Privacy


Here we explain what personal information we collect, why we collect it and what we do with it.

We also explain your rights in respect of your own personal information.

Watch a short guide to how we process personal data:

Controller's contact details

Registers of Scotland is the controller for the personal data we process, unless otherwise stated.

There are many ways you can contact us including on our website, by email and by phone. Please view our contact us page for more details.

Contacting our Data Protection Officer

As a public body, we have appointed a Data Protection Officer whose role includes advising and assisting individuals whose personal we collect and use. You can contact the RoS Data Protection Officer at any time to raise any query or concern you have in respect of how RoS uses your personal information by emailing dataprotection@ros.gov.uk.

Your rights

Data protection legislation gives you rights, which we are required to help you exercise, should you wish to. These are summarised in the table below.

In all cases, some information, such as that held on public registers, will not be covered. If you wish to access information from public registers you should do this through the appropriate mechanism for the particular register and, if necessary, pay the applicable fee.

Right What it means
Information You have the right to clear information about how we collect and use your personal information – this privacy notice is one example of how we do this
Access You have the right to request a copy of the personal information we hold about you
Correction You have the right to ask for your personal data to be deleted under certain circumstance
Objection to processing You have the right to object to our use or your personal information under certain circumstances
Restriction on processing If you make an objection, our use of your personal information may be temporarily suspended whilst we deal with your request
Portability You have the right to ask for a copy of your personal information in a machine readable format to pass to another organisation under certain circumstances

All requests to exercise your rights should be addressed to the RoS Data Protection Officer and you should receive a response within one calendar month.

How we share personal information

We sometimes need to share your personal information with other organisations for statutory or regulatory reasons, or because doing so is in the general public interest.

Some of these third parties may be based outside the UK. Where this is the case, we ensure that the organisation has appropriate safeguards in place to protect the personal data being processed.

The UK government has stated that transfers of data from the UK to the EEA (countries in the EU and also Iceland, Liechtenstein and Norway) are permitted as they have determined that EEA states offer a similar level of protection for personal data as in the UK. Therefore, personal data can continue to be shared from the UK to the EEA without the need for further safeguards.

The privacy notices for each of our core processing activities contain further detail on instances where personal data is transferred outside of the UK and EEA and the safeguards in place to protect the personal data being processed.

These organisations include:

  • UK government bodies (for example HMRC)
  • Scottish Government, its agencies and non-ministerial departments (for example Revenue Scotland)
  • Local government and administration (for example Valuation Joint Boards)
  • Law enforcement and regulatory agencies (for example Police Scotland).

Like most organisations, we ask third parties who are part of our own supply chain to collect and use your personal information to help us perform our functions. In each case they do this under explicit instructions from us and are not allowed to pass your information to others without our permission, or to use it for any further purpose.

These organisations include:

  • the suppliers of our IT systems and infrastructure including Microsoft and Amazon Web Services (AWS) who are our primary cloud storage providers across our core processing activities. For more information, see Microsoft’s privacy notice and AWS’s privacy notice.
  • suppliers of communications systems and services
  • suppliers of office and building services
  • suppliers of professional services (such as recruitment specialist or legal advisors).

They retain your information only as long as is necessary and we ensure that they return to us, or destroy, any remaining information at the end of our contract with them.

As a public body, RoS is required to comply with statutory obligations to provide access to information (for example the Freedom of Information (Scotland) Act). It may be necessary for us to disclose your personal information to a third party in response to a relevant statutory request. Requests are considered on a case-by-case basis, and we will only disclose your information where we are legally required to do so. You can find more information on the website of the Office of the Scottish Information Commissioner.

For more detailed information on how we share personal information please see the privacy notices for each of our core processing activities.

Complaint to the Information Commissioner’s Office

If you wish to complain about how we are processing your personal data, you can do so by contacting the Information Commissioner’s Office (ICO) via online form, email, phone, live chat or post. For full details see the ICO website.

Changes to this privacy notice

This privacy notice will be updated as necessary to reflect any changes to the way in which we process personal data. If you have any questions about this privacy notice you can contact our Data Protection Officer (DPO) on dataprotection@ros.gov.uk.

Last updated 28 March 2025.