Privacy Statement

Officers Association Scotland (OAS) is a registered charity (Scottish Charity No. 010665) with our main office at New Haig House, 66 Logie Green Road, Edinburgh EH7 4HQ.

In meeting its charitable purposes, OAS as a data controller,  processes the personal data of the following categories of people:

  • Directors
  • Employees
  • Job applicants 
  • Self-employed contractors
  • Beneficiaries and potential beneficiaries
  • Employment Service users and people seeking those services
  • Employer and Organisation Contacts
  • Service provider contacts

OAS undertakes to collect, record, store and use such information in accordance with the General Data Protection Regulation 2016 (GDPR) and any other relevant data protection legislation.   Staff are trained in the principles of data protection and are required to comply with this policy.

  1. A) Data Protection Principles

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

Processing will be fair, lawful and transparent

  1. Data be collected for specific, explicit, and legitimate purposes, as noted in the individual privacy notices. OAS does not sell, trade or rent personal data to others.
  2. Data collected will be adequate, relevant and limited to what is necessary for the purposes of processing as specified.
  3. Data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay.
  4. Data is not kept for longer than is necessary for its given purpose. More information can be found in the separate privacy notices and in our data retention policy.
  5. Data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures. All staff and volunteers, as appropriate, will receive data protection training and will be required to follow data handling policies. All third parties accessing personal data held by OAS will be required to accept GDPR compliant data processing conditions. More information can be found in our Information Security Policy.
  6. We will comply with the relevant GDPR procedures for the international transfer of personal data.
  1. B) Data Subjects’ Rights

People whose personal data we process have the right:

  1. To be informed about the data we hold on them and what we do with it; please see the individual privacy notices.
  2. Of access to the data we hold on them. Please contact the CEO, Mary-Clare Macfarlane on This is called a ‘Subject Access Request’ to which we shall respond within a month, unless it is a very complex request when the law allows us up to 3 months to deal with it. We would only make a charge if the request was “manifestly unfounded or excessive.”
  3. For any inaccuracies in the data we hold on them, however they come to light, to be corrected within one month. This is also known as ‘rectification’. We shall inform any third parties with whom we have shared the data of any such changes.
  4. To have data deleted in certain circumstances. This is also known as ‘erasure’. We will delete data if it is no longer needed for the purpose for which it was collected; if the data subject objects to our processing the data and we have no over-riding legitimate interest in retaining it; the data has been processed unlawfully or we must erase it to comply with the law. We shall inform any third parties to whom the erasure is relevant.
  5. To restrict the processing of the data, if they disagree about the accuracy of the data we hold on them or object to our intention to erase data. This may involve reducing the data we hold on the data subject. We shall inform any third parties to whom the restriction is relevant.
  6. To object to direct marketing.
  7. To object to our processing of data on the lawful basis of legitimate interest, unless it can be demonstrated that such legitimate interest overrides the data subject’s interests, rights and freedoms.
  8. To claim compensation for damages caused by a breach of data protection legislation.
  9. Make a complaint to the Information Commissioner’s Office at: or 0303 123 1113
  1. C) Website Users

The OAS website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

  1. D) Data Protection Breaches

You can read our Data Breach Policy here Personal_Data_Breach_