Registration Number: Z6542658
Date Registered: 11 April 2002 Registration Expires: 10 April 2019
Data Controller: Forestry Commission
231 Corstorphine Road
This register entry describes, in very general terms, the personal data being processed by:
Nature of work - General business.
Description of processing
The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.
Reasons/purposes for processing information
We process personal information to enable us to provide advice and information, to promote our goods and services, to maintain our accounts and records, to support and manage our staff and to participate in data matching under national fraud initiatives. We also process personal information using a CCTV system to monitor and collect visual images for the purpose of security and the prevention and detection of crime.
Type/classes of information processed
We process information relevant to the above reasons/purposes. This may include:
- personal details
- family, lifestyle and social circumstances
- financial details
- employment and education details
- goods or services provided
We also process sensitive classes of information that may include:
- physical or mental health details
- racial or ethnic origin
- religious or other beliefs of a similar nature
- trade union membership
Who the information is processed about
We process personal information about our:
- customers and clients
- suppliers and services providers
- advisers, consultants and other professional experts
- complainants and enquirers
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required we share information with:
- family, associates and representatives of the person whose personal data we are processing
- employment and recruitment agencies
- current, past and prospective employers
- educators and examining bodies
- central government
- credit reference agencies
- suppliers and service providers
- debt collection and tracing agencies
- financial organisations
other regulatory authorities
voluntary and charitable bodies
Consultancy and Advisory Services
Information is processed for consultancy and advisory services that are offered. For this reason the information processed may include name, contact details, family details, financial details, and the goods and services provided. This information may be about customers and clients. Where necessary this information is shared with the data subject themselves, business associates and other professional advisers, current, past or prospective employers and service providers.
CCTV - Crime Prevention and/or Staff Monitoring
CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.
Personal information is also processed in order to undertake research. For this reason the information processed may include name, contact details, family details, lifestyle and social circumstances, financial details, good and services. The sensitive types of information may include physical or mental health details, racial or ethnic origin and religious or other beliefs. This information is about survey respondents. Where necessary or required this information may be shared with customers and clients, agents, service providers, survey and research organisations.
TransfersIt may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the data protection act.