Privacy notice - simplified

Personal data is information that can be used to directly identify someone e.g. your name and address. It also includes information that, when combined with other pieces of information, might result in you being identified.

We receive reports of possible crimes and death investigations from Police Scotland and other reporting agencies. Our job is to decide what should happen next to these reports. 

To help us make good decisions, we have to read, process and record the personal data that has been sent to us in these reports.

As well as making decisions on criminal and death investigations, sometimes we have to process personal data because of media or journalist questions. Sometimes we need to use personal data for auditing and being open and honest (transparent) about the decisions we make.

You can find examples of the type of data we may process at Annex A at the end of this document.

We mainly process personal, sensitive and criminal offence data to help us uphold the law under Part 3 of the Data Protection Act 2018 (DPA 2018).

When dealing with your personal information, we will:

• respect and keep your personal information safe
• obey the rules and regulations for handling personal information
• consider the privacy risks when using new ways of storing data
• ensure our staff know how to correctly handle your personal information
• respond appropriately if personal information is not used or protected properly.

To ensure we keep your information correct and up to date, we ask you to:

• give us accurate information
• tell us as soon as possible if there are any changes to the information we have about you, e.g. if you change your name or address, mobile number or email address.

We may share your personal data with other government and regulatory agencies to help us do our jobs and uphold the law. Examples of the organisations we may have to share your personal data with are listed at Annex B.

We might have to share information to other agencies that aren’t in our list, so that we can help protect you and others. For example, we might have to share your personal information with the Scottish Ambulance Service or the Scottish Fire and Rescue Service, to check on your safety or the safety of others.

Transferring of your personal and sensitive data

We are based in Scotland, but sometimes your personal and sensitive information may be moved outside the European Economic Area (EEA) to help us, and other agencies, to do our jobs and fulfil our obligations. If we need to do this, we’ll make sure that your data is safe and protected.

Retention of your personal data

Our Records Management Manual explains the retention periods (time we hold something) for material related to criminal cases. Sometimes we have to keep your personal information for longer than we wish to. For example, we might be involved in an inquiry and the inquiry might take longer to complete than our usual retention period for records.

At the end of the retention period, we will transfer ‘material of enduring value’ to The National Archives of Scotland for archiving purposes.

If you want to know what information we hold about you, e.g. check that it is accurate etc, you can ask us by completing a Subject Access Request form. You can find our more about that on our Request personal data page

Or, you can email us: dataprotectionofficerdpo@copfs.gov.uk 

Or, you can write to us:

Information Governance Unit,
Crown Office,
25 Chambers Street,
Edinburgh,
EH1 1LA

Making a complaint to COPFS

If you wish to make a complaint about the way your personal data has been handled, you can email us: dataincidents@copfs.gov.uk

Or write to us:

COPFS Data Protection Officer (DPO)
Information Governance Unit 
Crown Office,
25 Chambers Street,
Edinburgh, EH1 1LA.

You can also telephone our Enquiry Point on 0300 020 3000 and tell them that you would like to make a complaint.

Making a complaint to the Information Commissioner (ICO)

You can contact the ICO for independent advice about the Data Protection Act 2018. 

Also, if you are unhappy about our response to your complaint, you can also contact the ICO.

Information Commissioner Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Email: casework@ico.org.uk

We may change this privacy notice by updating this page to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice whenever you visit our website.

This page is about the use of your personal data in connection with the investigation and prosecution of crime and the investigation of deaths. This page is the simplified version of our full corporate Privacy notice.

We have published a separate privacy notice for job applicants which you can access here. 

Personal data is information that can be used to directly identify someone e.g. your name and address. It also includes information that, when combined with other pieces of information, might result in you being identified.

Examples of personal data include:

• your title, full name, contact details and contact details history e.g. details of previous places you have lived,
• your date of birth, age and sex / gender,
• your nationality,
• your employment status,
• name and contact details of your solicitor,
• your financial details,
• your protected characteristics in terms of the Equality Act 2010,
• details of your family members, including bereaved nearest relatives (next of kin),
• forms of identification so that we can check you are who you say you are,
• records of your contact with us including face to face meetings, telephone calls, emails and written messages,
• information we receive from third parties e.g. Police Scotland, the NHS, medical examiners, your school, social workers, and other professional groups,
• sound and visual images of you captured in photographs or CCTV or mobile phones, including from telephone and mobile phone companies,
• text messages and all types of social media messages,
• any criminal records information of accused persons, victims and witnesses involved in your case,
• details of the alleged crime and its impact on victims,
• Victims Right to Review – emails or applications from a victim asking us to review our decision in their case,
• records of the outcome of your case.

Some of this information will be classed as ‘sensitive personal information.’ E.g. your medical records, your sexual orientation, your religious beliefs, your political opinions.

Some of the government and regulatory organisations we might have to share your data with:

• Police Service of Scotland and other enforcement agencies,
• Solicitors acting for an accused person,
• An accused person who is conducting their own defence,
• Overseas authorities (in cases where a mutual legal assistance request needs to be made),
• Scottish Courts and Tribunal Service (SCTS),
• Scottish Police Authority (SPA),
• The Law Society of Scotland,
• Scottish Legal Aid Board (SLAB)
• Police Investigations and Review Commissioner (PIRC)
• Scottish Children’s Reporter Agency (SCRA)
• The National Probation Service,
• Scottish Prison Service,
• Parole Board for Scotland,
• NHS Scotland,
• the Armed Forces,
• the Care Inspectorate,
• Local Authorities - including justice social work, or partner agencies who manage a range of community justice interventions,
• Government and Regulatory bodies such as the
  • Scottish Public Services Ombudsman (SPSO),
  • the Information Commissioner’s Office (ICO),
  • the Scottish Information Commissioner’s Office,
  • the Scottish Legal Complaints Commission (SLCC),
  • Scottish Social Services Council (SSSC),
  • General Medical Council (GMC),
  • The General Teaching Council (GTC),
  • Disclosure Scotland,
  • Disclosure and Barring Service
• Organisations providing support services to victims and witnesses,
• Computer companies who help us to run and maintain our IT systems.