Privacy notice: Civil Recovery Unit
Introduction: Privacy notice
Use of your Personal Data in connection with civil recovery proceedings and investigations under the Proceeds of Crime Act 2002 (the “2002 Act”).
The Scottish Ministers are the enforcement authority in relation to Scotland for the purposes of Part 5 (civil recovery of the proceeds etc. of unlawful conduct) of the 2002 Act. The Scottish Ministers also have functions of carrying out investigations under Part 8 of the 2002 Act. The Civil Recovery Unit acts on behalf of the Scottish Ministers in exercising those functions. The Civil Recovery Unit reports directly to the Lord Advocate who is the Scottish Minister with delegated responsibility for the exercise of those functions. The Civil Recovery Unit is operationally placed within the Crown Office.
Under the General Data Protection Regulation and the Data Protection Act 2018 the Scottish
Ministers are required to explain what information is held about you, why this information is held, how this information is used and whether this information will be shared with anyone else. References in this policy to “we” “us” and “our” is to the Scottish Ministers when exercising their functions under Parts 5 and 8 of the 2002 Act.
We are a data controller of your personal data. Our address is care of the Crown Office, 25
Chambers Street, Edinburgh, EH1 1LA. We have a dedicated data protection officer (“DPO”). You can contact the DPO by writing to the above address marking it for the attention of the DPO, or by email: dataprotectionofficerdpo@copfs.gov.uk
What kinds of personal information about you do we process?
Personal information that we’ll process, if relevant, includes:
- Personal and contact details, such as title, full name, address, telephone and e-mail details
- Your date of birth, gender and/or age
- Family members
- Details of property acquired by you or with which you are connected
- Employment and related financial information
- Records of tax paid by you and statutory benefits received by you
- Records of your contact with us including face to face meetings, telephone calls,
emails and written correspondence - Forms of identification to enable us to verify your identity if you make a request for your own personal data (known as a Subject Access Request)
- Sound and visual images and intelligence material
- Special category personal data (also referred to as sensitive processing) may
include personal data revealing racial or ethnic origin, political opinions, religious
beliefs or philosophical beliefs, Trade union membership, physical or mental health, sex life or orientation, genetic or biometric data - Criminal records information
- Information we obtain from you or third parties about your involvement in the
circumstances giving rise to the referral to the Civil Recovery Unit including reports submitted to us from the police and other reporting agencies; information from other Scottish Government agencies and departments; information received from other government departments including Her Majesty’s Revenue & Customs (HMRC), the Department for Work & Pensions (DWP), the Home Office and the Registers of Scotland; and all other evidential material including witness statements, property, banking and financial information and records from relevant authorities (including
medical and local authorities).
What is the source of your personal information?
We’ll collect personal information from the following general sources:
- From you directly and any relevant witnesses
- From the police and other agencies when they submit referrals to us
- From your legal representative or other named representative acting on your behalf
- From analysis of evidence seized by the police or other reporting agencies, including computer and mobile telephone records
- From banks and other financial institutions, including credit reference agencies
- From other government departments, including other Scottish Government agencies and departments, HMRC, DWP, the Home Office and the Registers of Scotland
- From employers and intermediaries used by you including accountants, mortgage
brokers, financial advisers, architects, surveyors and planning consultants.
What do we use your personal data for?
- Where you are a respondent or a defender (or a potential respondent or defender), to consider whether assets or cash acquired by you or with which you are connected have derived from unlawful conduct and are therefore recoverable property. In the case of cash and listed assets cases we will also use your personal data to consider whether such items are intended for use in the furtherance of unlawful conduct
- Where you are a witness, as evidence in proceedings under Part 5 of the 2002 Act or for the purposes of pursuing an investigation under Part 8 of the 2002 Act
- Where we determine that it is necessary to share your information we will do so
including to the police, intelligence services and other government agencies and departments - To monitor and to keep records of our communications with you and our staff
- For management and auditing of our business operations including accounting
- To comply with legal and regulatory obligations, requirements and guidance.
What are the legal grounds for our processing of your personal information (including when we share it with others)?
We rely on the following legal grounds to use your personal data:
- Our public task includes processing of personal data necessary for the administration of justice and the exercise of functions conferred on us by an enactment (the 2002 Act) and it is in the public interest
- For legal claims where it is necessary for the purpose of, or in connection with, any
legal proceedings (including prospective legal proceedings), is necessary for the
purpose of obtaining legal advice, or is otherwise necessary for the purposes of
establishing, exercising or defending legal rights - The completion of subject access requests etc.
- Contract
- Your consent where you have contacted us regarding a general enquiry which is
more appropriately answered by a third party organisation, we will ask you if we may forward this information on to another authority on your behalf who may in a position to assist you - to prevent criminal activity, fraud and money laundering.
How and when can you withdraw your consent?
Most of the grounds on which we process personal data are referred to in paragraph 4
above and do not require your consent.
Should we rely upon your consent to process personal data, you can withdraw this at any
time by contacting us by email: dataprotectionofficerdpo@copfs.gov.uk
Is your personal information transferred outside the UK or the EEA?
We are based in Scotland, but sometimes your personal information may be transferred outside the European Economic Area. If we do so, we’ll make sure that suitable safeguards
are in place, for example ensuring that the recipient is a judicial or law enforcement
authority, by conducting due diligence before transfer and through use of secure electronic
transfer.
What should you do if your personal information changes?
You should tell us so that we can update our records. The contact details will be on correspondence that we send to you during the course of our involvement with you. We’ll then update our records where appropriate.
Do you have to provide personal information to us?
Most of the personal data we hold is for the purposes set out at paragraph 4 above and do
not require your consent. In circumstances where consent is required, we may be unable to fulfil our obligations if you do not provide certain information to us.
Do we do any monitoring involving processing of your personal information?
In this section, monitoring means any: listening to recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person face to face meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to
comply with regulatory rules, to prevent or detect crime, in the interests of protecting the
security of our communications systems and procedures, and for quality control and staff
training purposes. This information may be shared with third parties, for the purposes
described above.
What about automated decision making?
We do not make automated decisions in relation to our functions under the 2002 Act.
For how long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information based on the
following criteria:
- For as long as we have reasonable business needs to retain it
- Retention periods in line with legal, regulatory requirements and our Records
Retention Policy. This can be found in the Records Management Manual on the
COPFS website.
What are your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws. They don’t
apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not.
- The right to be informed about our processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information (“data portability”) and
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws - https://ico.org.uk
Your right to object
If you believe the personal data that we are processing about you is incorrect then you have right to have that data corrected. You have the right to ask for your personal data to be erased or to restrict processing of that data. However, we will only erase personal data when it is no longer necessary for us to process the data.
You can write to us:
c/o Information Governance Unit
Crown Office
25 Chambers
Street
Edinburgh
EH1 1LA
or by email: dataprotectionofficerdpo@copfs.gov.uk
Changes to this privacy notice
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice whenever you revisit COPFS website – www.copfs.gov.uk/privacy-notice
Contact us
If you have any questions about this privacy notice, or if you wish to exercise your rights or
contact the DPO, you can write to us:
c/o Information Governance Unit
Crown Office
25 Chambers
Street
Edinburgh
EH1 1LA
or by email: dataprotectionofficerdpo@copfs.gov.uk
Thank you for your feedback.