We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
We collect, use and are responsible for certain personal data about you. When we do so we are acting as the controller of your data in accordance with the UK General Data Protection Regulation (UK GDPR).
Key terms
It would be helpful to start by explaining some key terms used in this policy:
we, us, our | Scottish National Investment Bank PLC, Scottish Investments Limited (‘SIL’) and Scottish Investments Services Limited (‘SISL’) (individually or together the ‘Bank’) |
our data protection officer | Chief Risk Officer and General Counsel, with email address dataprotection@thebank.scot |
personal data | any information relating to an identified or identifiable individual |
data subject | the individual person to whom the personal data relates |
Personal data we collect about you
The personal data we collect about you depends on the particular relationship you have with us. Click on the relevant section below to see what data we collect about you.
We collect and use this personal data for the purposes outlined in the relevant table. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you.
How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason, e.g.:
- to comply with our legal and regulatory obligations;
- for the performance of a contract with you or to take steps at your request before entering into a contract; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
The table below explains what we use your personal data for and why we use it.
Website users
Users of our website at: https://www.thebank.scot/.
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
How you use the site | Through cookies installed on the site | For our legitimate interests | To improve the website experience and gain insights on how our site is used |
Cookies
A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you use our website. We use cookies on our website. These help us analyse how you interact with our website and understand user behaviour.
For example, we may monitor how many times you visit the website, which pages you go to, traffic data, and location data. This information helps us to understand how the site is used, for example how people found the site, how many people visited particular pages and how long people stay on our site. This helps us to make sure the site is meeting people's needs and to inform improvements that we make. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
For further information on our use of cookies, including a detailed list of your information which we and others may collect through cookies, please see below.
For further information on cookies generally, including how to control and manage them, visit the guidance on cookies published by the UK Information Commissioner’s Office, or https://allaboutcookies.org/.
Consent to use cookies and changing settings
We will ask for your consent to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested (e.g. to remember your choice about cookies on our website and play our embedded videos).
You can withdraw any consent to the use of cookies or manage any other cookie preferences by clicking on the wheel icon at the bottom left of any page on our site. You can then select whether to enable optional cookies. It may be necessary to refresh the page for the updated settings to take effect.
Our use of cookies
The table below provides more information about the cookies we use and why:
The cookies we use | Name | Purpose | Whether cookie is essential for us to provide you with a service that you have requested and whether we will seek your consent before we place the cookie |
Browser local storage | CookieConsent | This cookie is essential to store user consents | Yes, essential therefore we will not request your consent before placing these cookies. |
Youtube media player | remote_sid, LAST_RESULT_ENTRY_KEY, YSC, VISITOR_INFO1_LIVE, VISITOR_PRIVACY_METADATA, CONSENT, yt-remote-device-id, yt-remote-cast-installed, yt-remote-cast-available, yt-remote-session-app, yt-remote-session-name, yt-remote-fast-check-period, yt-remote-connected-devices, ytidb::LAST_RESULT_ENTRY_KEY, YtIdbMeta#databases, LogsDatabaseV2:V#||LogsRequestsStore, nextId, requests, ServiceWorkerLogsDatabase#SWHealthLog, yt.innertube::nextId. | These cookies are necessary for the implementation and functionality of YouTube video-content on the website. | Yes, essential therefore we will not request your consent before placing these cookies. |
Google Analytics | _ga _ga_<container-id>
| We use Google Analytics which collects data about how visitors use the site. We use this software to help us understand how the site is used, for example how people found the site, how many people visited particular pages and how long people stay on our site. This helps us to make sure the site is meeting people's needs and to inform improvements that we make. | No, we will therefore request your consent before placing this cookie |
Job applicants
Part A: Up to and including the shortlisting stage
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
Your name, details of your qualifications, experience, employment history (may include job titles, salary and working hours) and interests | From you if you contact us speculatively (but note that we will ask you to register with our recruitment partner and we then delete your speculative email. Via third party recruitment partner. From you, in the interview notes (if relevant) | To perform a contract or take steps at your request, before entering into a contract | To make an informed recruitment decision |
Part B: Before making a final decision to recruit
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
Your personal contact details (address, telephone numbers and email address) and details of your referees | Via third party recruitment partner or directly from you | To perform a contract or take steps at your request, before entering into a contract
Once regulatory requirements apply to us, to comply with our legal obligations to obtain regulatory references | To carry out a fair recruitment process
To comply with legal/regulatory obligations
Information shared with relevant managers, HR personnel and the referee |
Information about your previous academic and/or employment history, including details of any conduct, grievance or performance issues, appraisals, time and attendance, from references obtained about you from previous employers and/or education providers | From your referees, via Experian our 3rd party screening provider | To perform a contract or take steps at your request, before entering into a contract
Once regulatory requirements apply to us, to comply with our legal obligations | To obtain the relevant reference about you
To comply with legal/regulatory obligations
To share the Information with relevant managers and HR personnel |
Information regarding your academic and professional qualifications | From you, from your education provider, from the relevant professional body via Experian our 3rd party screening provider | To perform a contract or take steps at your request, before entering into a contract | To make an informed recruitment decision
To share the Information with relevant managers and HR personnel |
Information regarding your criminal record | From you, from our third party screening provider, Experian, and from Disclosure Scotland or the Disclosure and Barring Service (DBS) | To perform a contract or take steps at your request, before entering into a contract
For performing or exercising obligations or rights imposed or conferred by law on us in connection with employment.
For reasons of substantial public interest (preventing or detecting unlawful acts, suspicion of terrorist financing or money laundering in the regulated sector and protecting the public against dishonesty) | To make an informed recruitment decision
To carry out statutory checks
Information shared with Disclosure Scotland, the DBS and other regulatory authorities as required
To share the Information with relevant managers and HR personnel |
Your outside business interests and those of your immediate family including ownership of businesses, shareholdings, directorships or business partnerships | From you on the completed declaration of interests form | To perform a contract or take steps at your request, before entering into a contract | To share the Information with relevant managers and HR personnel |
Your personal or business relationships and those of your immediate family which could lead to a potential conflict of interest with the Scottish Investment Services Limited or the Bank or any group company | From you on the completed declaration of interests form | To perform a contract or take steps at your request, before entering into a contract | To share the Information with relevant managers and HR personnel |
Details of adverse credit history including if you have been declared bankrupt, been sequestrated or entered into any other arrangement for the benefit or your creditors, been subject to adverse findings by the Financial Conduct Authority (FCA) or other regulators or been disqualified as a company director. | From you on the completed declaration of interests form and through third party credit referencing agencies | To perform a contract or take steps at your request, before entering into a contract | To share the Information with relevant managers and HR personnel |
Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information | From you and, where necessary, the Home Office | To perform a contract or take steps at your request, before entering into a contract
To comply with our legal obligations | To carry out right to work checks
Information may be shared with the Home Office |
Your gender | From you, when you complete our equal opportunities form | For our legitimate interests
| To meet our equal opportunities goals (this information will be kept separate from the person making a recruitment decision) |
People Associated with Investees and Borrowers
We use personal data in the course of our investment and lending activities. This includes details of, and information about, the senior leadership team, directors, members and shareholders of a prospective or current borrower or investee company or organisation, experts, or key individuals who are involved in a particular project.
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
Your name, date of birth, and contact information, including email address and telephone number | From you when you contact us or apply for a loan or investment for a company or organisation or during the course of due diligence | For our legitimate interests
To comply with our legal obligation | We will carry out identity checks and use your contact information to communicate with you |
Your gender | From you when you contact us and as we request further information | To comply with our legal obligation
| We process this data in order to fulfil our equality, diversity, and inclusion reporting requirements |
Your organisation’s details including shareholders, directors, persons with significant control | From youw hen you contact us and as we request further information | For our legitimate interests
To comply with our legal obligation | We will assess internally what kind of returns potential investment might generate, and whether an investment would meet at least one of our missions. If your investment is successful we may share some of your organisation’s details on the portfolio section of our website. |
Your background and management experience | From you when you contact us and as we request further information | For our legitimate interests
| Your background, education and experience is relevant to deciding whether to invest in or lend to your organisation. We will internally review your experience and education to assess the viability of our investment. |
Personal information from reports | From you or from auditors as part of the administration of our investments | For our legitimate interests
| In order to monitor the performance of our investees and borrowers, address any incidents, and in carrying out or ending our investments or lending, we will require reports to be carried out that contain personal data. |
Promotional materials | From you directly or through a contractor | For our legitimate interests | We may display materials such as videos, photos or testimonials on our website to promote our investments. |
Suppliers
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
Your name and contact information, including email address and telephone number | From you when we interact with you | For our legitimate interests | We will use your contact information to communicate with you |
Information about your organisation | From you, and publicly accessible sources, e.g. Companies House | For our legitimate interests | For record-keeping purposes, creating accurate agreements, and communicating with you and your organisation |
Event attendees
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
Your name and contact information, including email address and telephone number | From you when we interact with you | For our legitimate interests | We will use your contact information to communicate with you, and to share promotional materials that may be of interest to you |
Your background, experience, and interests | From you, if you choose to share it | For our legitimate interests | We may tailor our communication to you based on your previously expressed interests |
Your response to surveys or promotional inquiries | From you, if you choose to share it | For our legitimate interests | We may record details of surveys or feedback you provide to improve our events and reach out to you with relevant communications |
Visitors to premises
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
Your name and contact information, including email address and telephone number | From you when we interact with you | For our legitimate interests
To comply with our legal obligations | We will use your contact information to communicate with you, to share promotional materials that may be of interest to you, and to invite you to events
We may use your information to carry out background checks for security purposes |
Details about the reason for your visit | From you, when you communicate with us | For our legitimate interests
| We will keep a record of the reason for your visit for security purposes |
Marketing
We will use your personal data to send you updates where you have provided contact details (by email, text message, telephone or post) about our services.
We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
You do, however, have the right to opt out of receiving marketing communications at any time by:
- contacting us at dataprotection@thebank.scot;
- using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.
We will always treat your personal data with the utmost respect and never sell it to organisations outside the Scottish National Investment Bank group for marketing purposes.
Who we share your personal data with
We may share personal data with:
- our subsidiaries;
- third parties we use to help deliver our services, e.g. background check providers;
- partners, including any co-lenders or co-investors ;
- Scottish ministers, as the shareholder;
- third parties in connection with any corporate transaction or restructuring, including a merger, asset sale, joint venture, or in the event of our insolvency; and
- other third parties we use to help us run our business, e.g. marketing agencies or website hosts.
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.
We occasionally also share personal data with:
- our external auditors, in addition to other public sector auditors such as Audit Scotland (e.g. in relation to the audit of our accounts and activities, to comply with our regulatory obligations;
- our professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
- the Scottish Government, law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations;
- third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
If you would like more information about who we share our data with and why, please contact us using the contact details below.
Where your personal data is held
Personal data may be held at our offices, third party agencies, service providers, representatives and agents as described above.
How long your personal data will be kept
We will not keep your personal data for longer than we need it for the purpose for which it is used.
Different retention periods apply for different types of personal data. Further details on this are available on request from our Data Protection Officer.
Your rights
You have the following rights, which you can exercise free of charge:
Access | The right to be provided with a copy of your personal data |
Rectification | The right to require us to correct any mistakes in your personal data |
Erasure (also known as the right to be forgotten) | The right to require us to delete your personal data—in certain situations |
Restriction of processing | The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data |
Data portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations |
To object | The right to object: —at any time to your personal data being processed for direct marketing (including profiling); —in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims |
Not to be subject to automated individual decision making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |
For more information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO).
If you would like to exercise any of those rights, please:
- email, call or write to us — see below; and
- provide enough information to identify yourself (e.g. your full name, address and date of birth) and any additional identity information we may reasonably request from you;
- let us know what right you want to exercise and the information to which your request relates.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being lost accidentally, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
Please contact us if you have any queries or concerns about our use of your personal data (see below). We hope we will be able to resolve any issues you may have.
You may also have the right to lodge a complaint with the Information Commissioner (the UK data protection regulator) and/or the relevant supervisory authority in your jurisdiction. Please contact us if you would like further information.
Changes to this privacy policy
This privacy notice was published on 30 August 2024 and last updated on 30 August 2024.
We may change this privacy notice from time to time — when we do we will inform you [via email] if we have that information.
Updating your personal data
We take reasonable steps to ensure your personal data remains accurate and up to date. To help us with this, please let us know if any of the personal data you have provided to us has changed, e.g. your surname or address — see below.
How to contact us
You can contact our Data Protection Officer by post, or email if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.
Our contact details are shown below:
Email: dataprotection@thebank.scot
Post: CRO and General Counsel, Data Protection Officer
The Scottish National Investment Bank plc
1 North Waverley Gate
2-4 Waterloo Place
Edinburgh
EH1 3EG
table td, table th { word-break: break-word; }
Key terms
It would be helpful to start by explaining some key terms used in this policy:
we, us, our | Scottish National Investment Bank PLC, Scottish Investments Limited (‘SIL’) and Scottish Investments Services Limited (‘SISL’) (individually or together the ‘Bank’) |
our data protection officer | Chief Risk Officer and General Counsel, with email address dataprotection@thebank.scot |
personal data | any information relating to an identified or identifiable individual |
data subject | the individual person to whom the personal data relates |
Personal data we collect about you
The personal data we collect about you depends on the particular relationship you have with us. Click on the relevant section below to see what data we collect about you.
We collect and use this personal data for the purposes outlined in the relevant table. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you.
How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason, e.g.:
- to comply with our legal and regulatory obligations;
- for the performance of a contract with you or to take steps at your request before entering into a contract; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
The table below explains what we use your personal data for and why we use it.
Website users
Users of our website at: https://www.thebank.scot/.
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
How you use the site | Through cookies installed on the site | For our legitimate interests | To improve the website experience and gain insights on how our site is used |
Cookies
A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you use our website. We use cookies on our website. These help us analyse how you interact with our website and understand user behaviour.
For example, we may monitor how many times you visit the website, which pages you go to, traffic data, and location data. This information helps us to understand how the site is used, for example how people found the site, how many people visited particular pages and how long people stay on our site. This helps us to make sure the site is meeting people's needs and to inform improvements that we make. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
For further information on our use of cookies, including a detailed list of your information which we and others may collect through cookies, please see below.
For further information on cookies generally, including how to control and manage them, visit the guidance on cookies published by the UK Information Commissioner’s Office, or https://allaboutcookies.org/.
Consent to use cookies and changing settings
We will ask for your consent to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested (e.g. to remember your choice about cookies on our website and play our embedded videos).
You can withdraw any consent to the use of cookies or manage any other cookie preferences by clicking on the wheel icon at the bottom left of any page on our site. You can then select whether to enable optional cookies. It may be necessary to refresh the page for the updated settings to take effect.
Our use of cookies
The table below provides more information about the cookies we use and why:
The cookies we use | Name | Purpose | Whether cookie is essential for us to provide you with a service that you have requested and whether we will seek your consent before we place the cookie |
Browser local storage | CookieConsent | This cookie is essential to store user consents | Yes, essential therefore we will not request your consent before placing these cookies. |
Youtube media player | remote_sid, LAST_RESULT_ENTRY_KEY, YSC, VISITOR_INFO1_LIVE, VISITOR_PRIVACY_METADATA, CONSENT, yt-remote-device-id, yt-remote-cast-installed, yt-remote-cast-available, yt-remote-session-app, yt-remote-session-name, yt-remote-fast-check-period, yt-remote-connected-devices, ytidb::LAST_RESULT_ENTRY_KEY, YtIdbMeta#databases, LogsDatabaseV2:V#||LogsRequestsStore, nextId, requests, ServiceWorkerLogsDatabase#SWHealthLog, yt.innertube::nextId. | These cookies are necessary for the implementation and functionality of YouTube video-content on the website. | Yes, essential therefore we will not request your consent before placing these cookies. |
Google Analytics | _ga _ga_<container-id>
| We use Google Analytics which collects data about how visitors use the site. We use this software to help us understand how the site is used, for example how people found the site, how many people visited particular pages and how long people stay on our site. This helps us to make sure the site is meeting people's needs and to inform improvements that we make. | No, we will therefore request your consent before placing this cookie |
Job applicants
Part A: Up to and including the shortlisting stage
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
Your name, details of your qualifications, experience, employment history (may include job titles, salary and working hours) and interests | From you if you contact us speculatively (but note that we will ask you to register with our recruitment partner and we then delete your speculative email. Via third party recruitment partner. From you, in the interview notes (if relevant) | To perform a contract or take steps at your request, before entering into a contract | To make an informed recruitment decision |
Part B: Before making a final decision to recruit
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
Your personal contact details (address, telephone numbers and email address) and details of your referees | Via third party recruitment partner or directly from you | To perform a contract or take steps at your request, before entering into a contract
Once regulatory requirements apply to us, to comply with our legal obligations to obtain regulatory references | To carry out a fair recruitment process
To comply with legal/regulatory obligations
Information shared with relevant managers, HR personnel and the referee |
Information about your previous academic and/or employment history, including details of any conduct, grievance or performance issues, appraisals, time and attendance, from references obtained about you from previous employers and/or education providers | From your referees, via Experian our 3rd party screening provider | To perform a contract or take steps at your request, before entering into a contract
Once regulatory requirements apply to us, to comply with our legal obligations | To obtain the relevant reference about you
To comply with legal/regulatory obligations
To share the Information with relevant managers and HR personnel |
Information regarding your academic and professional qualifications | From you, from your education provider, from the relevant professional body via Experian our 3rd party screening provider | To perform a contract or take steps at your request, before entering into a contract | To make an informed recruitment decision
To share the Information with relevant managers and HR personnel |
Information regarding your criminal record | From you, from our third party screening provider, Experian, and from Disclosure Scotland or the Disclosure and Barring Service (DBS) | To perform a contract or take steps at your request, before entering into a contract
For performing or exercising obligations or rights imposed or conferred by law on us in connection with employment.
For reasons of substantial public interest (preventing or detecting unlawful acts, suspicion of terrorist financing or money laundering in the regulated sector and protecting the public against dishonesty) | To make an informed recruitment decision
To carry out statutory checks
Information shared with Disclosure Scotland, the DBS and other regulatory authorities as required
To share the Information with relevant managers and HR personnel |
Your outside business interests and those of your immediate family including ownership of businesses, shareholdings, directorships or business partnerships | From you on the completed declaration of interests form | To perform a contract or take steps at your request, before entering into a contract | To share the Information with relevant managers and HR personnel |
Your personal or business relationships and those of your immediate family which could lead to a potential conflict of interest with the Scottish Investment Services Limited or the Bank or any group company | From you on the completed declaration of interests form | To perform a contract or take steps at your request, before entering into a contract | To share the Information with relevant managers and HR personnel |
Details of adverse credit history including if you have been declared bankrupt, been sequestrated or entered into any other arrangement for the benefit or your creditors, been subject to adverse findings by the Financial Conduct Authority (FCA) or other regulators or been disqualified as a company director. | From you on the completed declaration of interests form and through third party credit referencing agencies | To perform a contract or take steps at your request, before entering into a contract | To share the Information with relevant managers and HR personnel |
Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information | From you and, where necessary, the Home Office | To perform a contract or take steps at your request, before entering into a contract
To comply with our legal obligations | To carry out right to work checks
Information may be shared with the Home Office |
Your gender | From you, when you complete our equal opportunities form | For our legitimate interests
| To meet our equal opportunities goals (this information will be kept separate from the person making a recruitment decision) |
People Associated with Investees and Borrowers
We use personal data in the course of our investment and lending activities. This includes details of, and information about, the senior leadership team, directors, members and shareholders of a prospective or current borrower or investee company or organisation, experts, or key individuals who are involved in a particular project.
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
Your name, date of birth, and contact information, including email address and telephone number | From you when you contact us or apply for a loan or investment for a company or organisation or during the course of due diligence | For our legitimate interests
To comply with our legal obligation | We will carry out identity checks and use your contact information to communicate with you |
Your gender | From you when you contact us and as we request further information | To comply with our legal obligation
| We process this data in order to fulfil our equality, diversity, and inclusion reporting requirements |
Your organisation’s details including shareholders, directors, persons with significant control | From youw hen you contact us and as we request further information | For our legitimate interests
To comply with our legal obligation | We will assess internally what kind of returns potential investment might generate, and whether an investment would meet at least one of our missions. If your investment is successful we may share some of your organisation’s details on the portfolio section of our website. |
Your background and management experience | From you when you contact us and as we request further information | For our legitimate interests
| Your background, education and experience is relevant to deciding whether to invest in or lend to your organisation. We will internally review your experience and education to assess the viability of our investment. |
Personal information from reports | From you or from auditors as part of the administration of our investments | For our legitimate interests
| In order to monitor the performance of our investees and borrowers, address any incidents, and in carrying out or ending our investments or lending, we will require reports to be carried out that contain personal data. |
Promotional materials | From you directly or through a contractor | For our legitimate interests | We may display materials such as videos, photos or testimonials on our website to promote our investments. |
Suppliers
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
Your name and contact information, including email address and telephone number | From you when we interact with you | For our legitimate interests | We will use your contact information to communicate with you |
Information about your organisation | From you, and publicly accessible sources, e.g. Companies House | For our legitimate interests | For record-keeping purposes, creating accurate agreements, and communicating with you and your organisation |
Event attendees
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
Your name and contact information, including email address and telephone number | From you when we interact with you | For our legitimate interests | We will use your contact information to communicate with you, and to share promotional materials that may be of interest to you |
Your background, experience, and interests | From you, if you choose to share it | For our legitimate interests | We may tailor our communication to you based on your previously expressed interests |
Your response to surveys or promotional inquiries | From you, if you choose to share it | For our legitimate interests | We may record details of surveys or feedback you provide to improve our events and reach out to you with relevant communications |
Visitors to premises
The information we collect | How we collect the information | Why we collect the information (legal basis) | How we use and may share the information |
Your name and contact information, including email address and telephone number | From you when we interact with you | For our legitimate interests
To comply with our legal obligations | We will use your contact information to communicate with you, to share promotional materials that may be of interest to you, and to invite you to events
We may use your information to carry out background checks for security purposes |
Details about the reason for your visit | From you, when you communicate with us | For our legitimate interests
| We will keep a record of the reason for your visit for security purposes |
Marketing
We will use your personal data to send you updates where you have provided contact details (by email, text message, telephone or post) about our services.
We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
You do, however, have the right to opt out of receiving marketing communications at any time by:
- contacting us at dataprotection@thebank.scot;
- using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.
We will always treat your personal data with the utmost respect and never sell it to organisations outside the Scottish National Investment Bank group for marketing purposes.
Who we share your personal data with
We may share personal data with:
- our subsidiaries;
- third parties we use to help deliver our services, e.g. background check providers;
- partners, including any co-lenders or co-investors ;
- Scottish ministers, as the shareholder;
- third parties in connection with any corporate transaction or restructuring, including a merger, asset sale, joint venture, or in the event of our insolvency; and
- other third parties we use to help us run our business, e.g. marketing agencies or website hosts.
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.
We occasionally also share personal data with:
- our external auditors, in addition to other public sector auditors such as Audit Scotland (e.g. in relation to the audit of our accounts and activities, to comply with our regulatory obligations;
- our professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
- the Scottish Government, law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations;
- third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
If you would like more information about who we share our data with and why, please contact us using the contact details below.
Where your personal data is held
Personal data may be held at our offices, third party agencies, service providers, representatives and agents as described above.
How long your personal data will be kept
We will not keep your personal data for longer than we need it for the purpose for which it is used.
Different retention periods apply for different types of personal data. Further details on this are available on request from our Data Protection Officer.
Your rights
You have the following rights, which you can exercise free of charge:
Access | The right to be provided with a copy of your personal data |
Rectification | The right to require us to correct any mistakes in your personal data |
Erasure (also known as the right to be forgotten) | The right to require us to delete your personal data—in certain situations |
Restriction of processing | The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data |
Data portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations |
To object | The right to object: —at any time to your personal data being processed for direct marketing (including profiling); —in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims |
Not to be subject to automated individual decision making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |
For more information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO).
If you would like to exercise any of those rights, please:
- email, call or write to us — see below; and
- provide enough information to identify yourself (e.g. your full name, address and date of birth) and any additional identity information we may reasonably request from you;
- let us know what right you want to exercise and the information to which your request relates.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being lost accidentally, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
Please contact us if you have any queries or concerns about our use of your personal data (see below). We hope we will be able to resolve any issues you may have.
You may also have the right to lodge a complaint with the Information Commissioner (the UK data protection regulator) and/or the relevant supervisory authority in your jurisdiction. Please contact us if you would like further information.
Changes to this privacy policy
This privacy notice was published on 30 August 2024 and last updated on 30 August 2024.
We may change this privacy notice from time to time — when we do we will inform you [via email] if we have that information.
Updating your personal data
We take reasonable steps to ensure your personal data remains accurate and up to date. To help us with this, please let us know if any of the personal data you have provided to us has changed, e.g. your surname or address — see below.
How to contact us
You can contact our Data Protection Officer by post, or email if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.
Our contact details are shown below:
Email: dataprotection@thebank.scot
Post: CRO and General Counsel, Data Protection Officer
The Scottish National Investment Bank plc
1 North Waverley Gate
2-4 Waterloo Place
Edinburgh
EH1 3EG