TestProtect Protect-Scotland App: Your 01 Jan COVID-19 test result is positive. Please self-isolate. If using the ‘Protect Scotland’ app, add test code DBK9FX (expires in 24 hrs) 21m ago MESSAGES Close TEST CODE (AUTHORISATION CODE) SENT IN SECONDS IP ADDRESS (APP USER) ANONYMOUS The encrypted anonymous keys reach the app backend. IP addresses are deleted. The anonymous diagnosis keys are stored in the app backend. Open
NHS Scotland - Test and Protect

Privacy notice for the Protect Scotland app

1. Introduction

This is the privacy notice for the Protect Scotland COVID-19 contact tracing app (also referred to as Protect-Scot) which can be downloaded to mobile devices from the Google Play and Apple Stores.

From Friday 29th April, the Protect Scotland app will no longer alert you if you have been in close proximity with a COVID-19 positive person.

Therefore, the app will no longer allow you to be aware of any potential infection risk that you may then pose to others, such as family members or work colleagues.

The latest version of the app available for download on Google Play and the App Store has tracing deactivated.

If you do not update your existing app, tracing will continue to show as 'active' but the app will not provide close contact notifications as the tracing function has been disabled.

This privacy notice sets out information about who we are, how we process your personal information and for what purposes, and your rights in relation to your personal information.

This privacy notice includes the following sections:

Privacy PolicyContents

Further information about terms that are used in this privacy notice is available here.

2. Controllers

A data controller is an organisation that determines the means and purposes of the processing of personal information.

The following organisations are data controllers, and they have the following roles in connection with the app:

Scottish Government: has commissioned the app and has strategic direction over it. Scottish Government is involved in policy and technical decisions regarding how personal information is processed within the app and the purposes of processing and is the lead controller.

Public Health Scotland (PHS): is responsible for public health matters in Scotland and makes public health decisions about the app with Scottish Government.

3. Controllers' contact details

Questions, comments, complaints or requests regarding your personal information can be sent to any of us using the following details:

Scottish Government:

The Scottish Government Data Protection Officer
Victoria Quay
Commercial Street
Edinburgh
EH6 6QQ

Email: DataProtectionOfficer@gov.scot

Public Health Scotland: Data Protection Officer's contact details are available on the NHS Inform Website.

4. Personal information we process

We collect, use, store and transfer different kinds of personal information about you as follows:

Personal information Additional details Where is this information received from?

IP address

Internet Protocol (IP) address is a numerical label assigned to your device by the mobile phone or the Wi-Fi service provider. This allows the app to communicate with the internet.

This is assigned to your device by your mobile phone or your router. This is automatically determined by your internet service provider.

Metric Data

We are no longer capturing metrics based on usage. The number of downloads from the app stores will be recorded. This is aggregated numbers provided via the app stores and cannot be used to identify any individual app user.

5. How we use your personal information

We will only use your personal information when the law allows us to do so and to the minimum extent possible.

These are the purposes for which your personal information is used:

Personal information Purpose / activity

IP address

To send information from your phone to the app server.

What are the lawful grounds

These are the lawful grounds on the basis of which each controller processes your personal information for the above purposes:

Personal Data:

  • IP address
Data Controller Legal basis

Scottish Government
  • Necessary for performance of a task carried out in the public interest on the basis of The Public Health etc. (Scotland) Act 2008 section 1 (Duty of Scottish Ministers to protect public health) (UK GDPR Art 6(1)(e))
  • Necessary for reasons of substantial public interest for statutory and government purposes on the basis of The Public Health etc. (Scotland) Act 2008 section 1 (Duty of Scottish Ministers to protect public health) (UK GDPR Art 9(2)(g))
  • Necessary for reasons of public interest in the area of public health on the basis of The Public Health etc. (Scotland) Act 2008 section 1 (Duty of Scottish Ministers to protect public health) (UK GDPR Art 9(2)(i))
  • Necessary for scientific research or statistical purposes in the public interest (UK GDPR Art 9(2)(j))

Public Health Scotland
  • Necessary for performance of a task carried out in the public interest on the basis of Public Health Scotland Order 2019 section 4 (Functions of the Board, in particular (d) the protection of public health including those specified in section 1 of the Public Health etc. (Scotland) Act 2008 (duty of Scottish Ministers to protect public health)) and The Health Protection (Coronavirus) (International Travel) (Scotland) Regulations 2020, (Part 5 (Information Sharing - Power to use and disclose Information) (UK GDPR Art 6(1)(e))

Automated decision-making

The latest version of the app does not involve any automated processing.

Automated and semi-automated processing

Processing of anonymised random IDs: Although exposure notifications have been stopped, if you leave the Google or Apple Exposure Notification Service (ENS) enabled on your phone it will continue to exchange random IDs with other users’ phones. These random IDs will not be used by the app.

The processing of anonymised random IDs as a result of close proximity with other app users is an automated process. To work, the app requires that location services are switched on when using Android phones, but the app does not use GPS location services or Google location services to track your movements.

The processing does not require consent as the random IDs are anonymised. You can delete the anonymised random IDs stored on your device using settings and/or uninstall the app from your device at any time.

Storage and access to information on your device

The app stores and accesses information on your device. For the purposes of the Privacy and Electronic Communications Regulations 2003, such storage and access are strictly necessary for the purposes of the service provided by the app.

6. Disclosures of your personal information

Your personal information is shared with the third parties set out below for the purposes/activities mentioned in the table set out in the section How we use your personal information.

Personal information Party with whom personal information is shared

IP address

Data processors:

  • NHS Education for Scotland
  • Amazon Web Services

The app can only be downloaded from the Apple app Store and the Google Play Store. In this regard they are independent controllers as owners of the app stores. Their processing activity is separate to the processing of personal information on the app. Furthermore, although Apple and Google have developed the technology on which the app is based, neither company obtain any personal information from the app.

7. Data retention

Personal information Length of time this information is kept

IP address

The app uses your IP address only for a few seconds every time data needs to be sent from your device to the app server. IP addresses are not stored and are deleted immediately once the data they are transporting has reached the server.

Metric data that we have previously collected is held indefinitely.

For data previously collected:

  • Any diagnosis keys downloaded to your phone will be deleted after 14 days after which no downloaded diagnosis keys will be on your phone. These were used to determine if you had been in close contact with someone who had tested positive.
  • Random ids will still be exchanged between phones if you keep ENS and Bluetooth enabled. You can delete these random ids using the settings in your phone.
  • Some app registration data will be kept, unless you select to leave or delete the app, but this doesn’t include your mobile phone number or any other directly personal data.
  • The age group that you selected when registering is held on your phone. This will be deleted if you select to leave or delete the app.

8. International transfers

Your personal information is not transferred outside the UK.

9. Data security

The app does not store any personal data that can identify you; only anonymous data is stored and is encrypted by the app using the built-in encryption capability of your phone.

The app does not access GPS functionality or any form of location data from your phone.

Your IP address is stripped from the data at the earliest possible opportunity to ensure it cannot be used in any way to re-identify the person that uploaded the information.

The app and all the technical infrastructure used, including Amazon Web Services, are subject to rigorous security tests and follow the National Cyber Security Centre (NCSC) Cloud Security Principles.

Further security information Amazon Web Services

10. Your rights

You have the following rights under data protection laws in relation to your personal information.

Your data protection right How to exercise your right

The right to access your personal information.

Since only very limited personal information is retained in a short term and temporary manner, it would not be possible to comply with this request.

The right to have personal information rectified if it is inaccurate or incomplete.

Since only very limited personal information is retained within the app or the server and such information is retained in a short term and temporary manner, it would not be possible to comply with this request

The right to have personal information erased and to prevent processing.
  • This applies to existing app users. If you want to delete the anonymous random IDs stored on your device, you can do so using the device settings. You can also select the 'Leave' function in the settings and/or uninstall the app at any time.
  • Other than the above measures, since only very limited personal information is retained within the app server and such information is retained in a short term and temporary manner it would not be possible to comply with this request.

The right to 'block' or suppress processing of personal information.
  • This applies to existing app users. Using settings, you can disable the collection of anonymous random IDs by turning off Bluetooth on your device. You can delete the anonymous data from your device at any time.
  • You can also select the 'Leave' function in the settings and/or uninstall the app at any time.
  • Other than the above measures, since only very limited personal information is retained and such information is retained in a short term and temporary manner, it would not be possible to comply with this request.

The right to portability.

Since only very limited personal information is retained in the app server and such information is retained in a short term and temporary manner, it would not be possible to comply with this request.

App functionality does not allow porting the anonymous random IDs from your device.

The right to object to the processing.

This applies to existing app users. If you want to delete the anonymous data stored on your device, you can do so using the device settings. You can also select the 'Leave' function in the settings and/or uninstall the app at any time.

Rights in relation to automated decision making and profiling.

This applies to existing app users:

  • Using settings you can disable the collection of anonymous random IDs by turning off Bluetooth on your device. You can delete the anonymous random IDs from your device at any time.
  • You can also select the 'Leave' function in the settings and/or uninstall the app at any time.

Further information on your rights can be found on the Information Commissioner’s website.

If you have questions regarding your rights, please contact Scottish Government using the details set out in Controllers' contact details.

If you have any specific questions to Public Health Scotland please contact the Data Protection Officer of that organisation using the contact details available in the NHS Inform Website.

11. Your right to complain

If you are unhappy with any aspect of this privacy information notice, or how your personal information is being processed in connection with the app, please contact Scottish Government using the details set out in Controllers' contact details.

If you are unhappy with anything that either Public Health Scotland have done, please contact the Data Protection Officer of that organisation using the contact details available in the NHS Inform Website.

If you feel any of us have been unable, or unwilling, to resolve your information rights concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). The ICO is the supervisory authority responsible for data protection in the UK.

For further information, including independent data protection advice and information in relation to your rights, you can contact the Information Commissioner at:

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113.

Website: www.ico.org.uk

You can also report any concerns here: https://ico.org.uk/concerns/handling

12. Changes to this privacy information notice

We keep our privacy information notice under regular review.

This version was last updated on 20 May 2022.

We may also update this privacy notice as part of a version change to the app.

13. Related and third-party services and websites

The app may, from time to time, contain links to related and/or third party websites and services. Please note that these websites and services have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal information that may be collected through these websites or services. Please check these policies before you submit any personal information to these websites, agree to allow us to send personal information on your behalf or at your request or use these services.

For existing users who have not updated to the latest App version, the app has functionality allowing you to send your friends and family a suggestion to download the app. If you use this function, a notification is sent to your selected contacts using your chosen communication method (e.g. text, email, Whatsapp message). These third parties have their own privacy notices according to which they process your information. We do not retain or store any such notification data.

14. Glossary

app backend

Is the part of the app that is not in your phone. This is managed by NHS Education for Scotland on behalf of Scottish Government. The app Backend is hosted within the Amazon Web Services computers.

AWS (Amazon Web Services)

Is a cloud computing platform provided by Amazon. It provides cloud infrastructure for the app.

Bluetooth IDs (ids)

Refer to Identifier Beacons.

UKCA marking

Is a certification mark that indicates conformity with health, safety and environmental protection standards for products sold within the UK.

Consent

Occurs when you have freely given, for a specific reason, an informed and unambiguous indication of your wishes by way of a clear affirmative action (such as ticking a box) e.g. by ticking a box to agree to the processing of your data.

Controller

Any body which, alone or jointly with others, determines the purposes and means of the processing of personal information. Scottish Government, Public Health Scotland, are controllers in respect of personal information in connection with the app.

ENS

Exposure Notification Service

GAENS

Google and Apple Exposure Notification Service.

Identifier Beacons

Also known as 'Random IDs' or 'anonymous rolling identifiers': these are random numbers used by the Google and Apple Exposure Notification Service.

IP address

A numerical label assigned to a mobile device by the mobile phone or Wi-Fi service provider. It is typically made up of 4 sets of numbers (e.g. 192.168.0.50). As a consequence of how data traffic passes across the internet, the IP address is inevitably transferred to the app server.

This video explains how IP addresses work.

MHRA

Is the Medicines and Healthcare Products Regulatory Agency.

NES

Refers to NHS Education for Scotland who are data processors on behalf of the data controllers. NES provides digital infrastructure services for the app.

Personal information

Any information relating to an identified or identifiable individual who can be identified, directly or indirectly from that information.

Processor

Any body which processes personal information on behalf of the controller.

Processing

Any action or operation which is performed on personal information (whether or not by automated means) such as collection, recording, storage, use, disclosure and destruction of personal information.

Random IDs (also known as identifier beacons, keys, anonymous rolling identifiers and Bluetooth IDs)

Refer to Identifier Beacons.