Who we process information about
We process a range of personal information concerning: taxpayers (including private individuals, their representatives, and sole traders); our employees; suppliers; and service providers.
Our commitment to keeping your information secure
Revenue Scotland recognises and respects the need to keep your information safe and secure. We have in place a range of technical and organisational security measures which are in accordance with Government standards and relevant legislation. These are aimed at maintaining and safeguarding the confidentiality, integrity and availability of our systems and the information we hold.
Any personal information collected by Revenue Scotland will also only be kept for as long as needed. Revenue Scotland operates a Data Retention, Storage, and Disposal Policy to ensure that information is not kept for any longer than necessary and is disposed of in a secure manner, in accordance with the principles of the DPA.
Who do we share information with?
We may sometimes share your personal information with other organisations. This includes our suppliers and service providers (including our IT supplier and debt collection and tracing agencies) as well as public sector bodies such as HM Revenue & Customs, the Registers of Scotland, the Scottish Environment Protection Agency, Audit Scotland, the Scottish Public Services Ombudsman, the Scottish Tax Tribunal or Police Scotland. We can be ordered to share data by some of these bodies, such as Police Scotland and the Crown Office and Procurator Fiscal Service. In other cases the requirement or permission to share data is specified in legislation.
All sharing occurs only in clearly defined circumstances and within the legislative bounds set by the RSTPA and the DPA. Information disclosed will be proportionate, relevant and appropriate for the purpose it is being shared for and will be transferred in a secure manner, making it available to authorised users only.
It may sometimes be necessary to transfer personal information overseas, for example if our IT provider is based outwith the UK or for international tax compliance. Any transfers made will be in full compliance with all aspects of the DPA.
How to Request Personal Information – Subject Access Requests
The DPA gives you the right to know what information is held about you, and sets out rules to make sure that this information is handled properly.
All requests from members of the public, including taxpayers and our staff, for access to their personal information held by Revenue Scotland should be made by sending a completed Subject Access Request form to:
PO Box 24068
Or alternatively by email, to: email@example.com
We will action your request within 40 days of receiving the completed form along with proof of ID - original proof of your identity bearing your name i.e. passport, driving licence, birth certificate (or certificated copy) or at least 2 official letters such as from a utility company.
Please note that you do not have to complete the form to make a Subject Access Request (SAR). You can make a request in writing, however, completion of the form can assist in gathering all necessary information to aid the processing of your request.
Each request will be considered on its own merits. If you have any issues or queries please contact Revenue Scotland at the above address/email.
Revenue Scotland is required to register with the UK Information Commissioner, responsible for the protection of personal information across the UK. A copy of Revenue Scotland’s notification, which sets out in more detail the types of personal information processed, who the information is processed about and whom it is shared with, can be found on the Information Commissioner’s website.
Contact Information and Independent advice
PO Box 24068
Or alternatively by email, to: firstname.lastname@example.org
For independent advice about making a subject access request and/or information protection, privacy and wider information-sharing issues, you can contact the UK Information Commissioner at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Phone: 0303 123 1113, website: https://ico.org.uk
Publication of and access to non-personal information
As an open and transparent organisation, we are committed to making much of our information (data) publicly available on the Revenue Scotland website at www.revenue.scot.
Public reporting of information by Revenue Scotland will be in accordance with the following principles:
a. Protection of confidential taxpayer information
Revenue Scotland will apply statistical disclosure control (a series of techniques to reduce the risk of re-identification via linkage with other data and/or deduction) to all data (including that in aggregate form) which will be published or shared (unless there is a Data Sharing Agreement in place for provision of personal data).
b. Transparency and accessibility
Revenue Scotland will not charge for data or analysis. Aggregate statistics will be published on-line, under Open Government License, in a format that makes the information easily discoverable, accessible, and re-usable.
c. Impartiality and objectivity
Revenue Scotland will publish regular reports according to a published timetable. All statistics will be presented impartially and objectively and will be published according to schedule in a manner that will enhance public trust in the impartiality and objectivity of the reporting.
Quality statements for all data sources will be developed which will set out the provenance of the data and the risks to error at each stage and mitigating actions. Published data will be labelled as ‘provisional’ and revised according to a schedule to reflect the right of taxpayers to amend returns and allow for most processes to complete. Errors to published figures will be corrected as soon as possible following identification and clearly noted in the corrected version. Snapshots of the data warehouse used for analysis and reporting will be saved to allow for all analysis to be rerun and the same results produced for up to 5 years.
e. Co-ordination and consistency
Management, use and reporting of Management and Financial Information will be co-ordinated and consistent with each other, and Revenue Scotland reporting will be co-ordinated and consistent with reporting of similar information by other organisations.
If you are an organisation seeking Revenue Scotland information which is not publically available, please email us at email@example.com.
Freedom of Information (Scotland) Act 2002 and Environmental Information (Scotland) Regulations 2004.
Revenue Scotland’s commitment to transparency is further reflected in our approach to handling requests for information under the Freedom of Information (Scotland) Act 2002 (FOISA) and the Environmental Information (Scotland) Regulations 2004 (EIRs) – hereafter both are referred to as the “FoI”.
How to make an FoI request
Freedom of Information requests should be made in writing (which includes email).
Requests for environmental information can be made in writing or orally.
Please ensure you provide your name, an address for correspondence (which could be email), and if possible a telephone number.
You can contact us:
By email: firstname.lastname@example.org
PO Box 24068
How you should word your request
Please be specific about the information that you are looking for - it helps us to identify what you require and answer your request more promptly. For example, does a specific date or time period apply? Are there any references you can give that will help us to identify the information - such as the names of a particular working group or task force? How did you find out about the topic or information you are seeking?
While you do not have to explain why you want the information, if you are happy to do this it may help us to answer your request.
The Scottish Information Commissioner’s Tips for requesting information under FOI and the EIRs provide simple advice to help you make the most of your right to request information.
Will there be a fee?
Revenue Scotland does not charge for making requests or for providing information under Freedom of Information or the Environmental Information Regulations, but we will refuse to deal with a request where we estimate that it will cost more than £600 to locate, retrieve and provide the information.
If you can be as precise as possible about the information you are seeking, it will help to keep your request within this cost limit. Requests for specific information are less likely to exceed this cost limit and can be answered much more quickly than requests for 'all information' on a subject.
The Scottish Freedom of Information Act does not allow public authorities to extend the 20 working day deadline to provide a response, however if a request is complex or involves large amounts of information, meeting this deadline may not always be possible. The Environmental Information Regulations provide the same deadline, but does allow us to extend this to up to 40 working days if a request is complex or involves large amounts of information.
We will aim to respond to your FoI request within 20 working days. Our response will always advise you who you should contact to request that we carry out an internal review of our response. Tell us why you are unhappy with our response within 40 working days, and it will be looked at afresh. We will aim to provide you with our review response within 20 working days.
If you remain unhappy with our response, you then have the right to appeal to the Scottish Information Commissioner. You should keep copies of all the correspondence you have had with us, as if you decide to appeal to the Scottish Information Commissioner you will be asked to provide these.
Visitors to our website
Cookies, Internet Protocol (IP) addresses and web statistics
Cookies are detailed in the table below along with more information about why Revenue Scotland uses them and how long they will remain on your computer:
|_gat||2014-10-24||Used to create and retrieve tracker objects|
|has_js||-||Drupal session cookie|
|_ga||2015-10-23||The _ga cookie is part of Google analytics, and is used to distinguish users|
|respimg_ratio and respimg||2014-10-25||Used for handling responsive layout|
An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet. Revenue Scotland use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to the site, and to administer and improve the site. IP addresses are also recorded and used for possible forensic or system security purposes.
Revenue Scotland use log files generated by the web servers to analyse site usage and statistics. Log file analysis helps Revenue Scotland to understand usage patterns on the website and to make improvements to the service.
The following cookies are used:
- Load Balancing Cookies (to allow distributing the processing of web server requests over a pool of machines instead of just one);
- Authentication Cookies (to identify the user once he has logged in);
- Identity Management Cookies (a cookie which allows an identified client to be directed to the server where the session is available);
- Application Cookies (to manage the session whilst active)
|Name||Technical Description||Short Description|
|NSC_JOowxe4vc0rw3qxcdnntzwdfxb5mbcM||When HTTP cookie persistence is configured, the NetScaler appliance sets a cookie in the HTTP headers of the initial client request. The cookie contains the IP address and port of the service selected by the load balancing algorithm. As with any HTTP connection, the client then includes that cookie with any subsequent requests.
When the NetScaler appliance detects the cookie, it forwards the request to the service IP and port in the cookie, maintaining persistence for the connection. You can use this type of persistence with virtual servers of type HTTP or HTTPS. This persistence type does not consume any NetScaler resources and therefore can accommodate an unlimited number of persistent clients.
|Load Balancer Session Stickiness|
|AMAuthCookie||The cookie named "AMAuthCookie" is set when accessing the login form without being
authenticated. Once the authentication is performed, the session cookie named "iPlanetDirectoryPro"
contains exactly the same value that the cookie "AMAuthCookie" had.
|amlbcookie||This cookie defines the server where the session is being maintained (i.e. amlbcookie=02) and is used by load balancers to maintain client stickiness with that server. The amlbcookie allows a client to be directed to the server where the session is available.||Identity Management Session Stickiness|
|JSESSIONID||In Java J2EE application container is responsible for Session management and by default uses Cookie. When a user first time access your web application, session is created based upon whether its accessing HTML, JSP or Servlet.||Application Session Stickiness|
|iPlanetDirectoryPro||Sessions are identified using a unique token called SSOTokenID. This token contains the information necessary to locate the session on the server where it is currently being maintained. The entire value of the iPlanetDirectoryPro cookie is the SSOTokenID.||Identity Management Session Stickiness|
© Crown Copyright
You may use and re-use the information featured on this website (not including logos) free of charge in any format or medium, under the terms of the Open Government License v 3.0 (Opens in new window). Any enquiries regarding the use and re-use of this information resource should be sent by email.
Copyright and intellectual property rights
The names, images and logos identifying Revenue Scotland are proprietary marks of the Scottish Government. Copying Revenue Scotland logos and/or any other third party logos accessed through this site is not permitted without prior approval from the relevant copyright owner. Revenue Scotland does not approve, accredit or endorse tax agents or allow them to use Revenue Scotland logos in their advertising.
Requests for permission to use Revenue Scotland logos should be emailed to Revenue Scotland Communications Department.
Linking to Revenue Scotland website
You do not have to ask permission to link directly to pages hosted on this site. We do not object to you linking directly to the information that is hosted on our site. However, we do not permit our pages to be loaded into frames on your site. Revenue Scotland pages must load into the user's entire window.
Links to other websites
This site contains links and references to other websites. These legal notices do not apply to those websites.
The devolved taxes are self-assessed taxes and, whilst every effort has been made to ensure that content on this website is reliable, including guidance and calculator functionality, Revenue Scotland does not accept liability for reliance by taxpayers or agents.
Notification of changes
If we decide to change our information charter, we will post those changes to this website, and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. This privacy notice was last updated on 13 May 2015.
How will Revenue Scotland use your email address provided at Sign Up for the online portal?
In addition to the details set out above, as part of sign up, Revenue Scotland requires a valid email address to be taken. This email address will be used in line with our security policies to provide part of the verification of you as a user. This will also be used to allow you to retrieve password and usernames if they are lost. Revenue Scotland will not use this email address for any communication regarding specific taxpayers or cases.