Legal Notices

A guide to what information we hold and how you can access it.

Using your personal information

Revenue Scotland hold information about a range of individuals and organisations to support us in collecting and administering tax, maintaining our accounts and running our office.

The information below explains;

  • whose information we hold

  • how you can access information we hold about you

  • how you can access non-personal information

  • how we keep it safe and

  • who we share it with and why

Whose information?

We hold information about;

  • a person or persons buying a property

  • a person or persons selling a property

  • a solicitor representing a buyer or buyers

  • a landfill operator

  • a solicitor representing a landfill operator

  • non-registered landfill sites

  • waste producers

  • current and previous employees and

  • suppliers we work with

We also hold personal details of anyone who has chosen to sign up to our mailing list to receive news, business and event updates from Revenue Scotland. Recipients can opt out of this at any time by sending an email to

What information?

If you have purchased property or land we will hold the following information;

  • full name

  • previous address

  • current address

  • telephone number

  • national insurance number

  • solicitor’s name

  • solicitor’s email, postal address and phone number

If you have also reclaimed the Additional Dwelling Supplement (ADS) we will hold the details of the bank account which you requested the payment be sent to.

If you have sold a property or land we will hold the following information;

  • full name

  • current address

  • address of property you have sold

If you operate a landfill site we will hold the following information;

  • full name

  • business address

  • solicitor’s name (if applicable)

  • solicitor’s email, postal address and phone number (if applicable)

Why do we need this information?

We need information about you to ensure you have paid the correct amount of tax. Having all these details allows us to check this thoroughly and, if there are any issues, it also enables us to contact you or your solicitor. We will only ever ask you for relevant information we need to help us process your tax return.

If for any reason we have not received your tax return on time, it has not been paid in full by the due date or if we decide to open an enquiry into your tax return, Scottish tax legislation (Revenue Scotland and Tax Powers Act 2014) states that we must send the correspondence directly to the you, rather than your solicitor.

We keep hold of this information for a maximum of 20 years after receiving your tax return in case you have a query about your return or claim for repayment, make an appeal against the amount of tax you have paid, if we want to open an enquiry, make an assessment or if we have to show it as evidence at a tax tribunal. We will never keep your information longer than necessary.

How can I access my information?

You can request to see all the personal information we hold about you by sending a Subject Access Request (SAR) Form to or to our postal address;

PO Box 24068

Victoria Quay



Filling out the SAR form will help us get all the information we need to process your request successfully first time but if you would prefer to write us a letter or email, please feel free to do so.

Each request will be considered on its own merits. If you have any issues or queries please contact us at, the address above or 03000200310.

How can I access general information?

You can request to see any information you think Revenue Scotland might hold that does not contain someone else’s personal data. This is your right under the Freedom of Information (Scotland) Act 2002 (FOI), the Environmental Information (Scotland) Regulations 2004 (EIR) and the Re-use of Public Sector Information Regulations 2015.

Please visit our FOI page for more details.

How do we keep your information safe?

We are committed to keeping your information secure. We do this through implementing policies, procedures, systems and staff training programmes to keep your information safe.

In line with the Government Security Framework, Revenue Scotland has both a Senior Information Risk Owner (SIRO) and Information Asset Owners (IAOs). The SIRO [Head of Strategy and Corporate Functions] role is to ensure information security policies and procedures are fit for purpose and are reviewed and implemented across all of Revenue Scotland’s business functions. These policies and procedures aim to ensure that the requirements of confidentiality, integrity and availability are maintained.

The Information Asset Owner role is to understand what information is held by Revenue Scotland, what is added and what is removed and who has access and why – providing assurance to the SIRO and ensuring that the information is fully used within the law for the public good.

Any personal information collected by Revenue Scotland will only be kept for as long as needed. We operate a Data Retention, Storage, and Disposal Policy to make sure information is not kept for any longer than necessary and is disposed of in a secure manner, in accordance with the principles of the General Data Protection Regulations.

Who do we share your information with?

We may sometimes share your personal information with other organisations, for example, our suppliers and service providers (including our IT supplier and debt collection and tracing agencies) as well as public sector bodies such as HM Revenue & Customs, the Registers of Scotland, the Scottish Environment Protection Agency, Audit Scotland, the Scottish Public Services Ombudsman, the Scottish Tribunals or Police Scotland. We can be ordered to share information by some of these bodies, such as Police Scotland and the Crown Office and Procurator Fiscal Service. In other cases the requirement or permission to share data is specified in legislation.

We will never sell your personal information to commercial companies.

All sharing occurs only in clearly defined circumstances and within the legislative bounds set by the RSTPA, the GDPR and other relevant legislation. Information disclosed will be proportionate, relevant and appropriate for the purpose it is being shared for and will be transferred in a secure manner, making it available to authorised users only.

It may sometimes be necessary to transfer personal information overseas, for example if our IT provider is based out with the UK or for international tax compliance. Any transfers made will be in full compliance with all aspects of the GDPR.

Further information

Revenue Scotland is registered with the UK Information Commissioner, responsible for the protection of personal information across the UK. A copy of Revenue Scotland’s notification, which explains in more detail the types of personal information processed, who the information is processed about and whom it is shared with, can be found on the Information Commissioner’s (ICO) website. The ICO can also provide you with independent advice about your information.

Publication of non-personal information

As an open and transparent organisation, we are committed to making much of our information (data) publicly available on the Revenue Scotland website.  Our statistics are published as Official Statistics, providing assurance that we adhere to the Code of Practice for Official Statistics.

Public reporting of information by Revenue Scotland will be in accordance with the following principles:

a.   Protection of confidential taxpayer information

Revenue Scotland will apply statistical disclosure control techniques to protect taxpayer information for all statistical data (including that in aggregate form) which will be published.

b.   Transparency and accessibility

Revenue Scotland will not charge for data or analysis. Aggregate statistics will be published on-line, under Open Government License, in a format that makes the information easily discoverable, accessible, and re-usable.

c.   Impartiality and objectivity

Revenue Scotland will publish regular reports according to a published timetable. All statistics will be presented impartially and objectively and will be published according to schedule in a manner that will enhance public trust in the impartiality and objectivity of the reporting.

d.   Quality

Quality statements for all data sources will be developed which will set out the provenance of the data and the risks to error at each stage and mitigating actions. Published data will be labeled as ‘provisional’ and revised according to a schedule to reflect the right of taxpayers to amend returns and allow for most processes to complete. Errors to published figures will be corrected as soon as possible following identification and clearly noted in the corrected version. Snapshots of the data warehouse used for analysis and reporting will be saved to allow for all analysis to be rerun and the same results produced for up to 5 years.

e.   Co-ordination and consistency

Management, use and reporting of Management and Financial Information will be co-ordinated and consistent with each other, and Revenue Scotland reporting will be co-ordinated and consistent with reporting of similar information by other organisations.

All of our published statistical information is available on the Statistics section of our website.

If you are an organisation seeking Revenue Scotland information which is not publicly available, please email us at

Visitors to our website

Cookies, Internet Protocol (IP) addresses and web statistics

Information is sometimes gathered without you actively providing it, through the use of cookies, Internet Protocol (IP) addresses and web statistics. These methods do not collect or store personal information or protected taxpayer information.

Cookies provide information regarding the computer used by a visitor and provide information such as number of visitors, how frequently pages are viewed, and the city and country of origin of users. Revenue Scotland may use cookies to gather information about your computer in order to assist in improving our website. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive.

You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the “settings” section of your computer. For more information please read the advice at or

Cookies are detailed in the table below along with more information about why Revenue Scotland uses them and how long they will remain on your computer:

Cookie Expiry Period Description
_gat 2014-10-24 Used to create and retrieve tracker objects
has_js - Drupal session cookie
_ga 2015-10-23 The _ga cookie is part of Google analytics, and is used to distinguish users
respimg_ratio and respimg 2014-10-25 Used for handling responsive layout

An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet. Revenue Scotland use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to the site, and to administer and improve the site.

IP addresses are also recorded and used for possible forensic or system security purposes.

Revenue Scotland use log files generated by the web servers to analyse site usage and statistics.

Log file analysis helps Revenue Scotland to understand usage patterns on the website and to make improvements to the service.

Use of Cookies on SETS

The Scottish Electronic Tax System (SETS) uses cookies which are active during each session. This means that cookies are set at the beginning of a session and become redundant when the session ends. SETS does not use any third party cookies and the use of cookies is restricted to only those areas strictly necessary for the functioning of SETS.

The following cookies are used:

  • Load Balancing Cookies (to allow distributing the processing of web server requests over a pool of machines instead of just one);

  • Authentication Cookies (to identify the user once he has logged in);

  • Identity Management Cookies (a cookie which allows an identified client to be directed to the server where the session is available);

  • Application Cookies (to manage the session whilst active)

Name Technical Description Short Description
NSC_JOowxe4vc0rw3qxcdnntzwdfxb5mbcM When HTTP cookie persistence is configured, the NetScaler appliance sets a cookie in the HTTP headers of the initial client request. The cookie contains the IP address and port of the service selected by the load balancing algorithm. As with any HTTP connection, the client then includes that cookie with any subsequent requests.

When the NetScaler appliance detects the cookie, it forwards the request to the service IP and port in the cookie, maintaining persistence for the connection. You can use this type of persistence with virtual servers of type HTTP or HTTPS. This persistence type does not consume any NetScaler resources and therefore can accommodate an unlimited number of persistent clients.
Load Balancer Session Stickiness
AMAuthCookie The cookie named "AMAuthCookie" is set when accessing the login form without being

authenticated. Once the authentication is performed, the session cookie named "iPlanetDirectoryPro"

contains exactly the same value that the cookie "AMAuthCookie" had.
amlbcookie This cookie defines the server where the session is being maintained (i.e. amlbcookie=02) and is used by load balancers to maintain client stickiness with that server. The amlbcookie allows a client to be directed to the server where the session is available. Identity Management Session Stickiness
JSESSIONID In Java J2EE application container is responsible for Session management and by default uses Cookie. When a user first time access your web application, session is created based upon whether its accessing HTML, JSP or Servlet. Application Session Stickiness
iPlanetDirectoryPro Sessions are identified using a unique token called SSOTokenID. This token contains the information necessary to locate the session on the server where it is currently being maintained.  The entire value of the iPlanetDirectoryPro cookie is the SSOTokenID. Identity Management Session Stickiness

Intellectual Property

© Crown Copyright

You may use and re-use the information featured on this website (not including logos) free of charge in any format or medium, under the terms of the Open Government License v 3.0 (Opens in new window). Any enquiries regarding the use and re-use of this information resource should be sent by email.

Copyright and intellectual property rights

The names, images and logos identifying Revenue Scotland are proprietary marks of the Scottish Government. Copying Revenue Scotland logos and/or any other third party logos accessed through this site is not permitted without prior approval from the relevant copyright owner. Revenue Scotland does not approve, accredit or endorse tax agents or allow them to use Revenue Scotland logos in their advertising.

Requests for permission to use Revenue Scotland logos should be emailed to Revenue Scotland Communications Department.


Linking to Revenue Scotland website

You do not have to ask permission to link directly to pages hosted on this site. We do not object to you linking directly to the information that is hosted on our site. However, we do not permit our pages to be loaded into frames on your site. Revenue Scotland pages must load into the user's entire window.

Links to other websites

This site contains links and references to other websites. These legal notices do not apply to those websites.


The devolved taxes are self-assessed taxes and, whilst every effort has been made to ensure that content on this website is reliable, including guidance and calculator functionality, Revenue Scotland does not accept liability for reliance by taxpayers or agents.

Notification of changes

If we decide to change our information charter, we will post those changes to this website, and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. This privacy notice was last updated on 31 May 2018.

How will Revenue Scotland use your email address provided at Sign Up for the online portal?

In addition to the details set out above, as part of sign up, Revenue Scotland requires a valid email address to be taken. This email address will be used in line with our security policies to provide part of the verification of you as a user. This will also be used to allow you to retrieve password and usernames if they are lost. Revenue Scotland will not use this email address for any communication regarding specific ‎taxpayers or cases.

Last updated: 
3 January 2019


Updated date: 2018-05-31 14:44
Version ID: 2083
Updated date: 2018-05-30 15:05
Version ID: 2079
Updated date: 2018-05-24 14:49
Version ID: 2068
Updated date: 2018-05-24 13:00
Version ID: 2064
Updated date: 2018-02-26 14:15
Version ID: 1659
Updated date: 2015-06-03 10:06
Version ID: 511
Security check. Please answer this simple maths problem. E.g. for 1+3, enter 4
1 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.