Data Protection Authorisation - Your Legal Rights

It is important that you read and consider the information below carefully before giving us authorisation to manage and process your data.

The Data Protection Act 2018 and the General Data Protection Regulation (GDPR) establish your legal right to control: what information you chose to share with us; how we use and process that information and what information you chose to have on record.  Citizens Advice Edinburgh will take responsibility for ensuring that any data you share with us is kept safe and secure and is held for no longer than is absolutely necessary.

In order to provide you with the best possible service, we will ask you to share personal and sometimes sensitive information, so that we have a good understanding of your circumstances and can give you the right advice. We will also maintain a record of your contact, which may contain sensitive personal data, often referred to as “Special Category Data”.

Sensitive personal data includes information relating to: race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, genetics, biometric data (where used for identification purposes) sexuality, commission or alleged commission of an offence or anything else you consider to be particularly sensitive.

Citizens Advice Edinburgh will use your data for 2 purposes:   

1. To provide you with the advice and information you require at your chosen point of contact and for the organisation and our external auditors to undertake quality assurance of that advice, including asking for your feedback on our services.   

2. To monitor the issues that are impacting on the lives of people locally and lobby for changes to legislation and social policy that will improve people’s circumstances and help address common problems.   

For these purposes: The Scottish Association of Citizens Advice Bureau (Citizens Advice Scotland) and its members and; the Scottish National Standards for Information and Advice Providers Auditors, will also have access to this information.  CAS will be a joint Data Controller.   

Some personal information may also be held by platforms we use to help you engage with our services. 

You can ask to see your records at any time and you can ask that we destroy your records if you no longer want us to hold that information.  Otherwise, we will retain your records for no more than 7 years and only for the purposes outlined above.  By law, we would have to establish a specific lawful basis, if we needed to retain your records for any longer.

Please see and download our full Data Protection Authorisation form