Contact Us

Data Protection Privacy Notice

1. Overview

The City of Edinburgh Council provides a range of digital content through our Learning Management systems. To deliver these products we need collect, store, use, share and dispose of personal information. This is known as data processing.  

When we collect personal data, we must tell you why we need it, and what we will do with it. This information is called a privacy notice.   

This privacy notice explains how we process your personal information for the purposes of providing digital content.  If this privacy notice changes in any way, we will place an updated version on this page. By regularly reviewing this page you will ensure that you are always aware of what information we collect, how we use it and under what circumstances, if any, we share it with others.  

In processing personal information, The City of Edinburgh Council must comply with the EU General Data Protection Regulation and the Data Protection Act 2018. We refer to this as data protection legislation.  

Data controller 

Data controllers are the organisations or individuals that determine how your personal information will be processed. By law, data controllers must pay a fee to register with the UK Information Commissioner who is the data protection regulator within the UK.  

The City of Edinburgh Council data controller registration number: Z5545409. 

2. Data Collection and personal data categories

The personal information we hold about you in relation to your learning history is collected in a variety of ways. We will collect information from you in paper and online forms, by telephone, and email. 

When we collect and process your personal information, we are committed to the principles set out in data protection legislation. 

Data protection principles  

We only collect information that we need  

We keep your personal information secure.  

We don’t keep your information for longer than we need to  

We tell you why we need your information and what we will do with it  

We collect accurate information and, where necessary, keep it up to date  

We don’t use your information for a different reason than the one we have told you about. The exception to this is if we must do so by law. 

Personal data categories 

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information will include, 

  • Email address 
  • First name and last name 
  • Telephone Number
  • Job location 
  • Job role 

Usage Data 

We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.  

Use of Data 

The City of Edinburgh Council uses the collected data for various purposes: 

  • To provide and maintain the Service 
  • To notify you about changes to our Service 
  • To allow you to participate in interactive features of our Service when you choose to do so 
  • To provide customer care and support 
  • To provide analysis or valuable information so that we can improve the Service 
  • To monitor the usage of the Service 
  • To detect, prevent and address technical issues 

3. Purpose of processing personal information

Processing personal information noted above allows the administration, documentation, tracking, reporting and delivery of educational courses or training programs or learning and development programs. 

Procedures are in place to ensure only authorised users have access to your data. 

On occasions, we may keep your personal information within the Council’s archives for evidential and historical reasons, or use it for research and statistical purposes.  

It will sometimes be necessary to process personal information to protect individuals from harm or injury, to prevent and detect crime, to comply with legal orders, and to provide information in accordance with a person’s rights.  

The Council will only process your personal information when it is lawful to do so. 

Reasons 

Data processed by the Council about digital learning is processed because:  

  • It is necessary as part of a contract 

Section 15 Part 8 of the Council’s Register of Processing sets out the Human Resources practice that involve the collection and use of personal information and the reason why we can process your information lawfully.  

If we require your permission to process your personal information, we will ask you. If you wish to withdraw your consent, you can do so through contacting the Council’s Information Rights Team. 

4. Information Sharing

We will only share your information with suppliers who have sufficient measures and procedures in place to protect your information and can meet their legal obligations under data protection legislation. These requirements will be set out in contracts or information sharing agreements.  

We will not share your information for marketing purposes. 

Details of transfers to third country and safeguards  

Your information will normally be stored and processed on servers based within the European Economic Area. While it may sometimes be necessary to transfer personal info overseas, any transfers will be in full compliance with data protection legislation. 

5. Retention periods and your rights

We will not keep your information for any longer than it is needed, and will dispose of records in a secure way. The length of time we need to keep information collected for essential learning varies and will depend on the purpose for which it is collected. The Council has a Record Retention Schedule which sets out how long we keep records and the reason why. 

You have rights under data protection legislation including: 

  • Right to be informed about how we collect and use your personal information through privacy notices such as this.  
  • Right to request information we hold about you. This is known as a subject access request and is free of charge. We must respond within one month, although this can be extended to three months if the information is complex.  
  • Right to rectification. You are entitled to have your information rectified if it is factually inaccurate or incomplete. We must respond to your request within one month. If we decide to take no action, we will tell you why and let you know about your right of complaint to the UK Information Commissioner.  
  • Right to erasure. You have the right to ask us to delete your information or stop using it. It will not always be possible for us to comply with your request, for example if we have a legal obligation to keep the information. If we decide to take no action, we will tell you why and let you know about your right of complaint to the UK Information Commissioner.  
  • Right to restrict processing. You have the right to restrict how your data is processed in certain circumstances, for example if the information is not accurate. If a restriction is applied, we can retain just enough information to ensure that the restriction is respected in future. If we decide to lift a restriction on processing we must tell you.  
  • Right to object. You can object to your information being used for profiling, direct marketing or research purposes.  
  • Right to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.  

6. Incidents, complaints and comments

Data Protection incident 

If you are concerned about what we do with your data, or think something has gone wrong, contact the Council’s Data Protection Officer to report a data protection incident. 

Complaints and comments 

If you wish to make a complaint or comment about how we have processed your personal information, you can do so by writing to the Council’s Data Protection Officer.  

If you are still unhappy with how the council have handled your complaint, you may contact  

UK Information Commissioner’s Office, Wycliffe House  

Water Lane, Wilmslow, Cheshire, SK9 5AF  

Tel: 08456 30 60 60 | Website: www.ico.gov.uk (external link) 

7. Data Protection Officer

The Council must appoint a Data Protection Officer to make sure it is complying with data protection legislation. The Council’s Data Protection Officer is: 

Kevin Willbraham, Information Governance and Strategic Complaints Manager  

Information Governance Unit, City of Edinburgh Council  

Waverley Court – 2.1, 4 East Market Street  

Edinburgh  

EH8 8BG  

E-mail: information.compliance@edinburgh.gov.uk  

Tel: 0131 469 6200 

© 2025 The City Of Edinburgh Council
Scroll to Top