Public Data Protection Policy 0.1 February 2026

  1. Introduction

    1. This is a public NET Scotland document and summarises the main points of our Data Protection Policy - a full copy of our policy can be obtained on request

  1. We are a registered charity in Scotland no SC045840. Our principal office is NET Scotland, 142 West Nile Street, 3/1 Victoria Chambers, Glasgow, G1 2RQ

  1. The Data Protection Manager (DPM) for NET Scotland is John Coyle. He can be contacted at johncoyle@netscotland.org 

  1. The 6 data protection principles

    1. personal data shall be processed fairly, lawfully and in a transparent manner, and processing shall not be lawful unless one of the processing conditions can be met;

    2. personal data shall be collected for specific, explicit, and legitimate purposes, and shall not be further processed in a manner incompatible with those purposes;

    3. personal data shall be adequate, relevant, and limited to what is necessary for the purpose(s) for which it is being processed;

    4. personal data shall be accurate and, where necessary, kept up to date;

    5. personal data processed for any purpose(s) shall not be kept in a form that permits identification of individuals for longer than is necessary for that purpose/those purposes;

    6. personal data shall be processed in such a way that ensures appropriate security of the data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

  1. These are the principles that we follow. The rest of all our approaches on this is applying these. 

  1. What are the processing ‘conditions’ mentioned in point 1 above? Data can be processed if at least one of the following is true:

    1. The individual has given consent that is specific to the particular type of processing activity, and that consent is informed, unambiguous and freely given;

    2. The processing is necessary for the performance of a contract, to which the individual is a party, or is necessary for the purpose of taking steps with regard to entering into a contract with the individual, at their request;

    3. The processing is necessary for the performance of a legal obligation to which we are subject;

    4. The processing is necessary to protect the vital interests of the individual or another;

    5. The processing is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in us;

    6. The processing is necessary for a legitimate interest of the Charity or that of a third party, except where this interest is overridden by the rights and freedoms of the individual concerned.  More details of this are given in the Public Privacy Policy. 

  1. In the vast majority of cases we will rely on either condition 1 (consent) or condition 6 (legitimate interest)

Effective Date: 4th February 2026

Version:  0.1

Ownership: John Coyle

Approver: NET Management Committee

Date of Next Review: 30th November 2027

Purpose     

  • To ensure that NET Scotland adheres to the UK Data Protection regulations