Privacy Policy for the online Equality and Human Rights Mainstreaming Toolkit

This Privacy Policy explains how the Scottish Government, acting through the Equality, Inclusion and Human Rights Directorate (“we”, “our”, “us”) collects, uses, and protects information through the Equality and Human Rights Mainstreaming Online Toolkit (“the Toolkit”).

We are committed to ensuring that your privacy is protected and that all data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact Information:

Mainstreaming Operational Delivery Team
Equality, Inclusion and Human Rights Directorate
Area 3H – North, Victoria Quay
Edinburgh EH6 6QQ

Email: ehrmainstreamingtoolkit@gov.scot

Data Protection Officer:

Email: DataProtectionOfficer@gov.scot

Post:

Scottish Government,

St Andrew’s House,

Regent Road,

Edinburgh

EH1 3DG

What data we collect

Self-Assessment Tool

We collect:

• Organisation size
• Sector
• Role of the person completing the tool
• Assessment responses (multiple choice answers scored 0-4 points across 13-24 questions)

No personal data (such as names or contact details) is collected through the self-assessment tool. All responses are anonymous.

Providing this information is voluntary. You can choose not to answer any questions, but incomplete responses may result in less accurate recommendations for improving your equality and human rights practices.

Resource Submission via email

When you email us resource suggestions at ehrmainstreamintoolkit@gov.scot, we collect:

• Any information you choose to include in your email (such as resource details, your name, organisation, contact information)
• Your email address (automatically captured when you send the email)
• Any attachments you include

Providing personal information is entirely voluntary. You can suggest resources without providing personal details beyond your email address. However, if you choose not to provide contact information or identify yourself, we may not be able to follow up with you about your suggestion, notify you if we use your recommended resource, or contact you about related opportunities.

Website Analytics

We collect anonymised usage data to improve the Toolkit, including:

• Page views
• Resource downloads
• Search terms
• Filter usage
• Device/browser type
• Website performance metrics
• Accessibility tool usage (via ReciteMe)

How we use your data 

• To improve Toolkit functionality and accessibility
• To analyse usage patterns and inform future development
• To contact resource submitters (only with consent)
• To support reporting and evaluation of equality and human rights mainstreaming efforts
• To maintain contact with users who wish to stay informed about updates (with consent)

Legal basis for processing

We only require a lawful basis for processing personal data. Most data collected through the Toolkit (e.g., self-assessment responses and analytics) is anonymised and does not identify individuals.

Where personal data is provided voluntarily (such as an email address or contact details for resource submissions or to receive updates), we process this data on the basis of consent under Article 6(1)(a) UK GDPR.

You can withdraw consent at any time by contacting us at ehrmainstreamingtoolkit@gov.scot.

No other lawful basis applies because we do not collect personal data for mandatory use of the Toolkit.

Data sharing and third parties

The Toolkit is hosted by Kaleidoscope on Cloudways Autonomous cloud infrastructure with servers located in London, UK. Kaleidoscope provides hosting, development, maintenance, and technical support. They may access anonymised usage data and, where applicable, personal data submitted with consent.

Third-party services we use:

• Recite Me: Accessibility toolbar (anonymised usage statistics only)
• Complianz: Cookie management and compliance
• Cloud hosting and backup services within the UK

All data processing by third parties is governed by appropriate data processing agreements and remains within the UK. No data is transferred outside the UK.

Data storage and retention

• Personal data: Stored securely for 12 months from collection
• Ongoing contact: Where users consent to remain in contact for updates, email addresses will be retained until consent is withdrawn
• Website analytics and usage data: Retained for as long as it serves a legitimate purpose for improving the Toolkit and reporting on its effectiveness
• Server backups: Weekly backups retained for 12 months on Amazon S3 (UK)

After retention periods end, personal data is securely deleted unless ongoing consent exists for continued contact.

Your rights

Under UK GDPR, you have the right to:

• Access your personal data
• Request correction or deletion
• Withdraw consent at any time
• Object to processing based on legitimate interests
• Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, in the first instance contact us at: ehrmainstreamingtoolkit@gov.scot

Complaints

 If you have concerns about how we handle your personal information, please contact our Data Protection Officer in the first instance:

Email: DataProtectionOfficer@gov.scot

Post: Scottish Government, St Andrew’s House, Regent Road, Edinburgh EH1 3DG

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk
Online complaint form: ico.org.uk/make-a-complaint

Automated decision-making

The self-assessment tool uses automated processing to provide personalised recommendations based on your responses.

How it works:

• You answer multiple-choice questions about your organisation’s current implementation across key equality and human rights drivers
• Your responses are automatically scored (0-4 points per question)
• The system calculates your overall score and implementation level (Pre-Foundation, Foundation, Development, or Advanced)
• Based on your scores, the tool automatically recommends relevant actions and resources tailored to your needs
• You can retake the assessment at any time to receive updated recommendations
• The recommendations are guidance only and do not create binding obligations

Cookies and tracking

The Toolkit uses cookies to:

• Essential cookies: For basic site functionality
• Analytics cookies: To understand how the site is used and improve it
• Accessibility cookies: To remember your accessibility preferences
• Preference cookies: To remember your cookie choices

We do not use marketing, advertising, or social media cookies.

Cookie management is handled through an automated system that complies with data protection regulations. You’ll see a cookie notice when you first visit and can manage your preferences at any time.

Security measures

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it, including:

• Secure data transmission and storage
• Regular security monitoring and updates
• Access controls and user permissions
• Regular data backups stored securely in the UK
• Protection against unauthorized access and cyber threats

Age restrictions

The Toolkit is a free public resource designed primarily for professional use by public sector staff. While there is no minimum age restriction for accessing the public content, we do not knowingly collect personal data from children under 13. The self-assessment tool and resource submission forms are intended for professional use and should be completed by individuals in relevant professional roles.

Changes to this policy

We may update this Privacy Policy periodically. Changes will be posted on this page with a revised “Last Updated” date. Significant changes will be communicated to users who have provided contact details with consent.