What we do with the information you provide

In accordance with the Data Protection Act 2018 you have the following rights. You can:

• Ask for copies of your personal information
• Ask how we will use your personal information
• Ask us to correct any information that you think is inaccurate
• Ask us to erase your personal information*
• Ask us to restrict the processing of your information

*Under article 6(1)(e) your rights of erasure do not apply when it comes to processing on the basis of public task. This is means that the processing of your information is necessary for SCOAF to carry out our specific task laid down by law. However, you do have the right to object to this by not filling in our application forms.

In order for us to do our job, we need to collect personal information from the individuals who contact our office.  This information will be collected whether you contact us by phone, in writing, by mail or email, or you submit a form electronically through our website.

The type of information that we collect include:

• Your name
• Contact details
• Your Service number and Service
• Details of your unit and location
• Documents relevant to your complaint
• Information about reasonable adjustments you need us to make to the way we provide our service
• Names and contact information for people we may need to speak to about your case

Telephone Conversations. Calls to our office are not recorded or monitored. However, our Enquiries and Referrals Officers and Investigators may write a telephone note outlining the nature and content of the conversation. You may also be asked to provide more detailed information in writing following a phone call to our office.

Online Application Forms. The information you provide on these forms will only be used to process your application. Any sensitive information that you enter will be treated with the utmost care. We do not share information with 3rd party companies. All sensitive information entered on our online application forms are encrypted. This means that the information you enter is accessible to you (the user) who has access to read the information. If you complete our online application forms:

You will be asked to provide consent and view this privacy policy
All data will be stored for no more than 30 days. After this time, our web server will automatically delete this information. This includes any documents you have uploaded.
Feedback. We collect feedback through electronic surveys. Our surveys are anonymous and we can’t identify who has submitted them unless you provide an email address. We have surveys to request feedback on our website, online application forms and the service provided by our office. If you complete one of these surveys:

We will only use your responses to improve our website or Service
Respond to enquiries within 20 working days if you provide an email address
Keep your feedback for six months. After six months we delete the feedback but may keep our analysis of the feedback we received in that time period.
Cookies. We use cookies on our website as explained in our Cookies page

If you complete our application form online or by hard copy, we will transfer your information to our records using our Case Management System.

Case Management System (CMS) is a computer software system designed to help us manage our case files.

What we do with the information you give us depends on why you have contacted us and whether you give consent for your information to be shared. Information will only be shared without your consent when we believe there is an immediate risk of harm to yourself or another.

If you don’t provide consent, we can’t refer your intention to make a complaint or conduct a review or investigation.

We share your information in the following ways:

a. Sharing your information so that we can make a referral to your Service

If you ask the Ombudsman to refer your intention to make a Service complaint we need to share the following information with the relevant single Service secretariat (Name, contact details, Service number, rank, unit and location etc). If you send us an Annex f form this will be shared with your Service when we make a referral.

b. Sharing your information so that we can investigate your complaint

If we investigate your complaint, we will contact the Service Secretariat where you initially complained to request information relevant to the investigation. We will, therefore, need to share your name and the details of your complaint, including your application form, and ask your Service for more information (including relevant papers and computer records). If we do this, we will let you know. We will not share any of your personal information unless they already know about it.

c. Sharing your information if we do not investigate your complaint

If we decide not to investigate your complaint, a letter will be sent to you explaining our reasons for this. A copy of this letter will be sent to your Service for information.

d. Sharing draft reports on an investigation

When we conduct Substance (merits) and Maladministration investigations, we issue draft reports.  These are sent to the complainant, the respondent, the relevant single Service Secretariat. We do this as part of disclosure.  It gives everyone involved in the case a chance to comment on our draft findings and raise issues they believe are incorrect or have been misunderstood.

Our draft reports are confidential and have a disclosure warning on them. Sometimes, the information contained inside is redacted if it is not relevant to the interested party receiving the report.

Even if you want to share the report with people who can help you comment on its content or accuracy (for example, a family member or professional adviser), then you would need to seek our permission before you do this.

e. Sharing final reports on an investigation

Final reports for investigations are sent to you and your Service through the Service Secretariat. We send a copy of the report to the Defence Council to help them learn from the complaint and to consider if they need to do things differently or better.

Our reports are confidential and have a disclosure warning on them. Sometimes, the information contained in the report is redacted if it is not relevant to the interested party receiving the report.

Once you receive the final report, you must not make the contents of the report public or discuss its contents other than with those involved in the initial investigation. If you do want to share the final report you will need to seek our permission first.

We want to make sure that we provide a good service, so we might use your complaint for in-house training purposes. We will only share this information with SCOAF staff.

Your email address will only be used for the purpose it was provided. You will not be added to a mailing list. We will not share any information that you provide to us with third party marketing companies.

f. Sharing final reports with the media or third party

If you do want to share your final report with the media or third party (for example, MP’s, solicitors, professional advisors or the press) you will need to seek our permission first. We will consider giving you a redacted copy of your report but there may be occasions when this is not possible due to data protection or security reasons.

SCOAF is located in a secure building. Our files and computers can only be accessed by our staff.

We limit access to your information to only those people who need to see it, and we only share pieces of information that we have to.

When we share your information with a third party, as outlined above, they are subject to confidentiality.

We also have procedures in place to make sure your personal information is handled in a lawful way.  These procedures are regularly reviewed to ensure that your information is kept confidential and secure.

The Ombudsman is required by law to report any breaches in the handling of personal data to the Information Commissioners Office (ICO). If we become aware that a breach has occurred, we will:

• follow our internal reporting procedures
• investigate immediately
• notify any individuals affected by the breach
• report the incident to the ICO

We will keep all information about you and your complaint for 6 years after your file is closed.

We will keep all information on you whether we decide to investigate or not. After this time, all information will be permanently deleted in a structured, secure and timely manner.

The Ombudsman is required by law to publish an Annual Report each year.  This report is laid in Parliament.

We uses anonymised data in these reports.  This includes statistical data about how many people have contacted us and the outcome of those complaints.

We may also publish anonymised case summaries in these reports and on our website.

We will never publish identifiable personal information about a case on our website or in a report.

Under the Data Protection Act 2018 you have the following rights. You can:

• ask to see any personal information held by us
• ask what we are doing with your personal information
• ask us to correct any personal information that is wrong or not up-to-date
• ask use to not use your personal information
• ask use to delete your personal information

If you want to correct any personal information such as your address or contact details, you can contact our Enquiries and Referrals Team or your investigating officer who will be happy to update this for you.

If you want to access the personal information that we hold on you this can be done by making a ‘Subject Access Request’ (SAR). To submit a SAR, you can either select the option on our enquiry form found on our website or send your request in writing to our Policy Manager at:

FAO Data Protection Officer, PO Box 72252, London, SW1P 9ZZ.
Information on Subject Access Requests can be found on the Ombudsman website www.scoaf.org.uk/foi/.

We will not disclose information we hold about you to other people under the Freedom of Information Act 2000. SCOAF investigations are confidential so we will not disclose if you have made a complaint to our office or provide information on individual cases. However, we will provide access to data.

For general requests of information or documents, a request can either be made by selecting the option on our enquiry form found on our website or in writing to our Policy Manager: FAO Data Protection Officer, PO Box 72252, London, SW1P 9ZZ.

Information on Freedom of Information can be found on the Ombudsman’s website www.scoaf.org.uk/foi/. More general information on FOI may be found on https://ico.org.uk/for-the-public/official-information/