General Data Protection Regulations

Privacy Statement

1. This statement sets out the position of Fisheries Management Scotland in relation to the General Data Protection Regulations (GDPR).

2. Fisheries Management Scotland is a membership organisation for district salmon fishery boards and fishery trusts. It’s objects are “to promote and ensure the best fisheries management for the protection, preservation and development of Scotland’s wild salmon and freshwater fish, along with their fisheries and environment; and to represent and promote the interests of members of the company”.

3. Fisheries Management Scotland will process personal data for the purpose of fulfilling its representative function on behalf of its members. We will only pass personal data to third parties without the consent of the data subject where it is necessary for us to do so in support of the fulfilment of our objects.

4. Data is held subject to our Data Handling Policy. Our responsible officer for data is Brian Davidson, Director of Communications & Administration, and any queries regarding this Privacy Statement should be directed to him.

Data Handling Policy

1. Fisheries Management Scotland in pursuance of its objects needs to process personal data. Fisheries Management Scotland is a data controller for the purposes of the General Data Protection Regulation and that it must comply with the following six principles for the handling of personal data:

• fairly and lawfully processed
• processed for limited purposes
• adequate and relevant and limited to what is necessary
• accurate and where necessary up to date
• not kept in a way that people can be identified from it for longer than is necessary
• processed in a way that ensures appropriate security

2. Fisheries Management Scotland’s officer responsible for compliance with GDPR is Brian Davidson, Director of Communications & Administration. He will maintain Fisheries Management Scotland’s databases in compliance with GDPR. Fisheries Management Scotland will hold three separate databases:

• A Contract database with information required in fulfilment of those contracts
• A ¹Legitimate Interests database held subject to satisfaction of a ‘legitimate interests’ assessment (LIA assessment);
• Consent database, all data held under consent of the data subjects.

3. Fisheries Management Scotland will audit its information annually to ensure that its data bases are compliant with the six principles of GDPR. In particular, the audit will ensure:

• that data is held in compliance with the act
• data held is accurate
• that no more data is held that is necessary
• that data will be held only for so long as it is needed.

4. After each annual audit the responsible officer will note that the audit has taken place and that he/she certifies that the databases as being compliant with GDPR.

5. Fisheries Management Scotland will ensure that all the data held is securely stored. This will apply to physical copies of data as well as computer-based data.

6. Fisheries Management Scotland will respond within 28 days to any written request (including by e-mail) by a data subject for details of information held by Fisheries Management Scotland on them.

7. Fisheries Management Scotland will maintain an up to date privacy notice on its website.

¹ The LIA assessment requires that the information officer before entering the data on the Legitimate Interests database satisfies him/herself that FMS is pursuing a legitimate interest in so doing, that processing the data is necessary for that purpose and that he/she has considered whether there are any balancing personal issues that override the right of the FMS to process that data (for example where that individual has particular vulnerabilities).