Privacy policy

This website is operated by the Sheku Bayoh Inquiry.  We are an independent public inquiry exercising statutory functions in the public interest, established under the Inquiries Act 2005 (“2005 Act”).
We are the controller of your personal data, which means that we are legally responsible for how we hold and use your personal data.
This policy explains how we will use your personal data that you provide to us when you use or communicate with us via our website, who it may be shared with and your rights. If you are involved in the Inquiry then we will issue you with a separate privacy notice, which sets out how we handle and use your personal data and special category data for that purpose. Our privacy notices can be found on the Key Documents page of this website.
We have appointed a Data Protection Officer (“DPO”), Daradjeet Jagpal, who ensures that we comply with data protection laws. If you have any questions about this policy or how we hold or use your personal data, please contact the DPO by e-mail at
You can contact us by e-mail at
1. What personal data do we process about you?
Our website is a place for you to find out more about the Inquiry and how you can get involved in the Inquiry.
We may process personal data and special category data about you when you contact us by telephone, e-mail or letter, if you use the contact form on our website or report a problem with our website.  This may include your name and contact details and any information about your interest in the Inquiry, if you choose to provide this to us.
We may also collect personal data about you through the use of cookies on this website.  For further information, please see our Cookies Policy in the footer of this website.
2. Why do we process this personal data about you?
We use the personal data and special category data you provide to:

  • respond to your queries;
  • provide you with the information that you have requested about the Inquiry;
  • allow us to consider your comments, enquiries, complaints and suggestions and respond, if necessary; and
  • make improvements to our website in response to your feedback.

3. What is our legal basis for processing your personal data?
Data protection laws require us to have a legal basis for processing your personal data. 
We may rely on your explicit consent as our legal basis for processing your personal data. This is because you decide what personal data and special category data you wish to share with us. You have the right to withdraw your consent at any time by contacting our DPO. Once you have withdrawn your consent, we will no longer process your personal data for the purposes set out in this Policy, unless have another legal basis for doing so.
We may also have a legitimate interest in processing your personal data to allow us to respond to your queries and make changes to our website in response to your feedback, if appropriate. In considering whether we have a legitimate interest in processing your personal data, we will take into account any impact of our processing of your personal data on you and what steps we can take to minimise any such impact.
4. Who do we share your personal data with?
We may need to share your personal data with our service providers, who host and maintain our website and the systems on which your personal data is stored.
We may also be required to share your personal data with government bodies, the police and law enforcement agencies in certain circumstances, for example, where an offence has been committed.
5. How long do we keep your personal data?
We will only keep your personal data for as long as we need to for the purposes described in section 2 of this Policy, including to meet any legal or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal or other requirements.
Depending on the nature of your query, we may keep your personal data until the end of the Inquiry, at which point, some of the personal data (where it is to form part of the historic record of the Inquiry) will be transferred to the Keeper of the Records of Scotland. 
6. How the Inquiry keeps personal data secure
The security of your personal data is important to us and we have appropriate technical and organisational measures to safeguard your personal data.  We also have procedures in place to deal with any suspected data security breach.  We will notify you and the Information Commissioner’s Office (“ICO”) of a suspected data security breach where legally required to do so.
7. What rights do you have in relation to your personal data that we process?
It is important that the personal data that we process about you is accurate and current. Please keep us informed of any changes by contacting our DPO. Under certain circumstances, the law gives you the right to:

  • Access a copy of your personal data and to check that we are processing it in accordance with legal requirements.
  • Correct any inaccurate or complete any incomplete personal data that we process about you.
  •  Delete your personal data where there are no grounds for us continuing to process it.  You also have the right to ask us to do this where you object to us processing your personal data.
  • Restrict our processing of your personal data, for example, if you contest the accuracy of your personal data.
  • Object to us processing your personal data.
  • Request a copy in structured, commonly used and machine-readable format of any personal data you have provided to us and to have this transferred to another organisation.

Please contact our DPO if you wish to make any of the above requests. When you make a request, we may ask you for specific information to help us confirm your identity for security reasons.  You will not need to pay a fee when you make any of the above requests, but we may charge a reasonable fee or refuse to comply if your request for access is clearly unfounded or excessive.
8. Transfer of your personal data outside the UK
As part of ensuring the continued operation and security of our website, the personal data that you provide to us may be transferred to our website host and IT service provider’s systems, which may be located outside the UK.  We will comply with data protection laws to ensure that your personal data is protected to standards equivalent to UK standards in the case of any such transfer.
9. Third party links
This website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third party websites and are not responsible for their privacy practices. When you leave our website, we encourage you to read the privacy policy of every website you visit to understand how they collect, hold and use your personal data.
10. Feedback and complaints
We welcome your feedback on how we process your personal data, and this can be sent to our DPO.
You have the right to make a complaint to the ICO, the UK regulator for data protection, about how we process your personal data. The ICO’s contact details are as follows:
Telephone:    0303 123 1113
If you would like to receive this Policy in alternative format, for example, audio, large print or braille, please contact us.
11. Updates to this Policy
We may update this Policy at any time, and you should check our website occasionally to ensure you are aware of the most recent version that will apply each time you access our website.
Last updated: 30 November 2020