NHS Health Scotland is a national NHS Board working to reduce health inequalities and improve health.

We fully respect your right to privacy when using our services. Here you will find details of our privacy practices and what we do to maintain your right to privacy.

What information do we collect about you?

We collect information about you and your organisation when you access any of our services online, by phone or in writing. We only collect the information we ask from you, that you give us and where required consent to it being processed for the purpose of providing NHS Health Scotland’s services.

How will we use the information we collect?

We process your information for the purpose of providing you with services from NHS Health Scotland. This includes some or all of the following:

  • Managing enquires, requests and complaints, you submit to us.
  • Providing opportunities to give us feedback on our products and services, to help us know what you need and improve our products and services appropriately.
  • Providing you with enewsletters you have opted in to receive.
  • Allowing you to subscribe and comment on our blog.
  • Conducting data and statistical analysis to monitor performance of our services and make improvements.

NHS Health Scotland may share complaints information with the relevant NHS board or Scottish Government department if the complaint or concern has been sent to us in error, or a joint response is required.

We may also disclose the information to a third party where we have a legal obligation to do so. NHS Health Scotland will not share with or sell your personal information to any other organisation.

How do we look after your information?

The information we collect about you and your organisation is stored securely in NHS Scotland systems hosted in the UK/EU.

If you subscribe to an enewsletter, your contact details are stored in PHP list hosted on a secure server by a third party in the UK/EU.

The website is hosted on a secure server by a third party in the UK/EU, and is maintained by NHS Health Scotland staff.

The principles of the General Data Protection Regulation (GDPR) require us to make sure your data is accurate, kept up-to-date and that we keep it for no longer than is necessary.

To meet these requirements

  • we will update your data or remove it from our systems at your request
  • we will include details of how to unsubscribe within any enewsletters you have signed up to receive
  • we will keep your data in line with NHSScotland data retention guidelines.

Website log files

Using our website will generate log files of your activity. These files do not capture personal information but do capture the user's IP address. We store these log files on a secure server.

We use Google Analytics to analyse these files regularly to monitor website usage and evaluate the effectiveness of our website. We do occasionally allow trusted partners and suppliers access to our Google Analytics. This information is not personally identifiable. For more information go to our Cookies page.

We make no attempt to identify individual users of this website, unless we suspect that unauthorised access to our systems is being attempted. We reserve the right to attempt to identify and track any individual who is reasonably suspected of trying to gain unauthorised access to computer systems or resources operating as part of NHS Health Scotland web services. As a condition of using this site, all users give permission for NHS Health Scotland to use its access logs to attempt to track users who are reasonably suspected of gaining, or attempting to gain, unauthorised access.

Your rights

You have the following rights: 

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

You can find more information about these rights on the Information Commissioner’s website.

Access to your information, changes, and complaints

To request a copy of the information that we hold about you, correct any information that is inaccurate, unsubscribe from our services, or withdraw your consent, you can contact us or write to us at

Duncan Robertson
Senior Policy, Risk and Data Protection Officer
NHS Health Scotland
Gyle Square
1 South Gyle Crescent
Edinburgh
EH12 9EB

For enquiries about NHS Health Scotland (the Data Controller) data protection practices, you can contact Duncan Robertson, NHS Health Scotland’s Senior Policy, Risk and Data Protection Officer by email at duncanrobertson@nhs.net or by phone on 0131 314 5436.

Should you wish to make a complaint about NHS Health Scotland’s collection or use of data, the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals is the Information Commissioner’s Office.