Data Protection and Privacy Policy

Data Protection and Privacy policy statement

The Scottish Charity Regulator (OSCR) is a Non-Ministerial Department of the Scottish Administration. This policy tells you what to expect when OSCR collects personal information. Any personal information collected by OSCR will be used in accordance with the Data Protection Act 1998 (DPA).

OSCR seeks to ensure that the information published on its website is up to date and accurate. However, the information on the website does not constitute legal or professional advice and OSCR cannot accept any liability for actions arising from its use. See our Data Protection policy for full details.

1. When we collect information and how we use it

We collect information in a number of ways:

  • when you visit our website
  • when you submit Annual returns
  • when you apply to become a charity
  • when you make changes to your charity
  • when you make a complaint or enquiry
  • when investigating potential misconduct, mismanagement or misrepresentation
  • when you subscribe to our newsletter or request information from us.

Information is used by us for the following purposes:

  • to regulate charities in Scotland
  • to inform investigations into allegations of misconduct, mismanagement or misrepresentation
  • to develop a regime of proactive monitoring
  • to encourage and facilitate compliance and best practice within charities
  • to inform research into the charity sector in Scotland.

Newsletter and email alerts

Information gathered on this form is used for the following purposes:

  • maintaining an accurate mailing list of subscribers
  • sending copies of the newsletter
  • sending email alerts and updates about OSCR and related matters.

Any personal data you provide when signing up for our newsletter and email alerts will only be used for that purpose. This information will not be passed to any third parties.

Any queries about the newsletter and email alerts should be sent to

2.When we collect information and how we use it

The information collected by OSCR may be shared with Her Majesty's Revenue and Customs (HMRC) and other regulatory bodies, such as the Charity Commission for England and Wales, where this is necessary.

Our Memoranda of Understanding (MOU) page lists the organisations with whom we have agreements and may share information when necessary. We ensure that information is shared in a manner that is efficient, proportionate and fully in compliance with the Human Rights Act 1998, the Data Protection Act 1998 and the Freedom of Information (Scotland) Act 2002.

Information on the Scottish Charity Register

Section 3 of the Charities and Trustee Investment (Scotland) Act 2005 (the 2005 Act) requires OSCR to keep a public register of charities, review it from time to time, and keep it up to date. The 2005 Act lists information that the Register must contain for each charity. The information is:

  • the name of the charity
  • the principal office address or if the charity does not have a principal office the name and address of one of the charity trustees*
  • the charity's purposes
  • certain other information (including whether it is a designated religious charity or national collector).

* If a charity trustee's name and address are given, the name and address will be shown on the Register.

Under section 3(4) of the 2005 Act an organisation has the right to ask us not to publish its principal office or trustee's name and address on the publicly available Scottish Charity Register.

We can only exclude the details from the Register if we believe that publishing this information is likely to jeopardise the safety or security of any person or premises.

If you consider that the address should not be shown on the Register, please write to us and explain why.

3. How We Use Cookies

Cookies are small text files placed on your computer to store data used by the websites that you visit. They are used to make websites work more effectively and to provide certain information to the site owners.

To find out more about cookies and how to manage or delete them visit:

OSCR's Cookies Statement explains the cookies that are used on the OSCR website and why. OSCR does not collect any personal information via the cookies on our website.

4. Access to your information held by OSCR

The Data Protection Act 1998 (DPA) gives you rights to access your own personal information. The UK Information Commissioner's office (ICO) enforces and oversees the DPA. Further information about the DPA is available on the ICOs website:

How do I make a request to OSCR under the DPA?

You should make a request in writing to:

Data Protection and Freedom of Information Officer
2nd Floor
Quadrant House
9 Riverside Drive

or email: putting 'Subject Access Request' in the title.

All Subject Access Requests (SARs) incur a charge of £10.00. This can be paid by cheque (please make cheques payable to Scottish Government) or by BACS (bank transfer). Account details are available on request at, putting “Subject Access Request” in the title.

We will need you to supply proof of your identity, for example:

  • a photocopy of the identification pages of your current passport or
  • a photocopy of a current photo driving licence, and
  • a copy of a current utilities bill, or credit card or bank statement which shows your address.

The information will be returned to you if requested; otherwise it will be securely destroyed once we no longer need it.

It is helpful if you can give us any information to help narrow the search, such as specific personal information you are looking for or which part of OSCR you have had contact with. 

5. Other websites

This website contains links to other sites. OSCR cannot be held responsible for the contents of any pages referenced by an external link. Please be aware that OSCR is not responsible for the privacy practices or use of cookies on other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects personal information.

This privacy policy applies solely to information collected by OSCR.

6. Changes to this policy

Our policy was last updated on 17 March 2017.