What we do with the information you provide
Who are we and our promise to you
We are the Office of the Service Complaints Ombudsman for the Armed Forces. Our role is to provide independent and impartial oversight of the Service complaints system for members of the UK Armed Forces. When you provide personal information to us, we promise to protect your privacy and treat any information you give us confidentially.
We promise that we will comply with the data protection laws. This means that any personal information you give us will be:
- used only for the reason it was collected
- stored securely
- seen only by those who have a lawful reason to access it
- kept only for as long as is necessary and no longer.
What are your rights?
In accordance with the Data Protection Act 2018 you have the following rights. You can:
- Ask for copies of your personal information
- Ask how we will use your personal information
- Ask us to correct any information that you think is inaccurate
- Ask us to erase your personal information*
- Ask us to restrict the processing of your information
*Under article 6(1)(e) your rights of erasure do not apply when it comes to processing on the basis of public task. This is means that the processing of your information is necessary for the OSCO to carry out our specific task laid down by law. However, you do have the right to object to this by not filling in our application forms.
What information do we collect?
In order for us to do our job, we need to collect personal information from the individuals who contact our office. This information will be collected whether you contact us by phone, in writing, by mail or email, or you submit a form electronically through our website.
The type of information that we collect include:
- Your name
- Contact details
- Your Service number and Service
- Details of your unit and location
- Documents relevant to your complaint
- Information about reasonable adjustments you need us to make to the way we provide our service
- Names and contact information for people we may need to speak to about your case
Telephone Conversations. Calls to our office are not recorded or monitored. However, our Enquiries and Referrals Officers and Investigators may write a telephone note outlining the nature and content of the conversation. You may also be asked to provide more detailed information in writing following a phone call to our office.
Online Application Forms. The information you provide on these forms will only be used to process your application. Any sensitive information that you enter will be treated with the utmost care. We do not share information with 3rd party companies. All sensitive information entered on our online application forms are encrypted. This means that the information you enter is accessible to you (the user) who has access to read the information. If you complete our online application forms:
- All data will be stored for no more than 30 days. After this time, our web server will automatically delete this information. This includes any documents you have uploaded.
Token Links and Emails. If you choose to save and continue your online application form at any point, you will be given a token link. You will be asked to copy it down from the screen or have it emailed to you. If you receive the token link by email, any personal information that you completed will be encrypted. This means that the information you enter is accessible only to you (the user) using the token link. If you lose the token link, the information you entered cannot be retrieved.
Feedback. We collect feedback through electronic surveys. Our surveys are anonymous and we can’t identify who has submitted them unless you provide an email address. We have surveys to request feedback on our website, online application forms and the service provided by our office. If you complete one of these surveys:
- We will only use your responses to improve our website or Service
- Respond to enquiries within 7 – 14 working days if you provide an email address
- Keep your feedback for six months. After six months we delete the feedback but may keep our analysis of the feedback we received in that time period.
How we record and store the information you give us.
If you complete our application form online or by hard copy, we will transfer your information to our records using our Case Management System.
Case Management System (CMS) is a computer software system designed to help us manage our case files.
What we do with the information you give us?
What we do with the information you give us depends on why you have contacted us and whether you give consent for your information to be shared. Information will only be shared without your consent when we believe there is an immediate risk of harm to yourself or another.
If you don’t provide consent, we can’t refer your intention to make a complaint or conduct a review or investigation.
We share your information in the following ways:
a. Sharing your information so that we can make a referral to your Service
If you ask the Ombudsman to refer your intention to make a Service complaint we need to share the following information with the relevant single Service secretariat (Name, contact details, Service number, rank, unit and location etc).
b. Sharing your information so that we can investigate your complaint
If we investigate your complaint, we will contact the Service Secretariat where you initially complained to request information relevant to the investigation. We will therefore need to share your name and the details of your complaint and ask your Service for more information (including relevant papers and computer records). If we do this, we will let you know. We will not share any of your personal information unless they already know about it.
c. Sharing your information if we do not investigate your complaint
If we decide not to investigate your complaint, a letter will be sent to you explaining our reasons for this. A copy of this letter will be sent to your Service for information.
d. Sharing draft reports on an investigation
When we conduct Substance (merits) and Maladministration investigations, we issue draft reports. These are sent to the complainant, the respondent, the relevant single Service Secretariat. We do this as part of disclosure. It gives everyone involved in the case a chance to comment on our draft findings and raise issues they believe are incorrect or have been misunderstood.
Our draft reports are confidential and have a disclosure warning on them. Sometimes, information contained inside is redacted if it is not relevant to the interested party receiving the report.
Even if you want to share the report with people who can help you comment on its content or accuracy (for example, a family member or professional adviser), then you would need to seek our permission before you do this.
e. Sharing final reports on an investigation
Final reports for investigations are sent to you and your Service through the Service Secretariat. We send a copy of the report to the Defence Council to help them learn from the complaint and to consider if they need to do things differently or better.
Our reports are confidential and have a disclosure warning on them. Sometimes, information contained in the report is redacted if it is not relevant to the interested party receiving the report.
Once you receive the final report, you must not make the contents of the report public or discuss its contents other than with those involved in the initial investigation. If you do want to share the final report you will need to seek our permission first.
We want to make sure that we provide a good service, so we might use your complaint for in-house training purposes. We will only share this information with OSCO staff.
Your email address will only be used for the purpose it was provided. You will not be added to a mailing list. We will not share any information that you provide to us with third party marketing companies.
How do we keep your information safe?
The OSCO is located in a secure building. Our files and computers can only be accessed by our staff.
We limit access to your information to only those people who need to see it, and we only share pieces of information that we have to.
When we share your information with a third party, as outlined above, they are subject to confidentiality.
We also have procedures in place to make sure your personal information is handled in lawful way. These procedures are regularly reviewed to ensure that your information is kept confidential and secure.
How do we deal with personal data breaches?
The Ombudsman is required by law to report any breaches in the handling of personal data to the Information Commissioners Office (ICO). If we become aware that a breach has occurred, we will:
- follow our internal reporting procedures
- investigate immediately
- notify any individuals affected by the breach
- report the incident to the ICO
How long will we keep your information?
We will keep all information about you and your complaint for 10 years after your file is closed.
We will keep all information on you whether we decide to investigate or not. After this time, all information will be permanently deleted in a structured, secure and timely manner.
What information do we publish?
The Ombudsman is required by law to publish an Annual Report each year. This report is laid in Parliament.
We uses anonymised data in these reports. This includes statistical data about how many people have contacted us and the outcome of those complaints.
We may also publish anonymised case summaries in these reports and on our website.
We will never publish identifiable personal information about a case on our website or in a report.
How do I access and my personal information?
Under the Data Protection Act 2018 you have the following rights. You can:
- ask to see any personal information held by us
- ask what we are doing with your personal information
- ask us to correct any personal information that is wrong or not up-to-date
- ask use to not use your personal information
- ask use to delete your personal information
If you want to correct any personal information such as your address or contact details, you can contact our Enquiries and Referrals Team or your investigating officer who will be happy to update this for you.
If you want to access the personal information that we hold on you this can be done by making a ‘Subject Access Request’ (SAR). To submit a SAR, you can either select the option on our enquiry form found on our website or send your request in writing to our Business Manager at:
- FAO Business Manager, PO Box 72252, London, SW1P 9ZZ.
Information on Subject Access Requests can be found on the Ombudsman website www.scoaf.org.uk/foi/.
Freedom of Information (FOI) records and requests
We will not disclose information we hold about you to other people under the Freedom of Information Act 2000. Ombudsman investigations are confidential so we will not disclose if you have made a complaint to our office or provide information on individual cases. However, we will provide access to data.
For general requests of information or documents a request can either be made by selecting the option on our enquiry form found on our website or in writing to our Business Manager: FAO Business Manager, PO Box 72252, London, SW1P 9ZZ.
Information on Freedom of Information can be found on the Ombudsman website www.scoaf.org.uk/foi/. More general information on FOI may be found on https://ico.org.uk/for-the-public/official-information/
If you have any questions regarding this policy or the handling of your personal information, you can contact our Data Protection Adviser, Ian Keith at firstname.lastname@example.org or in writing to:
FAO Ian Keith
Data Protection Adviser
Office of the Service Complaints Ombudsman
PO Box 72252
London SW1P 9ZZ
For more information about your rights and the General Data Protection Regulation, visit the Information Commissioner’s website at www.ico.org.uk