Here we explain what personal information we collect, why we collect it and what we do with it.
We also explain your rights in respect of your own personal information.
Watch a short guide to how we process personal data:
As a registration authority, we have a statutory obligation to compile and maintain public registers, and to make these registers available for public inspection. This is essential to establishing and protecting the legal rights of individuals by placing certain information in the public domain.
To compile the Land Register of Scotland and the General Register of Sasines, we collect and use the names and addresses of the buyer and seller of property which is being registered. We collect this information via an application form, usually submitted to us by a solicitor acting on behalf of the applicant(s). Once processed, this information is entered on the public register and is available for public inspection. We keep this data permanently as part of our statutory obligations.
To compile the Register of Persons Holding a Controlled Interest in Land (RCI), we collect and use the names and addresses of the owner of the land (called the “recorded person”) and the names, addresses and dates of birth of the persons who have a controlling interest over their decisions in relation to that land which is being registered (called “associates”). We collect this information via an on-line submission service, submitted to us by the recorded person or an authorised professional representative acting on their behalf. Once processed, this information, with the exception of the dates of birth, is entered on the public register and is available for public inspection. Where a security declaration is in effect, the associate’s name and address will not be available on the public register. We keep this data permanently as part of our statutory obligations.
Draft applications submitted using any of our online, digital submission services are retained for 365 days as we recognise that there can sometimes be a delay between starting the application form and submission. After this period, the draft form and any data entered into the form will be deleted.
In certain circumstances, part of the registration process is undertaken by automatic means. Where a discharge can be registered automatically, the decision to do so is based on the presence of the required information in the required format on the application.
To compile our other registers we collect and use a range of personal information including the names and addresses of individuals:
- who are subject to legal inhibition
- who have rights in respect of crofts
- who have rights as agricultural tenants or represent community bodies
- who are the subject of registered deeds, writs, judgements or protests, or
- who are letting agents or property factors
We collect and receive this information directly from applicants, and sometimes from other organisations, such as the Accountant in Bankruptcy (AiB), the Crofting Commission, or the Scottish Government. We keep this data permanently as part of our statutory obligations.
In some cases, we manage these registers on behalf of, or in partnership with, other organisations, such as the Scottish Government and Scottish local authorities.
You can find further information about each of our public registers.
We make our registers available in line with our statutory obligations and the general public interest in accessing information from public registers. We also share and disclose information from some of our registers under license to a range of third parties. See How we share personal information below for more information.
If you, or someone acting on your behalf, requests products or services from us, for example through our website, ScotLIS or eServices portal, we will collect and use your personal information in order to provide you with that service, and fulfil our contractual obligations to you. If we already hold the information requested, then we will access it and use it to provide you with the product or service you have requested.
This includes services where you sign up to receive alerts. If we need to collect additional information from you, such as payment information, we will do so and use it for the same purpose.
For some transactions, RoS use a third party payment processor, Stripe who are based in the United States and are on the Privacy Shield. For more information, see Stripe’s privacy notice.
In most cases we will collect information about your behaviour as a customer, for example which products and services you are using and how often, in order to help us meet our contractual obligations to you. We retain this information for a maximum of 7 years after its last use.
We may also use this information to contact you in relation to our products or services in the future; you can opt out of these communications.
You can browse our website and the Knowledge Base without disclosing your personal information. However, our website uses essential cookies to function correctly, and some third party services may also set cookies on your browser. Any cookies that collect and use your personal information will request your consent when you access the website for the first time. You can change your privacy settings in relation to cookies at any time via your internet browser settings.
You can browse our ScotLIS website without disclosing your personal information. However, if you wish to register as a business user of ScotLIS, a user of our eServices or data reports portals, or to purchase full title information from ScotLIS, you will be required to provide personal information. See also the section above on Customers using our services.
Find out more about cookies on our cookies notice.
If your visit is planned, we’ll send your name and visit information to reception before your visit. This is so they know to expect you and who to contact on your arrival.
If you require a visitor’s car parking space, we will also require details of your vehicle.
We ask all visitors to sign in and out at reception. This information is retained for two years.
Closed-circuit television (CCTV) operates outside the building and at our entrances. This is for security and safety reasons.
We have Wi-Fi on site for visitors to use. We log traffic information in the form of sites visited, duration and date sent/received. We don't store IP addresses.
If you sign up to any of our communications, campaigns, events or surveys, including through our social media channels, we will collect and use your personal information for the purpose of communicating and consulting with you, facilitate our events and we may inform you about our products and services. If we need to pass information on to a third party for event facilitation reasons, consent will be sought at the time of booking.
We monitor the usage and uptake activity of all of our newsletters, for example whether or not the message is received, opened and clicked on, to ensure its effectiveness.
We’ll do this in line with our contract with you or on the basis of your consent, whichever applies. You can opt-out of these communications at any time. We’ll keep your information for as long as is necessary to fulfil our contract with you, or for as long as we still have your consent to do so. You can withdraw this consent at any time by contacting email@example.com.
If you contact us with an enquiry, comment or complaint, we will use the personal information you provide to us to respond and resolve your issue, on the basis of our contract with you and in the general public interest. We may ask you to provide additional personal information if it is necessary for this purpose, and will retain any information you provide for up to 3 years after receiving it.
To make an enquiry, comment or complaint, you can use our contact form. Correspondents should note that all communications to or from Registers of Scotland may be automatically logged, monitored and/or recorded for lawful purposes.
If you agree to take part in our research or testing we will collect and use your personal information for research purposes to improve our products and services, based on your consent. You can withdraw your consent to use of your data for research activities at any time by contacting firstname.lastname@example.org. We keep the personal data from the sessions for 2 years after the end of the project, and your contact details for as long as we have your consent to contact you.
If you apply to work for or with us, whether as an employee, advisor or consultant, we will process your personal information for the purpose of recruitment, and in anticipation of entering into a contract with you. If you are unsuccessful we will retain your information for 2 years before destroying it, in line with Civil Service recruitment principles.
If you are an employee of RoS, we collect and use your personal information for the purpose of carrying out our duties as an employer, to support you in your employment at RoS and to fulfil our contractual obligations as an employer.
This will include collection and use of your personal details, financial information, health information, and information relating to your performance, attendance and activity at work.
If you leave employment at RoS, we will continue to process your personal information in order to end your contract with us, to fulfil any outstanding obligations we have as your former employer, and to meet our statutory obligations.
We share some employee information with public bodies such as HMRC in line with statutory obligations, or with other organisations whom you have given us your consent to share your information with. Employee information is held only for as long as is necessary and in line with our corporate retention schedule.
If you are part of our supply chain, we will process your personal information for the purpose of procuring and consuming goods and services, and to fulfil our contract with you. This may include your personal contact information and information required for you to supply products and services to us. Where necessary for the same purpose we may share this information with other suppliers and service providers, or with our customers. We keep this data for 7 years after the end of the financial year.
We sometimes need to share your personal information with other organisations for statutory or regulatory reasons, or because doing so is in the general public interest.
Some of these third parties may be based outside the EEA. Where this is the case, we ensure that the organisation has appropriate safeguards in place to protect the personal data being processed.
These organisations include:
- UK government bodies (for example HMRC)
- Scottish Government, its agencies and non-ministerial departments (for example Revenue Scotland)
- Local government and administration (for example Valuation Joint Boards)
- Law enforcement and regulatory agencies (for example Police Scotland)
We share employee payroll and supplier payment data with the National Fraud Initiative (NFI). We do this for fraud prevention and detection in the public interest.
We also make information from the Register of Sasines and the Register of Inhibitions available under license to a range of public bodies, for the purpose of the public interest and to conveyancing companies on the basis of a legitimate commercial interest. We make information from the Land Register of Scotland available under licence to our customers on the basis of a legitimate commercial interest.
Like most organisations, we ask third parties who are part of our own supply chain to collect and use your personal information in order to help us perform our functions. In each case they do this under explicit instructions from us and are not allowed to pass your information to others without our permission, or to use it for any further purpose.
These organisations include
- the suppliers of our IT systems and infrastructure
- suppliers of communications systems and services
- suppliers of office and building services
- suppliers of professional services (such as recruitment specialist or legal advisors)
They retain your information only as long as is necessary and we ensure that they return to us, or destroy, any remaining information at the end of our contract with them.
As a public body, RoS is required to comply with statutory obligations to provide access to information (for example the Freedom of Information (Scotland) Act). It may be necessary for us to disclose your personal information to a third party in response to a relevant statutory request. You can find more information on the website of the Office of the Scottish Information Commissioner .
Data protection legislation gives you rights, which we are required to help you exercise, should you wish to. These are summarised in the table below.
In all cases, some information, such as that held on public registers, will not be covered. If you wish to access information from public registers you should do this through the appropriate mechanism for the particular register, and if necessary pay the applicable fee.
|Right||What it means|
|Information||You have the right to clear information about how we collect and use your personal information – this privacy notice is one example of how we do this|
|Access||You have the right to request a copy of the personal information we hold about you|
|Correction||You have the right to ask for any personal information that is inaccurate or incomplete to be corrected|
|Erasure||You have the right to ask for your personal data to be deleted under certain circumstance|
|Objection to processing||You have the right to object to our use or your personal information under certain circumstances|
|Restriction on processing||If you make an objection, our use of your personal information may be temporarily suspended whilst we deal with your request|
|Portability||You have the right to ask for a copy of your personal information in a machine readable format to pass to another organisation under certain circumstances|
All requests to exercise your rights should be addressed to the RoS Data Protection Officer (email@example.com) and you should receive a response within one calendar month.
As a public body, we have appointed a Data Protection Officer whose role includes advising and assisting individuals whose personal we collect and use. You can contact the RoS Data Protection Officer at any time to raise any query or concern you have in respect of how RoS uses your personal information by emailing firstname.lastname@example.org.
If you wish to complain about how we are processing your personal data, you can do so by contacting the Information Commissioner’s Office (ICO) via online form, email, phone, live chat or post. For full details see the ICO website.
This privacy notice will be updated as necessary to reflect any changes to the way in which we process personal data. If you have any questions about this privacy notice you can contact our Data Protection Officer (DPO) on email@example.com.