This site is in development. Help us improve it using our feedback form.

National Library of Scotland

Employment privacy notice

Last updated
10 July 2025
Estimated reading time
4 minutes

This page clarifies how we process personal data when people work with or for the Library. It also explains your associated rights. Please read our general privacy information in addition to the specific information contained in this privacy notice.

Purpose

Employees, prospective employees, contractors, and volunteers

Explanation of the purpose

We process the personal data of applicants for employment for the purposes of enabling fair and lawful recruitment.

We process the personal data of employees, contractors, volunteers and others who undertake work with or for the Library for the purposes of managing employment and other workplace activities, as well as maintaining the safety and security of persons, premises, and goods.

When you access our spaces as a contractor we will process your personal data for the purposes of managing safe and secure access to our spaces. Please see our safety privacy notice for more details.

If an employee asks us to, we may use or transfer their personal data for the purpose of providing them with voluntary employee benefits.

Legal basis

Processing of this data is necessary for performance of a contract or for undertaking steps necessary for entering into a contract.

We will only process your personal data for the purpose of voluntary employee benefits if you give us consent to do so.

Recipients of the data

This data will be processed by the National Library of Scotland for this purpose and certain data will be sent to third parties (see 'Will the data be transferred to third parties?').

Retention period

We process this information in line with our retention schedules.

We have a detailed range of retention periods for different types of records, some of which will apply to information processed in the course of handling acquisitions and loans. Please see our retention schedules (811 KB; 77 pages) for details, in particular under business classification 06.03.00.00 'Staff' on page 54.

While we are working to implement our retention schedules, some data may be retained longer than required under the schedules.

Your rights in relation to this data

Your core rights as a data subject apply to this processing. Additionally, the right of data portability applies to this processing.

For processing that is carried out on the basis of consent, you have the right to withdraw your consent at any time and the right of erasure also applies.

Will the data be transferred to third parties?

We use a third party provider to deliver our external recruitment website. Our vacancy portal is provided and hosted by Engage ATS who are part of the Havas Group. For more information see the Havas Group's data protection policy.

We also use a third party provider, Equiniti, to process our payroll. This payroll service involves us transferring personal data to Equiniti in order for them to process payments on our behalf. Personal data transferred to Equiniti is transferred securely in accordance with data protection law. For more information see Equiniti's privacy policy.

We use a third party, Edenred, to provide voluntary employee benefits. If an employee asks to be included in this scheme, some of their personal data will be transferred to Edenred for the purpose of providing benefits and running the scheme. We will only transfer personal data to Edenred if the individual employee has requested that we do so. See Edenred's privacy notice for more details.

We use a third party, MyCSP, as our pension Scheme Administrator. The Cabinet Office is the Scheme Manager responsible for all of the Civil Service Pension Scheme arrangements. Personal data transferred to MyCSP is transferred securely in accordance with data protection law. See the Civil Service Pensions Scheme's privacy policy for more details.

We use a third party, CTM, as our travel booking provider. For more information please see CTM's privacy policy.

We use a third-party provider, Zoom Video Communications Inc for remote conferencing services including meetings and public events. For more information, please see Zoom's privacy notice.

We use a third party provider, HFX, to process our flexible working attendance system. For more information, email the Library's Data Protection Officer.

We use a third party, Learning Pool, as our e-learning provider. For more information, please see Learning Pool's privacy policy.

We use a third party provider, Atlassian, to deliver our IT helpdesk using their product Jira Service Management. For more information see Atlassian's privacy policy.

We are moving to a new third party provider, Iris, to deliver our HR and recruitment system. For more information, see Iris' Cascade HR privacy policy.

Will the data be transferred outside the UK or the European Economic Area (EEA)?

Zoom is registered in the United States of America and your personal data may be transferred there. Zoom will transfer personal data from the EU in accordance with the European Commission-approved Standard Contractual Clauses. Please see Zoom's privacy notice for further information.

Data that is processed by Atlassian may be transferred outside of the UK and the EEA. The Library has a UK International Data Transfer Addendum and EU Standard Contractual Clauses agreement with Atlassian to ensure adequate protection for any personal data transferred outside of the UK and the EEA. For more information, please see Atlassian's privacy policy.

Is it obligatory to supply this data and what are the consequences of not supplying the data?

Yes, the supply of certain categories of personal data must be supplied for these purposes. If you are unable to supply this personal data you may not be able to work or volunteer for or with the Library.

Will the data be used in automated decision-making?

No.