Transparency

Purpose of this Policy

The Northern Lighthouse Board is required by law to explain how and why we use cookies, and to seek your express permission to store and retrieve data about your browsing. In order to fulfil this requirement we draw your attention to this, our cookie policy when you first visit our home page.

What is a Cookie?

A cookie is created at the request of the website a user is viewing. The website requests that the web browser create a ‘text file’ containing a small amount of information, which it can then access whilst you are viewing the website. The information is usually to provide some functionality such as a shopping cart or to enhance the users experience on the site. You can read these ’text files’ using the Notebook program on your own PC.

The information saved usually contains the name of the cookie, and a value (which can be numbers or text). Other information can also be includes such as the domain the cookie is for (e.g. Northern Lighthouse Board), the path/page and the cookie expiry date and time. Many however, contain only two pieces of information: a site name and unique user ID, although this does vary.

Purpose

These small text files, placed on your computer by websites that you visit and are widely used in order to make the websites work, or to work more efficiently, as well as to provide information to the owners of the site. When you request another page from the server, your browser sends the cookie back to the server. These files typically contain information about your visit to the web page, as well as any information you’ve volunteered, such as your name and interests.

Cookies may, as we do on our On-line Shop, be used to record any personal information you enter, as well as any items in your electronic shopping cart, so that you don’t need to re-enter this information each time you visit the site.

Security

Accepting a cookie does not give a server access to your computer or any of your personal information (except for any information that you may have purposely given, as with online shopping). Under normal circumstances, it is not possible to execute code from a cookie, or to use a cookie to deliver a virus. Cookies cannot transfer viruses or malware to your computer because the data in a cookie doesn’t change when it travels back and forth, it therefore has no way to affect how your computer runs. Additionally, web servers can use only information that you provide or choices that you make while visiting the website as content in cookies.

To find out more about Cookies, please visit the following websites:
aboutcookies.org.uk
allaboutcookies.org/ 

Managing cookies in order to protect your privacy online

You have the ability to manage the use of cookies on your PC and mobile devices, the instructions for how to do so vary depending upon the browser you are using.

If you use more than one browser on your device you will need to manage the settings for each individual browser. Instructions for accessing the settings for the 5 most popular browsers are as follows:

1. Open your browser
   Cookies are stored in your web browser. Popular browsers include Firefox, Chrome, Edge, Safari, and Internet Explorer.
2. Locate where cookies are stored
   Each browser manages cookies in a different location. For example, in Internet Explorer, you can find them by clicking “Tools” and then “Internet Options.” From there, select “General” and “Browsing history” and “Settings.” In Chrome, choose “Preferences” from the Chrome menu in the navigation bar, which will display your settings. Then expand the “Advanced” option to display “Privacy and security.” From there, open “Content settings” and “Cookies.”
3. Manage your cookies
   Every browser provides a range of options for enabling or deleting cookies. Internet Explorer, for instance, allows you to manage cookies under “Privacy” and “Advanced.” In Chrome, find where cookies are stored as outlined above, then select your management options under “Cookies.” Banning all browser cookies could make some websites difficult to navigate. However, a setting that controls or limits third-party and tracking cookies can help protect your privacy while still making it possible to shop online and carry out similar activities.

Cookies we use on our website

Google Analytics

• __utma
• __utmb
• __utmc (expires end of session)
• __utmt
• __utmz

We use these cookies to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

WordPress Cookies

wordpress_test_cookie

WordPress only uses cookies for registered users (people logging into admin, subscribed to posts etc.). This applies to NLB staff logging in to admin etc. but not the general public. This is a session cookie, deleted when you close your web browser. WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.

Google Maps

Please note that ‘Gmaps’ has changed and no longer requires cookies. We now use the non-cookie, newer version.

The information below explains the cookies and when we use on our website. Additional Cookies we use on our online shop:

Jetpack plugin

tk_or
tk_lr
These gather internal metrics for user activity used for analysis of user activity, used to improve user experience.

Woocommerce

wp_woocommerce_session_
This contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. This will stay on your device for two days.

eucookielaw
This allows us to inform users that our WordPress website has cookies, to comply with european regulations and legislation.

redux_blast
This does not impact users, it is needed for the visual theme to correctly render the website.

 

Please contact us if you have any questions about this Cookie Policy:
E: enquiries@nlb.org.uk

“Northern Lighthouse Board (NLB)” and the NLB logo (and any of the foregoing used in any combination), product names and all page headers, footers and icons are trademarks or registered trademarks of the Northern Lighthouse Board. All other product names, Company names and logos mentioned are the trademarks of their respective owners.

Certain links in this website may lead to resources or information maintained by third parties over whom NLB has no control. NLB makes no representations or warranties as to the accuracy of, or any other aspect relating to those resources.

The contents of Our Website are protected by international copyright laws and other intellectual property rights. The owner of these rights is NLB, its affiliates or other third party licensors. All product and company names and logos mentioned in Our Website are the trade marks, service marks or trading names of their respective owners, including us.  You may download material from Our Website for the sole purpose of placing an order with NLB or using Our Website as a shopping resource. However, you may not modify, copy, reproduce, republish, upload, post, transmit or distribute, by any means or in any manner, any material or information on or downloaded from Our Website including but not limited to text, graphics, video, messages, code and/or software without our prior written consent, except where expressly invited to do so, for example in order to complete any test or questionnaire.

Requests for permission to use our trademarks or to make use of any copyright material should be directed to:

Communications Officer
Northern Lighthouse Board
84 George Street
Edinburgh
EH2 3DA
T: 0131 473 3100
E: enquiries@nlb.org.uk

The Freedom of Information (FOI) Act 2000 aims to make information held by public authorities more accessible to the public, and gives a general right of access to all types of recorded information. The FOI Act places two main duties on public authorities:

• to adopt and maintain a publication scheme setting out the classes of information the authority publishes; and
• to respond to individual requests for information

In addition, the Environmental Information Regulations 2014 provide access to environmental information. Both the FOI Act and the EIRs are enforced by the Information Commissioner.

The Freedom of Information Act 2000, Freedom of Information (Scotland) Act 2002, the Environmental Information Regulations 2014, Environmental Information Regulations (Scotland) 2014 , Re-use of Public Sector Information Regulations 2015 and  the Data Protection Act 2018 all confer rights to see or receive information.  The Freedom of Information Act provides rights to see official recorded information held by public authorities.  The Data Protection Act provides the right to see your personal information held by organisations, and includes both the public and private sector.

Under legislation and regulations, which covers only public authorities, anybody, anywhere in the world, has a right to access official information and they do not have to indicate why they want the information. When individuals exercise this right under the Freedom of Information Act 2000 this is referred to as an FOI Request, under Environmental Information Regulations 2004 it is referred to as an EIR Our default position is that we should provide information requested, there are however exemptions.  An applicant is also entitled to be informed in writing as to whether the information is held and to have the information communicated to them or provided with an explanation why this is not being done.

Our default response should be Full Disclosure wherever possible with the data provided conforming to the principles within the Re-use of Public Sector Information Regulations 2015 as laid down it the ICO Guide to Re-use of Public Sector Information Regulations 2015 (PDF)

There are however exemptions with the legislation/regulation that must be considered before issuing a reply.

Our publication scheme as summarised below provides access to previously complete FOI and EIR requests.

Guide to the Northern Lighthouse Board Publication Scheme

The Freedom of Information Act 2000 requires the Northern Lighthouse Board to adopt, maintain, publish and review from time to time a publication scheme. Our publication scheme has been developed under the requirements of the Freedom of Information Act 2000 and has been agreed by the Information Commissioner. Please note we are currently reviewing our Publication Scheme. The required Information is grouped as follows and is also available to download as a PDF. NLB Publication Scheme (PDF)

Who we are and what we do

Financial Information, NLB Report & Accounts and our Suppliers details are contained within the Publications, policies and guides sections of this website.

What we spend and how we spend it

This section provides Financial Information, NLB Report & Accounts and our Suppliers details are contained within the Background, Funding and Supplying NLB sections of this website.

Our plans, priorities, policies and procedures

You can find our objectives, plans for our service provision for the future, our current policies within the Publications, policies and guides  sections of this website together with other reports we publish such as the performance of our Aids to Navigation.

Please contact us for copies of:

• Organisation and Business System Manual
• QHSE Policy

How we make decisions

Committee membership, dates of Committee meetings and minutes of meetings can be found within the Commissioners and Board Business section of this website.

Transparency Data published elsewhere

Some transparency data is published on the GOV.UK website on behalf of NLB, by the Department for Transport (DfT). You can access this data via the following links:

Explanations of our internal structures, referring to functions and how the structure relates to the roles and responsibilities (PDF)

Details of authority contracts and tenders worth over £10,000 (PDF)

Pay and grading structures (PDF)

Lists and registers

For information held in registers required by law, and other lists and registers relating to the functions of the authority please write to:

The Compliance Officer
Northern Lighthouse Board
84 George Street
Edinburgh
EH2 3DA

E: FOIenquiries@nlb.org.uk

The services we offer

Information on some of the services we provide can be found in the following section of the website.

• Commercial Services

Making a Freedom of Information (FOI) Request

If you are looking for information not contained in our publication scheme you can make a request to:

The Compliance Officer
Northern Lighthouse Board
84 George Street
Edinburgh
EH2 3DA

E: FOIenquiries@nlb.org.uk

Requests for information must be made in writing (for example, letter, fax or email). Please state your name and the address for correspondence, and describe clearly the information requested.

When responding to requests for information, there are procedural requirements set out in the FOI Act which public authorities must follow. There are also valid reasons for withholding information, which are known as exemptions. We aim to reply to you promptly and are obliged to provide a response within 20 working days.

Our responses to FOI requests

The Disclosure Log below contains a list of our FOI and EIR requests where some or all of the requested information was disclosed to the applicant.

FOI and EIR disclosure log July 2023 (PDF)

In line with Department for Transport arrangements, the Northern Lighthouse Board does not routinely publish FOI replies, instead we provide copies on request. This is due to:

• the fact that copies of FOI responses are infrequently accessed and rarely requested (only once in the last two years)
• the overhead cost in preparing the material for publication
• the cost of maintaining the material on the website
• FOI information requested and provided is frequently transitory and would only contain up to date information at the time the reply was provided

To request a copy of a specific response, please  email FOIenquiries@nlb.org.uk providing the FOI reference number from the published list.

If you ask for information available in our publication scheme to be provided in paper format it may be necessary to make a charge. Each case is considered separately. For example, if a large amount of photocopying is required or if the cost of posting a large volume of paperwork is high. You will be advised in advance of the reason for the charge and the cost itself.

Complaints and Escalations

Should you have any enquiries or are dissatisfied with the content of this page or our approach to Transparency please contact us, clearly marking the communication  FAO the  ‘Director of Business Services’, at:

Northern Lighthouse Board
84 George Street
Edinburgh
EH2 3DA

E: enquiries@nlb.org.uk

If following conclusion of the enquiry you are still dissatisfied and wish escalate your issue or make a complaint, you should write to the Information Commissioner, the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. They can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

www.ico.gov.uk

 

This Guide plays an essential part in the corporate governance of the Northern Lighthouse Board (NLB) and as such should be seen as a primary reference source for both those serving as Commissioners of Northern Lighthouses and NLB staff members.

NLB Guide to Governance – October 2019

In the normal course of our work we do not routinely process data in respect of children.  We don’t provide or plan to provide services directly to children, or to proactively collect their personal information.

Children may visit NLB premises under the control of parents, guardians or teachers for special events such as Open Doors, Carol Services and Christmas Parties, or for educational purposes through work experience programmes or our outreach Programme.  NLB staff may also visit schools under the outreach programme.  Photographs are often taken at these events and subsequently used on the lawful basis of Legitimate Interest.

For outreach events, a Privacy Statement will be provided to the school. As long as the school has agreed, and the children and/or their guardians are made aware by the schools that photographs of those attending the events may appear in one of our publications, this will not breach current UK legislation. Where a school raises any objections photographs are not taken.

Where data is collected in relation to a schools competition, the Terms & Conditions will make clear that  photos and videos may be taken of some or all of the children involved, and explain the context in which the images will be used.  The schools involved are required to ensure that parents are also made aware.

Images recorded at special events may be used for journalistic purposes within NLB publications such as the Journal,  on our website or our social media platforms fairly and lawfully without causing unwarranted harm or intrusion to the data subjects. When we publish images of children as part of an article we won’t include personal details such as names unless explicit Consent has been given by a parent or a guardian. These images are processed under our legitimate interest of providing information and education on the role of the NLB.

Personal Data and Risk Assessment documentation in relation to work experience activities are stored within HR and governed by normal HR rules.  Privacy Statements are provided to the school or parent/guardian depending on the circumstances of set up of the work experience.

The policy is designed to ensure that the responsible adults are aware that photos and videos are being taken and the context in which the images may be used.

As the General Lighthouse Authority for Scotland and the Isle of Man, the NLB has responsibility, subject to certain provisions, for the superintendence and management of “all lighthouses, buoys and beacons” throughout Scotland and the Isle of Man including “the adjacent seas and islands..” within and beyond territorial waters. Our head office is at 84 George Street, Edinburgh EH2 3DA.

We take seriously our responsibilities in respect of the protection of your privacy and confidentiality and hope that you will reciprocate. This document outlines the standards you can expect when we ask for, hold, or otherwise process your information. It sets out the conditions under which we may process any information that we collect from you, about you, or that you provide to us. It covers both information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information. It also covers what we ask of you, to help us keep information up to date.

We use personal information for a wide range of purposes, to enable us to carry out our functions as a government department. These include:

• verifying your identity for security purposes
• maintaining our accounts and records
• selling of products to you through our website
• consideration and investigation of complaints
• answering queries, Freedom of Information Act 2000 requests and Environmental Information Regulations 2004 requests
• undertaking research
• provision of education or training
• provision of The Journal or on-line articles through Social Media
• property management
• corporate administration
• support and management of our staff
• licensing, enforcement and regulatory duties
• crime prevention and prosecution of offenders

What is personal data?

Personal data is any information relating to an identified or identifiable natural living person, otherwise known as a ‘data subject’. A data subject is someone who can be recognised, directly or indirectly, by information such as a name, an identification number, location data, an online identifier, or data relating to their physical, physiological, genetic, mental, economic, cultural, or social identity. These types of identifying information are known as ‘personal data’. Data protection law applies to the processing of personal data, including its collection, use and storage.

Your privacy

We know how important it is to protect your privacy and comply with data protection law. If we need to collect, store or otherwise use your personal information, we will:

• have a lawful basis for doing so, and only ask for what we need
• do so in a fair and transparent way, letting you know why we need your information and how we will use it
• use it in the way we said we would and not in any way you wouldn’t expect without consulting you
• ensure that we don’t keep more than we need, for longer than we need
• make sure it is accurate and up-to-date where appropriate
• make sure nobody has access to it who shouldn’t
• ensure that it is kept safe and secure

What allows NLB to process your personal data

To process personal data, we need to meet one of the following conditions (or lawful bases):

• Consent – freely given consent where it is explicit, as to what you are consenting to and clear how you can withdraw your consent. Sometimes however you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.
• Contract – processing is necessary for a contract you have entered or intend to enter into with us
• Legal Obligation – processing is necessary to meet a legal obligation such as collecting income tax
• Vital Interests – processing is necessary to protect someone’s life
• Public Task – processing is necessary in respect of the exercise of our official authority Under Section 193 of the Merchant Shipping Act 1995.
• Legitimate Interests – The processing of other data not directly associated with the functions of the NLB but required to enable the organisation to function within its obligations under wider legislation and its’ Duty of Care responsibilities. It also applies within NLB for such areas as managing the subscription list for the Journal.

There are further requirements for processing more sensitive, or ‘special category’, personal data.

The lawful basis that we rely on to process your personal data will determine which rights are available to you. Much of the processing we do in NLB will be necessary to perform our duties under our Public Task or to meet our Legal Obligations. If we hold personal data about you in different parts of NLB for different purposes, then the legal basis we rely on in each case may not be the same.

Your rights

The General Data Protction Rights 2016 (GDPR) sets out a number of rights which individuals have over their personal data, allowing you to request copies of your personal data or, in certain circumstances, to have it deleted or modified. These rights are explained on the Information Commissioner’s Office website. NLB will ensure that we uphold your rights to the extent that they apply to the way in which we process your personal data. Below we have explained those rights that are most likely to be relevant to the ways in which NLB, as a public authority, process personal data.

The right to be informed

The right to be informed is a key part of the transparency requirements of data protection law. It includes various categories of information which would normally be provided in what is known as a ‘privacy information notice’. Where you give us your data directly, you will see a privacy notice from us which will tell you, or provide you with a link to information on:

• how to contact our Data Protection Officer
• the purpose and legal basis for processing (including details of the legitimate interests where that is the basis)
• where relevant, the categories of recipients with whom the data has been or will be shared, including information about transfers to a third country and the protective safeguards in place where that happens
• how long it will be kept for or the criteria used to determine the retention period
• the rights to which you are entitled and the right to withdraw consent where that is the legal basis for processing
• how to complain
• whether providing personal data is a contractual or statutory requirement, and if so the possible consequences of not providing it

Please note, NLB does not undertake any automated decision making.

Right of access

You can request copies of the personal data that we hold about you at any time by making a written subject access request (SAR). Before we can act on your request, you will need to supply proof of your identity. Please be as specific as you can about the information you want and, if it isn’t obvious, explain why you expect us to hold your personal data.

We will usually respond to subject access requests within one month of receipt, but may take up to 2 months in the case of complex and/or numerous requests. We will let you know when you can expect to receive a response, or if we will be unable to provide you with one.

There is no fee for making a subject access request, but charges may be incurred where someone asks for further copies of information, which they have already received, or in exceptional circumstances such as where a request is clearly unfounded, excessive or repetitive. In such cases, we may also refuse to answer the request. We will advise you of your right to complain to the Information Commissioner or to seek a judicial remedy.

If you would like to make a subject access request, please email enquiries@nlb.org.uk

Staff or former staff should email HR@nlb.org.uk

Right to object

In certain circumstances, you have the right to object to us processing your personal data. Your objection must be based on your particular situation, and can only be considered where the processing is:

• based on either the legitimate interests or public task condition
• for scientific and/or historical research and statistics purposes, unless the processing is in the public interest

We will consider your objection and unless we are able to provide you with compelling reasons for the processing to continue, or the processing relates to legal claims, we will arrange for the processing to stop.

Other rights

Other rights you may have are: a right to rectification if your personal data is inaccurate, a right to erasure, a right to restrict processing, a right to data portability, and rights in relation to automated decision making.

Whilst these rights are unlikely to apply to the kind of processing that NLB routinely carries out, if you think they may apply and want to know more, please refer to the Information Commissioner’s Office website. Any request you make to us to exercise these rights will receive appropriate consideration, within the timescales required by data protection law.

How we use your data

We use personal information for a wide range of purposes, to enable us to carry out our functions as a government Arm’s Length Body (ALB) of a department. These include:

• verifying your identity for security purposes
• maintaining our accounts and records
• selling of products to you through our website
• consideration and investigation of complaints
• answering queries, Freedom of Information Act 2000 requests and Environmental Information Regulations 2004 requests
• undertaking research
• provision of education or training
• provision of The Journal or on-line articles through Social Media
• property management
• corporate administration
• support and management of our staff
• licensing, enforcement and regulatory duties
• crime prevention and prosecution of offenders

When we share information

We may share personal data within our organisation or with other bodies where we are permitted to do so by law. There are some cases where we can pass on your data without telling you – for example, to prevent or detect crime, or in order to produce anonymised statistics. In all cases, whether data is shared internally or externally, we will be governed by data protection law.

A small proportion of our records are transferred to The National Records Scotland, in line with legal obligations for the collection, disposal and preservation of records in the public interest.

Correspondence

When you write to the NLB, we will look after any personal information you disclose to us and use it only as necessary to provide you with an answer. This will be in accordance with our task as a government department ALB to be accountable and transparent about the functions and policies that we are responsible for.

Where your correspondence relates to a policy area or issue for which another public body has responsibility, it will in most cases be passed to them to respond to you. We will let you know when this happens. Except as explained here, your correspondence will not be shared outside NLB without your consent.

In the case of requests for information that are handled under the Freedom of Information Act 2000 or Environmental Information Regulations 2004, NLB will use your personal data as necessary to comply with those laws. We may need to consult with other government departments and ALBs where a coordinated response is required. Where an information request would be more appropriately directed to another organisation, our response will advise you where it should be sent, but the request will not be forwarded. When, in some circumstances, it is necessary to share information requests with third parties for consultation, any information that identifies you will not be shared.

A record of your correspondence will be held by us for at least 3 years and then, under normal circumstances, deleted. It will only be kept for longer where it is necessary in connection with an ongoing issue.

Distribution lists

NLB maintains a number of distribution lists to communicate with its stakeholders. In most cases this is to enable us to function efficiently as an ALB of a government department. In some cases, where the use of a distribution list does not relate to the performance of our tasks, we may use it as necessary for our legitimate interests. In such cases, we have had regard to the rights and freedoms of those whose names are included on the list. Each list will be used only for the purpose that the individuals on the list were informed about at the time their information was collected by us.

CCTV

CCTV footage of the interior and some exterior areas of NLB buildings and bases is undertaken in the legitimate interest of ensuring the integrity and safety of staff, visitors, and of buildings, contents and the facilities within them.

Please see our CCTV Policy (PDF)

Video and photographic records may be made, particularly at special events and used for journalistic purposes within NLB publications such as The Journal, and on our website fairly and lawfully without causing unwarranted harm or intrusion to the data subjects. These are processed under our legitimate interest of providing information and education on the role of the NLB.

Under normal circumstances CCTV footage will be retained for 30 days, Visitor Books are retained for 12 months from the date that they are filled, after which time the data will be appropriately disposed of. However, where the information is deemed worthy of archiving in the public interest, the data will be processed to secure the permanent availability of recorded memory.

Imagery required for investigative or evidential purposes may be retained beyond 30 days and is securely disposed of upon completion/conclusion of the purpose for which it has been retained.

Filming and Photography

NLB uses film and photographs to illustrate the work that we do, to support and promote policy in the public interest. We film individuals in non-intrusive ways where possible. If you have any concerns about appearing in any footage, please speak to a member of the film crew at the time or contact enquiries@nlb.org.uk.

We also take photographs to illustrate our work in our official publications and on our social media channels. We aim to avoid using images which could identify members of the public. If you are concerned about a picture of you that we have used in one of our publications contact us at enquiries@nlb.org.uk.

Privacy by design

Where we introduce new technologies, policies or processes, we will ensure that your privacy is considered from the outset, and where beneficial will carry out a Data Protection Impact Assessment (DPIA).

We will always carry out a DPIA where we use new technologies or consider there is a high risk to your rights and freedoms. Where an assessment identifies risks that cannot be satisfactorily reduced or avoided, our Data Protection Officer will seek advice from the Information Commissioner to help us find the best solution.

The steps we take to keep your data secure

We take information security seriously and will protect your personal data from unauthorised access, accidental loss, destruction and damage. We carry out regular reviews and audits to ensure that our methods of collecting, holding and processing personal data meet the government’s security standards and industry good practice. We will only transfer your personal data overseas where appropriate safeguards are in place to protect it. The cross-government security policy framework sets out the government’s approach to protective security.

The training and guidance we give to our staff

All of our staff are trained in the importance of protecting personal and other sensitive information. In line with government policy all those who routinely access personal data as part of their jobs are expected to undertake more in depth training.

Managers who have formal responsibilities for large datasets, for example as information asset owners, will also receive additional training so that they have a clear understanding of what they need to do to keep the data under their control safe and secure.

Data breach notification

NLB does everything it can to keep your personal data secure. But if, despite this, a breach occurs which creates a risk to your rights and freedoms (for example, financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), we will ensure that the Information Commissioner’s Office is informed without delay, and in any event within 72 hours after we have become aware of it.

Where we assess that there is a high risk to you, we will ensure that you are notified without undue delay. The information we will provide to you will include:

• the contact details of NLB Data Protection Officer
• the likely consequences of the breach
• details of the measures already taken or planned to address the breach including any steps taken to mitigate potential damaging effects

Requests under the Freedom of information Act (FOIA)

When we receive an FOIA request, we record all the information you have given to us. We use that information to answer your request.

If your request means we need to contact some other person or organisation, we may decide to give some of the information contained in your request to that other person or organisation. We do this as infrequently as possible, but it is ultimately our decision as to whether we give the information, and if we do, what that information is.

We may use the information to provide periodic reports to management. We may also compile statistics showing information obtained from this source to assess the level of service we provide, but we will never do this in a way that could identify you or any other person.

For more information, please see our Freedom of Information policy.

Personal identifiers from your browsing activity

We record:

• Requests by your web browser to our servers for web pages and other content on our website
• Your geographical location
• Your Internet service provider
• Your IP address.
• Information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.

We use this information via an internet analysis toolset to assess the popularity of the webpages on our website and how we perform in providing content to you.

Personal Data is also processed through the website when:

• making a purchase through the on-line shop
• using the Contact page to send a communication to NLB

If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website. For more information, please see our cookie policy.

Our twitter feed is also displayed on the website. Tweets will not be deleted by NLB, however, we reserve the right to block offensive or inappropriate content.

How to make a complaint

If you are unhappy with the content of this notice or the way your personal data has been handled, you may make a complaint to NLB who will investigate and try to resolve the issues raised. If you wish to make a complaint please contact:

Director of Business Services
Northern Lighthouse Board
84 George Street
Edinburgh EH2 3DA

E: enquiries@nlb.org.uk

If your complaint means we need to contact another person, we may decide to give some of the information in your complaint to that other person. We do this as infrequently as possible, but it is ultimately our decision as to whether we give the information, and if we do, what that information is.

We may use the information to provide periodic reports to management. We may also compile statistics showing information obtained from this source to assess the level of service we provide, but we will never do this in a way that could identify you or any other person.

We will acknowledge your complaint within 5 working days and send you a full response within 20 working days. If we can’t respond fully in this time, we will write and let you know why and tell you when you should get a full response.

If following the complaint resolution by NLB you still consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

T: 0303 123 1113
E: casework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Our Data Protection Officer

NLB is registered with the Office of the Data Commissioner (ICO) as a Data Controller (Registration Number Z5564485). It is also a public authority under the Freedom of Information Act 2000. Confirmation of our current registration can be obtained via the ICO website – Registration Page and searching on our Registration Number (Z5564485).

Our Data Protection Officer advises NLB how to comply with data protection law, monitors and promotes compliance, for example by providing advice on Data Protection Impact Assessments (DPIA), and arranging audits and staff training. They act as your first point of contact, and lead on any communications with the Information Commissioner’s Office.

Our Data Protection Retention policy (available on request) explains this more fully.

If you have any questions regarding this Privacy Notice, please contact our Data Protection Officer by writing to the address below:

Trish Donaldson
Data Protection Officer
Northern Lighthouse Board
84 George Street,
Edinburgh EH2 3DA
E: enquiries@nlb.org.uk

1. Your data

1.1 Purpose
The purpose for which we are processing your personal data is to maintain records of the details of visitors to our buildings and of any vehicles parked on the Northern Lighthouse Board estate. This is used to maintain the integrity and security of those buildings and of the assets contained within.

1.2 The data
We will process the following personal data:
• names
• contact details provided
• host name
• visitor’s organisation
• visits (date & time)
• static photographic images
• moving imagery via CCTV or other video devices
• vehicle details (if applicable)

1.3 Legal basis of processing
The legal basis for processing your personal data is that it is in our legitimate interests to ensure the safety of our people, our visitors, our buildings and their environs.

Specifically CCTV footage of the interior and some exterior areas of NLB buildings and bases is undertaken in the legitimate interest of ensuring the integrity and safety of staff, visitors, and of buildings, contents and the facilities within them.

Video and photographic records may be made, particularly at special events and used for journalistic purposes within NLB publications such as The Journal, and on our website fairly and lawfully without causing unwarranted harm or intrusion to the data subjects. These are processed under our legitimate interest of providing information and education on the role of the NLB.

1.4 Recipients
Your personal data will be not be shared with organisations other than Police and /or Security Services where the information is required by law, and with National Records Scotland where much of our archive material is stored.

1.5 Retention
Under normal circumstances CCTV footage will be retained for 30 days, Visitor Books are retained for 12 months from the date that they are filled, after which time the data will be appropriately disposed of. However where the information is deemed worthy of archiving in the public interest, the data will be processed to secure the permanent availability of recorded memory.
Imagery required for investigative or evidential purposes may be retained beyond 30 days and is securely disposed of upon completion/conclusion of the purpose for which it has been retained.

2. Your rights

Every citizen of the EU has, in respect to personal data held or used has the following rights:

• to be informed-your rights and information being used, how & for how long
• to access your personal data, that is to see it
• to rectification, to correct it if in error or incomplete
• to have it erased, under certain conditions
• to restrict processing that is the right to prevent processing of your data
• to data portability-ability to share the information with other organisations
• to object-to information use
• Rights regarding automated decision making and profiling

For more information, download a copy of A Guide to Your Legal Rights to Privacy

3. Data Storage

This information is securely stored on NLB servers within the United Kingdom.

4. Complaints

If you are unhappy with the content of this notice or about the way your personal data has been handled, you may make a complaint to the NLB who will investigate and try to resolve the issues raised. If you wish to make a complaint please contact:

Director of Business Services
Northern Lighthouse Board
84 George Street
Edinburgh
EH2 3DA

E: enquiries@nlb.org.uk

If following the complaint resolution by NLB you still consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

T: 0303 123 1113
E: casework@ico.org.uk
www.ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

5. Contact details

The data controller for your personal data is the Northern Lighthouse Board. The contact details for the data controller are:

Director of Business Services
Northern Lighthouse Board
84 George Street
Edinburgh
EH2 3DA

E: enquiries@nlb.org.uk

The contact details for the data controller’s Data Protection Officer are:

Trish Donaldson
Data Protection Officer
84 George Street
Edinburgh
EH2 3DA
E: TrishD@nlb.org.uk

The Data Protection Officer provides independent advice and monitoring of the Northern Lighthouse Board’s use of personal information.

 

Our website is designed to be used for non-commercial purposes only. In particular, this limited licence does not permit you to incorporate any material from this web site in any other work, publications or web site either of your own or belonging to any third party without the prior consent of the Northern Lighthouse Board (NLB).

The site is intended to provide general information on a particular subject or subjects and is not an exhaustive treatment of such subject(s). Accordingly, the information in this Website is not intended to constitute any legal, consultative or other professional advice, service or contract in any way.

The website and the information contained herein is provided “as is”, and NLB makes no express or implied representations or warranties regarding this website or the information in it. Without limiting the foregoing, NLB does not warrant that the website or information in it will be error-free or will meet any particular criteria of performance or quality. NLB expressly disclaims all implied warranties, including, without limitation, warranties of merchantability, title, fitness for a particular purpose, non-infringement, compatibility, security and accuracy.

Your use of this website and information in it is at your own risk. You assume full responsibility and risk of loss resulting from the use of this website or information in it. None of NLB or its affiliates, or any partners, principals, stockholders or employees of any thereof will be liable for any special, indirect, incidental, consequential or punitive damages or any other damages whatsoever, whether in an action of contract, statute, tort (including, without limitation, negligence) or otherwise, relating to the use of this website or information contained in it.

We have used all reasonable endeavours to ensure that our Website complies with UK laws. However, we make no representations that the materials on our Website are appropriate or available for use in locations outside the UK. Those who visit our Website from other locations do so on their own initiative and are responsible for compliance with all applicable laws. If use of our Website and/or viewing of it, or use of any material or content on Our Website or services, or products offered through Our Website are contrary to or infringe any applicable law in your jurisdiction(s), you are not authorised to view or use Our Website and you must exit immediately.

If any of the foregoing is not fully enforceable for any reason, the remainder shall nonetheless continue to apply.