top of page

Data Protection

General Information

Data Protection legislation, including the Data Protection Act 2018 (DPA) and UK General Data Protection Regulation (UK GDPR), provides a framework to ensure Personal Data is handled properly and gives individuals rights to know how personal information can be collected, used and stored.

Personal data is any information that can be used to identify you as a Data Subject, such as your name and address. It’s information that relates to you, and from which you can be identified directly; or which could be used in combination with other information to identify you. Further information on Personal Data is available on the Information Commissioner’s Office (ICO) website.

The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

In order to operate efficiently Moray Pathways must collect and use information about people with whom it works, and, we may be required to process information to comply with legal obligations and our statutory duties. This personal information collected may be of members of the public; current, past and prospective employees; service users, and, suppliers.

Moray Pathways will strive for a positive and proactive approach to the collection and management of Personal Data. Moray Pathways will ensure we protect the information we collect, use and share information appropriately; actively managing it so it is relevant and up-to-date, and, remain fully compliant with legislation and best practice guidance from the ICO. Personal information in all formats are covered by Data Protection, including but not limited to: paper files, databases, emails, telephone recordings, CCTV and all information repositories.

If you need help understanding this page please inform the Data Protection Officer (DPO),, and we will provide someone to explain the contents of the information. A translation service is also available and you can ask for an advocate to assist you.

Privacy Notices

Whenever Moray Pathways collects personal information a Privacy Notice should be made available to explain how your personal information may be collected, used, stored, shared and securely disposed of, our legal basis for doing so and what your Data Subject Rights are. 

How long are records about you held?

Records will be kept for the minimum length of time required, some of these timespans are dictated by law. If there is no legal requirement to keep the records after the service to you has ceased they will be securely destroyed as soon as is practicable.

Who we share your information with

Your personal data may be shared internally with authorised officers of Moray Pathways if having access to that data is a necessary part of their roles, such as to ensure records are accurate and up to date. It may also be shared with other relevant Moray Council departments when applicable.

To provide effective services, your data may also be shared with agencies and external partners who deliver services on Moray Pathways behalf so they can provide these services (for example contractors). When we share your personal information with third parties we only do so when legally required, or when permissible under Data Protection legislation. In these instances, we ensure that these recipients are able to meet their obligations under Data Protection legislation and have measures in place to ensure your information is protected. These prerequisites will be set out in information sharing agreements or contracts.

We may also share your personal data with other relevant Moray Council departments and third parties, where we are under a legal obligation to do so. For example this may be with Police, Social Security Scotland, UK Border Agency or other Registered Professional Bodies.

Whenever personal information is shared with third parties we will only provide the minimum information required. Moray Pathways will not sell your personal information to any third parties.

Are records confidential?

Moray Pathways employees have a duty of care when providing services. This includes respecting the right to confidentiality and ensuring that information about you is only processed for the purposes of the service being provided.

How do I request my information?

You are entitled to request a copy of personal information that Moray Council holds on you. This is called a Subject Access Request (SAR).

You are only entitled to your own personal information. Requestors with parental rights may request information that identifies and relates to their child(ren) under the age of 12years.

To make a request please complete a Subject Access Request form and send it to:, or, Information Co-ordinator, Elgin Library, Cooper Park, Elgin, IV30 1HS.

Please note that proof of identity will be required before releasing personal information, and, that personal information of third parties will be redacted from any copies provided.

If you need help understanding the information you receive please inform Moray Pathways and we will provide someone to help explain the contents of the information. A translation service is also available and you can ask for an advocate to assist you.

Concerns or complaints:

If you have any Data Protection concerns or complaints regarding how we handle personal information please contact Moray Council’s DPO

However, you also have the right to lodge a complaint about Data Protection matters with the Information Commissioner's Office, The ICO can be contacted by post at:

Information Commissioner’s Office,
Wycliffe House,
Water Lane,
SK9 5AF. 

By telephone at 0303 123 1113, or via their website:

bottom of page