Privacy Policy for the online Equality and Human Rights Mainstreaming Toolkit

This Privacy Policy explains how the Scottish Government, acting through the Equality, Inclusion and Human Rights Directorate (“we”, “our”, “us”) collects, uses, and protects information through the Equality and Human Rights Mainstreaming Online Toolkit (“the Toolkit”).

We are committed to ensuring that your privacy is protected and that all data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

Contact Information:

Mainstreaming Operational Delivery Team
Equality, Inclusion and Human Rights Directorate
Area 3H – North, Victoria Quay
Edinburgh EH6 6QQ

Email: ehrmainstreamingtoolkit@gov.scot

 

Data Protection Officer:

Email: DataProtectionOfficer@gov.scot

Post:

Scottish Government,

St Andrew’s House,

Regent Road,

Edinburgh

EH1 3DG

 

What data we collect

Self-Assessment Tool

We collect:

  • Organisation size
  • Sector
  • Role of the person completing the tool
  • Assessment responses (multiple choice answers scored 0-4 points across 13-24 questions)

No personal data (such as names or contact details) is collected through the self-assessment tool. All responses are anonymous.

 

Providing this information is voluntary. You can choose not to answer any questions, but incomplete responses may result in less accurate recommendations for improving your equality and human rights practices.

 

Resource Submission via email

When you email us resource suggestions at ehrmainstreamintoolkit@gov.scot, we collect:

  • Any information you choose to include in your email (such as resource details, your name, organisation, contact information)
  • Your email address (automatically captured when you send the email)
  • Any attachments you include

Providing personal information is entirely voluntary. You can suggest resources without providing personal details beyond your email address. However, if you choose not to provide contact information or identify yourself, we may not be able to follow up with you about your suggestion, notify you if we use your recommended resource, or contact you about related opportunities.

 

Website Analytics

We collect anonymised usage data to improve the Toolkit, including:

  • Page views
  • Resource downloads
  • Search terms
  • Filter usage
  • Device/browser type
  • Website performance metrics
  • Accessibility tool usage (via ReciteMe)

How we use your data 

  • To improve Toolkit functionality and accessibility
  • To analyse usage patterns and inform future development
  • To contact resource submitters (only with consent)
  • To support reporting and evaluation of equality and human rights mainstreaming efforts
  • To maintain contact with users who wish to stay informed about updates (with consent)

 

Legal basis for processing

We only require a lawful basis for processing personal data. Most data collected through the Toolkit (e.g., self-assessment responses and analytics) is anonymised and does not identify individuals.

Where personal data is provided voluntarily (such as an email address or contact details for resource submissions or to receive updates), we process this data on the basis of consent under Article 6(1)(a) UK GDPR.

You can withdraw consent at any time by contacting us at ehrmainstreamingtoolkit@gov.scot.

No other lawful basis applies because we do not collect personal data for mandatory use of the Toolkit.

 

Data sharing and third parties

The Toolkit is hosted by Kaleidoscope on Cloudways Autonomous cloud infrastructure with servers located in London, UK. Kaleidoscope provides hosting, development, maintenance, and technical support. They may access anonymised usage data and, where applicable, personal data submitted with consent.

 

Third-party services we use:

  • Recite Me: Accessibility toolbar (anonymised usage statistics only)
  • Complianz: Cookie management and compliance
  • Cloud hosting and backup services within the UK

 

All data processing by third parties is governed by appropriate data processing agreements and remains within the UK. No data is transferred outside the UK.

 

Data storage and retention

  • Personal data: Stored securely for 12 months from collection
  • Ongoing contact: Where users consent to remain in contact for updates, email addresses will be retained until consent is withdrawn
  • Website analytics and usage data: Retained for as long as it serves a legitimate purpose for improving the Toolkit and reporting on its effectiveness
  • Server backups: Weekly backups retained for 12 months on Amazon S3 (UK)

After retention periods end, personal data is securely deleted unless ongoing consent exists for continued contact.

 

Your rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction or deletion
  • Withdraw consent at any time
  • Object to processing based on legitimate interests
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

 

To exercise your rights, in the first instance contact us at: ehrmainstreamingtoolkit@gov.scot

 

Complaints

 If you have concerns about how we handle your personal information, please contact our Data Protection Officer in the first instance:

Email: DataProtectionOfficer@gov.scot

Post: Scottish Government, St Andrew’s House, Regent Road, Edinburgh EH1 3DG

 

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

 

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk
Online complaint form: ico.org.uk/make-a-complaint

 

Automated decision-making

The self-assessment tool uses automated processing to provide personalised recommendations based on your responses.

 

How it works:

  • You answer multiple-choice questions about your organisation’s current implementation across key equality and human rights drivers
  • Your responses are automatically scored (0-4 points per question)
  • The system calculates your overall score and implementation level (Pre-Foundation, Foundation, Development, or Advanced)
  • Based on your scores, the tool automatically recommends relevant actions and resources tailored to your needs
  • You can retake the assessment at any time to receive updated recommendations
  • The recommendations are guidance only and do not create binding obligations

 

Cookies and tracking

The Toolkit uses cookies to:

  • Essential cookies: For basic site functionality
  • Analytics cookies: To understand how the site is used and improve it
  • Accessibility cookies: To remember your accessibility preferences
  • Preference cookies: To remember your cookie choices

We do not use marketing, advertising, or social media cookies.

Cookie management is handled through an automated system that complies with data protection regulations. You’ll see a cookie notice when you first visit and can manage your preferences at any time.

 

Security measures

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it, including:

  • Secure data transmission and storage
  • Regular security monitoring and updates
  • Access controls and user permissions
  • Regular data backups stored securely in the UK
  • Protection against unauthorized access and cyber threats

 

Age restrictions

The Toolkit is a free public resource designed primarily for professional use by public sector staff. While there is no minimum age restriction for accessing the public content, we do not knowingly collect personal data from children under 13. The self-assessment tool and resource submission forms are intended for professional use and should be completed by individuals in relevant professional roles.

 

Changes to this policy

We may update this Privacy Policy periodically. Changes will be posted on this page with a revised “Last Updated” date. Significant changes will be communicated to users who have provided contact details with consent.

 

Civil Service Live 2026: Stay Connected sign-up

Who we are

We are the Mainstreaming Operational Delivery Team, Equality, Inclusion and Human Rights Directorate, Scottish Government. Our head office is located at:

Area 3H – North Victoria Quay Edinburgh EH6 6QQ Email: ehrmainstreamingtoolkit@gov.scot

What personal information do we collect and why do we need it?


We collect your name, organisation and email address. We need this information to send you updates, newsletters and resources about the Equality and Human Rights Mainstreaming Toolkit, including a follow-up email after Civil Service Live 2026 with links to explore the toolkit.

We also collect your job title. This is optional and helps us understand who is using the toolkit and how to improve our communications.

If you do not provide your email address, we will not be able to add you to the mailing list or send you updates.

What is our lawful basis?


The lawful basis under UK GDPR Article 6 being relied on to use your personal data is:

Article 6(1)(a) — Consent. You are providing your details voluntarily and indicating your agreement via a clearly worded consent tick box. You can withdraw your consent at any time by contacting ehrmainstreamingtoolkit@gov.scot or by unsubscribing from the mailing list.

What we do with your personal information?


We will use your details to:

  • Send you a follow-up email after Civil Service Live 2026 with links to the toolkit and related resources
  • Add you to the Equality and Human Rights Mainstreaming mailing list to receive future updates and newsletters
  • Understand who is engaging with the toolkit across the public sector (using anonymised and aggregated data only)

Your data will not be used for any other purpose and will not be shared with any third parties outside of Scottish Government, other than as set out below.

How do we keep your personal information secure and how long is kept for?


Your personal data will be held securely within Scottish Government systems, including Microsoft 365 (Scottish Government tenancy). It will not be transferred outside the UK.

Your data will be retained for as long as you remain subscribed to the toolkit mailing list. If you unsubscribe or withdraw consent, your data will be deleted within a reasonable time. The mailing list will be reviewed annually and inactive or unsubscribed contacts removed.

Paper sign-up sheets collected at Civil Service Live 2026 will be securely destroyed once your details have been entered into our system.

Who do we share your personal information with?


Your details will be passed to the Scottish Government team responsible for managing the Equality and Human Rights Mainstreaming Newsletter, solely for the purpose of adding you to the list and sending you updates.

We are legally obliged to share certain data with other public bodies where the law requires this. We will also comply with requests for specific information from regulatory and law enforcement bodies where legally required.

No international transfers of your data are anticipated. Your data will remain within the UK at all times.

What are your rights?


If you believe that the data, we hold is inaccurate or incomplete you can ask us to update our records.

You have a right of access to any personal data we hold about you by making a Subject Access Request (SAR).

You have the right to ask us to erase your personal data in certain circumstances.

You have the right to ask us to restrict the processing of your personal data in certain circumstances.

You have the right to object to the processing of your personal data in certain circumstances.

To exercise any of these rights, please contact: ehrmainstreamingtoolkit@gov.scot

To find out more about the rights you have over your personal data, please visit the ICO website Your data matters | ICO

Complaints


If you have concerns about the way we process and handle your personal data, in the first instance you should raise your concerns with our Data Protection Officer by email to DataProtectionOfficer@gov.scot

If you feel that your data has been collected or processed unlawfully, you have the right to raise a complaint with the Information Commissioners Office:

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk
You can also report any concerns online

Was this page helpful?

If you need help or support you can email us at ehrmainstreamingtoolkit@gov.scot

Was this page helpful?
Secret Link