Your right to privacy is a human right.

The Committee on the Rights of the Child is clear that this right still applies online, just like it does everywhere else. Its General Comment 25 details some of the ways in which your right to privacy might be affected online.

Read a clear explanation from the 5Rights Foundation of what General Comment 25 says.

Internet access is an essential part of the modern world, and it’s important that your right to privacy is fulfilled in a way that allows you to remain using online spaces. These are the steps we’ve taken – and are taking – to protect that right within our digital channels.

Cookies on our website

Our website uses cookies for various purposes.

Cookies are text files containing small amounts of information which are downloaded to your phone, computer or other device by websites that you visit.

When you first came to our website you’ll have been told it sets one cookie that’s essential for the site to function. This cookie’s called privacy-settings-cookie, and it’s needed to the privacy setting function on our website to work. It will remain on your device for a year.

You’ll also have been told it sets cookies from Open Analytics and Google Analytics to better allow us to understand how people use our site. You can choose to opt-out of setting this cookie on your device. These cookie’s called open-analytics-cookie and will remain on your device for 365 days.

Our website uses the third party service Open Web Analytics to collect information about the ways people behave when they use our site. Some of what that includes is:

  • the places on our site people visit, and how long they visit for,
  • how many people on our site are visiting from Scotland, and
  • how many people read our site on phones, and what kind of phones they use.

This information is then processed in a way that doesn’t identify anyone. We don’t make any attempt to try and find out who any of the individuals who use our site are.

Basis for processing

We rely on article 6(1)(f) of the GDPR to process data for analytics, which allows us to process personal data when it’s necessary for the purposes of our legitimate interests.

In this case, those interests are to improve how our site functions for our users, so that we’re better able to provide advice and information to our users.

Third party cookies

Some content on our website requires us to use the services of another organisation. For example, if we want to put a YouTube video on our website, we’ll need to use YouTube’s services in order to do that.

These other organisations are known as third parties, and often they set cookies of their own. These are known as third party cookies.

Whenever we use a third party service to help us display some content, a warning will appear saying that you’re about to give a third party some of your private information. There’ll be a link to that service’s privacy policy, so you can get an idea if you’re comfortable with providing this.

What our privacy warning looks like over an embedded YouTube video.

We don’t have control over third party cookies

It’s important to know that once you give your personal information to a third party, we can’t control what that third party does with it. They may take more information than you realise, use it in ways you haven’t thought of or give it to organisations you don’t want to have it. For these reasons, it’s important to know how third parties will use your information before you agree to give it to them.

Processing your personal information through web forms

Our website allows you to submit your personal information to us or to a third party for a few different reasons:

  • you can contact us over email using our contact forms. When you do this, your details are sent to our website, then automatically deleted once they’re forwarded to our email server.
  • you can opt into receiving our newsletter, which we send out through the third party Mailchimp. If you opt into our newsletter, then Mailchimp will store your details.

The ICO Age Appropriate Design Code

The Information Commissioner’s Office (ICO) has created an Age-Appropriate Design Code which organisations must keep to so that children’s privacy rights are respected.

Our office isn’t one of the organisations who’s expected to keep to the Code, but we want to do so anyway. The ICO’s Code is founded in the UN Convention of the Rights of the Child and has the best interests of children at its heart― so we think it’s appropriate that we should follow its recommendations.

That will involve:

  • Asking ourselves if our website always keeps the best interests of children as a primary consideration,
  • Making sure we have clear information on our website about potential risks around children’s data protection and privacy, in ways that are appropriate to all age groups,
  • Making sure we never nudge children and young people towards giving up their personal data,
  • Making sure children’s privacy and personal data are still protected on multi-user devices.