Data sharing

We will share Personal Data with third parties where we are required by law or where we have another lawful basis for doing so.

While we would not normally transfer data outside the EU, in exceptional circumstances where this is the case all personal data will be provided with adequate protection and transferred lawfully. Where we transfer personal data outside the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.

We will also share Personal Data with third-party service providers. For example, we use third parties to provide:

  • IT and cloud services
  • Professional advisory services
  • Administration services
  • Credit reference agencies and debt collection agencies
  • Translation and interpretation services.

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

If you are part of our supply chain your information may be shared with:

  • Individuals involved in the procurement exercise or in the evaluation including individuals from other public sector bodies participating in the evaluation of bids, consultants or expert advisers involved in the tender exercise.

We sometimes need to share the personal information we process with other organisations. When this is necessary, we will comply with all aspects of the relevant data protection laws. The organisations we may share your personal information with include:

  • The police and other law enforcement agencies, HMRC and other government bodies where it is necessary to do so for the purpose of administering legal aid, or where we have a legal or regulatory obligation to do so.
  • Relevant regulators, including the Information Commissioner's Office in the event of a personal data breach, the Scottish Legal Complaints Commission, the Law Society of Scotland and The Scottish Public Services Ombudsman.
  • If false or inaccurate information is provided or fraud identified, SLAB can lawfully share your personal information with fraud prevention agencies to detect and to prevent fraud and money laundering.

Research

As part of our statutory function we undertake a range of research work which uses the data we hold.  All such work is conducted in accordance with this policy and the data protection legislation

We may contact you for research purposes. Participation in such research is entirely voluntary: you are under no obligation to take part.