This privacy notice provides further information on personal information used in connection with the iMatter.scot website, our legal basis for collecting and using it and how we protect it. 

iMatter.Scot is the name of the web-based portal allowing the public to access information and resources relating to the iMatter Programme.

When you use the website we collect certain information about how you use the site using analytics tools which may use cookies or similar tracking techniques. (We do not collect any information that allows us to identify you as an individual).

This helps us to:

• improve the site by monitoring how you use it

We also collect IP address information as a part of the normal operation of hte site. This .

We won't share your information with any other organisations for marketing, market research or commercial purposes, and we don't pass on your details to other websites.

Disclosing or sharing your information

Though we make every effort to preserve user privacy, we may need to disclose personal information if we have a legal obligation to do so.

Content disclaimer

We seek to ensure that information on our website is up-to-date and accurate. However, the information does not constitute legal or professional advice and we cannot accept liability for actions arising from its use. Neither can we be held responsible for the contents of any pages referenced by an external link.

Links to and from our website

Our website contains links to other websites. This privacy policy only applies to this site and doesn't cover other websites.

We welcome websites to link to our site. You don't have to ask for permission to do so.

However, we don't give you permission to suggest that your website is associated with, or endorsed by, our website.

Where our site contains links to other sites and resources provided by third parties, these links are provided for your information only. We have no control over the contents of those sites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of them.

Who are we?

A controller is an organisation that determines the means and purposes of the processing of personal information.

We are The Common Services Agency for the Scottish Health Service, more commonly known as NHS National Services Scotland ("NHS NSS" or "us" or "we"). We administer the website as a controller.

A processor is an organisation responsible for processing personal data on behalf of a controller. We use a number of processors for the purposes of NVSS, all under contracts with NHS NSS, as set out below:

• Microsoft Azure - Microsoft Azure provides IT systems that we use to coordinate and manage vaccinations. Microsoft Azure Cloud Services are used to host the Platform from which the NVSS module sits on. Microsoft Azure does not have direct access to your personal information.

What personal information are we using?

We do not ask for or use any personal information from viewers of the site. Site content may contain information about individuals who have contributed their stories as part of the content of the website. Images and names of individuals shown in connection with these stories are with the permission of contributors.

What is our lawful basis to use your information?

NHS NSS relies on the following lawful basis to collect and use your personal data in the provision of the iMatter website:

UK General Data Protection Regulation (UK GDPR) Article 6(1)(e) - the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the NHS NSS.

How will my personal data be shared?

Your personal data will only be shared if it is necessary to do so and subject to technical and organisational measures to protect it. Any organisation that receives the data will also be responsible for ensuring the data is handled safely, securely and that they always comply with data protection law.

Where does my personal information go?

Data will be stored securely on NHS Scotland servers within the United Kingdom. We will not share your personal data outside the United Kingdom.

How do we look after your information?

NHS NSS is committed to protecting and respecting the privacy of individuals whose personal information is held and used by us and to complying with our obligations under the Data Protection Act 2018, the UK GPDR and our organisational data protection policies. We have appropriate technical and organisational measures in place to keep your data safe, and all of our staff are trained in information governance and confidentiality and are required to comply with such legislation and policies.

What are my rights?

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

1. The right to be informed.

2. The right of access.

3. The right to rectification.

4. The right to erasure.

5. The right to restriction of processing.

6. The right to data portability.

7. The right to object.

8. Rights in relation to automated decision-making.

9. The right to lodge a complaint with the supervisory body.

Some of these rights are not absolute and may not apply in all circumstances. Requests are considered on a case-by-case basis.

Exercising your rights

If you have questions, complaints or you would like to exercise your rights described above the contact information you need is noted below:

To raise a complaint with the Information Commissioner's Office (ICO) as the supervisory body in the UK, contact: