Site navigation

Who we are

Our website address is:

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements

Privacy Policy

The Scottish Framework for Fair Access Toolkit website is committed to processing personal data fairly, transparently and in accordance with the law.

The privacy notice advises what your rights are in relation to your personal data and how to contact us if you have any questions or concerns about the use of personal data.

See links below for applicable data protection laws:

Data Protection Legislation

From 25 May 2018, organisations must manage personal data in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This legislation gives more rights to you as an individual and more obligations to organisations holding your personal data.

One of the rights is a right to be informed. Below is information about the way in which we use and share your personal data, the legal basis on which we process your personal data and information about the increased rights you have in relation to the data we hold on you.

What We Do With Your Personal Data

This website can be used at any time without the need for users to provide personal data. Insofar as personal data is collected on this website, it shall be provided voluntarily by the user. Personal data shall not be disclosed to any third parties if the user has not provided their express consent.

When you access our website, data is automatically transferred from your browser to our web server. This data includes anonymous access data such as the date and time, browser type, volume/type of data accessed and your IP address. This data is stored separately from any other data collected during your visit to our website. This data does not allow the identification of any individual person and is collected solely for logging user behaviour and for statistical purposes. Once the data has been evaluated accordingly, arrangements are made for the data to be deleted.

What Are Your Rights?

  • Access to Personal Data – You can request to see the personal data held about you.
  • Rectification of Personal Data – If you believe the personal data that Scottish Government hold is incorrect or incomplete then you are entitled to request to have that data corrected.
  • Erasure of Personal Data or the Restriction of its Processing – You have the right to ask for your personal data to be erased or to restrict processing of that data.

Subject Access Request

You have the right to see a copy of the personal information held, subject to exemptions. This right is commonly referred to as a Subject Access Request (SAR). Subject Access Requests should not be confused with Freedom of Information requests.

The GDPR allows anyone to request a copy of personal data the Scottish Government holds about them. There is no charge, and we will respond within one calendar month once we have all the relevant details, including proof of identity.

You can submit a subject access request by contacting the Advanced Learning & Science Directorate at the above address, or visiting this link:

Data Controller

The controller of your personal data is the Scottish Government. Their address is:

Scottish Government

Advanced Learning and Science Directorate

Higher Education and Science Division

6th Floor

5 Atlantic Quay

150 Broomielaw


G2 8LU

If you want to request information, you can write to us at the above address.

Complaint to the Information Commissioners Office (ICO)

If you wish to make a complaint about how this website has or is processing your personal data you can do so by contacting:

Information Commissioner’s Office
Wycliffe House
Water Lane

Legal basis for processing

The Scottish Framework for Fair Access Toolkit website processes the data so far as it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, in accordance with Article 6 of the GDPR. For the purposes of this website, the legitimate interests constitute the collection of data solely for logging user behaviour and statistical purposes. Once the data has been evaluated accordingly, arrangements are made for the data to be deleted.

Third party website content

The Scottish Framework for Fair Access Toolkit website is not responsible for the content of any third party websites to which it links. These websites may collect your personal data – please see the relevant privacy notices of any of these sites for further information.

Use of Cookies

Cookies are small files that a site or its service provider transfers to the user’s computer’s hard drive through a Web browser (if allowed) that enables the sites or service providers’ systems to recognize the browser and capture and remember certain information.

Cookies are covered by the Privacy and Electronic Communications Regulations.

Why we use cookies

We use Google Analytics to collect aggregated visitor statistics, and session cookies which allow the website to recognise a visitor throughout their visit and not treat them as a new visitor on each page.

Data collected by the Google Analytics cookies is hosted by Google. For more information please see Google Analytics Privacy Policy.

How can I control my cookies?

You can use your web browser to:

  • delete all cookies
  • block all cookies
  • allow all cookies
  • block third-party cookies
  • clear all cookies when you close the browser
  • open a ‘private browsing’ session
  • install add-ons and plug-ins to extend browser functionality.

User agreement on cookies

By continuing to use our site, you agree to the placement of cookies on your device. If you choose not to receive our cookies, we cannot guarantee that your experience will be as fulfilling as it would otherwise be.