Privacy notice for the Protect Scotland app
1. Introduction
This is the privacy notice for the Protect Scotland COVID-19 contact tracing app (also referred to as Protect-Scot) which can be downloaded to mobile devices from the Google Play and Apple Stores.
Protect-Scot is an app designed to help stop the spread of COVID-19 (alongside other public health measures) by telling you if you've been near someone who has tested positive with COVID-19 or by telling others who have been near you, if you test positive. Click here to learn more about how the app works.
If you have been told by the app that you need to self-isolate then you can use the app to send a self-isolation certificate proving you need to self-isolate to other persons or organisations e.g. your employer or your Scottish Local Authority. You can also send a copy to yourself. Only one self-isolation certificate can be produced for you for a self-isolation period.
This privacy notice sets out information about who we are, how we process your personal information and for what purposes, and your rights in relation to your personal information.
This privacy notice includes the following sections:
Privacy PolicyContents
- 1. Introduction
- 2. Controllers
- 3. Controllers’ contact details
- 4. Personal information we process
- 5. How we use your personal information
- 6. Disclosures of your personal information
- 7. Data retention
- 8. International transfers
- 9. Data security
- 10. Your rights
- 11. Your rights to complain
- 12. Changes to this privacy information notice
- 13. Related and third party services and websites
- 14. Glossary
Further information about terms that are used in this privacy notice is available here.
2. Controllers
A data controller is an organisation that determines the means and purposes of the processing of personal information.
The following organisations are data controllers, and they have the following roles in connection with the app:
Scottish Government: has commissioned the app and has strategic direction over it. Scottish Government is involved in policy and technical decisions regarding how personal information is processed within the app and the purposes of processing and is the lead controller. The Scottish Government is also responsible for issuing the self-isolation certificate.
PHS: is responsible for public health matters in Scotland and makes public health decisions about the app with Scottish Government. PHS is responsible for the National Contact Tracing Centre and decides whether certain limited personal information (mentioned in Personal information we process) is shared with the app.
NHS NSS: operates the National Contact Tracing Centre on behalf of PHS and decides whether certain limited personal information (mentioned in Personal information we process) is shared with the app. NHS NSS is also involved in the sending of authorisation codes to individuals who have received a positive COVID-19 test result.
Scottish Local Authorities: are responsible for the personal information contained in self-isolation certificates they receive.
Other persons or organisations may also become controllers in their own right when they receive a self-isolation certificate, for example:
Your employer and any other organisation you decide to share your information with: When these organisations receive a self-isolation certificate, they become a controller for that personal information for their own purposes (e.g. employment, health and safety, etc.).
You can read more about the controllers and other organisations involved in the app here.
3. Controllers’ contact details
Questions, comments, complaints or requests regarding your personal information can be sent to any of us using the following details:
Scottish Government:
The Scottish Government Data Protection OfficerVictoria Quay
Commercial Street
Edinburgh
EH6 6QQ
Email: DataProtectionOfficer@gov.scot
Public Health Scotland: Data Protection Officer’s contact details are available in the NHS Inform Website.
NHS National Services Scotland: Data Protection Officer’s contact details are available in the NHS Inform Website.
Scottish Local Authorities: Data Protection Officers’ contact details are available here. Links to Scottish Local Authority websites can be found on the COSLA website here.
Your employer and any other organisation you decide to share your information with: You will need to contact these organisations directly if you have any questions, comments, complaints or requests for them.
4. Personal information we process
We collect, use, store and transfer different kinds of personal information about you as follows:
| Personal information | Additional details | Where is this information received from? |
|---|---|---|
| Mobile phone number | If your COVID-19 test result is positive, your mobile phone number will be used to provide an authorisation code for you to enter into the app. The app itself does not use your mobile phone number. | This is provided by you when you are contacted by the National Contact Tracing Centre or when you book a COVID-19 test. |
| Estimated date of infection | If your COVID-19 test is positive, a contact tracer will estimate the date of infection. This is likely to be either the test date or the date of your first symptoms. The estimate can be based on the information you have provided. | This is taken from the CMS used by the National Contact Tracing Centre and is estimated by a contact tracer. |
| Date of COVID-19 test | If your COVID-19 test is positive, you will receive an SMS which contains the date of your COVID-19 test as well as your Authorisation code. | This is taken from the CMS used by the National Contact Tracing Centre. |
| Authorisation code | If you have received a positive COVID-19 test result, you can enter this random authorisation code into the app to allow the random IDs that were collected during the relevant infectious time period to be sent to the app server and exposure notifications to be provided to other app users. Your authorisation code is sent to you by text message. | This is requested by the National Contact Tracing Centre only if you told them that you are an app user and that you want to receive an authorisation code. It is provided to you by text message, and is generated by the app and sent to you using the Gov.UK text service. |
| IP address | Internet Protocol (IP) address is a numerical label assigned to your device by the mobile phone or the Wi-Fi service provider. This allows the app to communicate with the internet. | This is assigned to your device by your mobile phone or your router. This is automatically determined by your internet service provider. |
| Diagnosis keys | The app collects anonymous random IDs using Bluetooth technology when app users come into close contact with each other. If an app user receives a positive COVID-19 test result and inputs an authorisation code into the app, the random IDs that were collected during the relevant infectious time period are sent to the app server. These are known as diagnosis keys and are combined with the user’s IP address to send the data to the app server, after which the IP address is stripped off so the diagnosis keys are anonymous. | These are generated by the app. |
| Exposure notification | This is a notification provided by the app to an app user who has been in contact with an unnamed person who has tested positive for COVID-19, where the contact was recent enough, and for a sufficient time at a close enough distance, to mean that the app user receiving the notification may have been at risk of contracting the virus. | These are generated by the app. |
| Your confirmation of app use | This is your confirmation when you click “yes” to the question “Do you agree to continue and start using this app?” during the initial setup of the app on your device. This is combined with your IP address to send the data to the app server, after which the IP address is stripped off so the confirmation of app use is anonymous. | This is generated by the app after you click “yes”. |
| Your age group | When you first start to use the app, you will be asked to what age group you belong to. We ask this to give you the right information when you first start using the app. | This is provided by you when you download the app. |
| Estimated end date of self-isolation | This is calculated based on your estimated date of infection. This is shown in Exposure Notifications and the self-isolation certificate. | This date is extracted from the Exposure Notification generated by the app. |
| Your name | This is your name as you want it to appear on the self-isolation certificate. | This is provided by you when you request a self-isolation certificate. |
| Your email address | This is your email address where you want to receive a copy of the self-isolation certificate. | This is provided by you when you request a self-isolation certificate. |
| Recipient email address(es) | These are the email addresses of the persons and organisations that you want to share your self-isolation certificate with (e.g. your employer). | This is provided by you when you request a self-isolation certificate. Please make sure you enter the email(s) of recipient(s) correctly as the certificate will be sent to the email address(es) you provide. |
| Your full postcode | If you wish to apply for a COVID self-isolation support grant from your Local Authority, the app needs your full postcode to determine which Local Authority to send the self-isolation certificate to. | This is provided by you when you request a self-isolation certificate to be shared with your Local Authority. |
| Your self-isolation certificate number | This is a unique reference number that ensures that only one self-isolation notice/certificate is produced for each isolation period, per person. It appears on the self-isolation certificate. | This is generated by the app when you request a self-isolation certificate |
| The fact you have requested a self-isolation certificate | When you click “continue” to be redirected to the web page to request a self-isolation certificate after you’ve received an Exposure Notification. This is combined with your IP address to send the data to the app server, after which the IP address is stripped off. | This is generated by the app after you click “continue”. |
| Confirmation of sent self-isolation certificate(s) and whether you’ve sent a self-isolation certificate to a Local Authority | When you click “submit” to send self-isolation certificates. This is combined with your IP address to send the data to the app server, after which the IP address is stripped off. | This is generated by the app after you click “submit”. |
Some of the information mentioned above is personal information relating to health. This is because that data implicitly indicates that you either have tested positive for COVID-19 or you have received an Exposure Notification. Personal health information is considered special category data in terms of data protection legislation.
You can learn more about how your personal information is anonymised.
Metric Data
We collect and use statistical and aggregated data regarding:
- the total number of app users;
- the total number of authorisation codes entered by app users;
- the total number of exposure notifications provided to app users;
- the total number of self-isolation certificates requested;
- the total number of self-isolation certificates generated;
- the total number of self-isolation certificate emails that have been sent; and
- the total number of self-isolation certificate emails sent to Local Authorities.
This is called metric data.
In order to count these totals, your device sends a “count” to the app server:
- When you click “yes” to the question “Do you agree to continue and start using this app?”;
- Every time diagnosis keys are sent from your device to the app server after you have entered an authorisation code;
- Every time your device gives you an exposure notification;
- When you hit the “continue” button to be redirected to the web page to request a self-isolation certificate; and
- When you hit the “submit” button after you have entered your recipient(s) email address(es).
The app uses your IP address in order to send these “counts” to the app server. At this point this is considered your personal information, because it contains your IP address. Once the “count” reaches the app server (typically in no more than a few seconds), the IP address is deleted, and this “count” becomes anonymous and can no longer be associated with you or any other app user.
The total number of emails and total number of self-isolation certificates sent to Local Authorities are counted when the app server sends the emails to Gov.UK Notify after you click “submit”.
Metric data is collected on a Scotland-wide basis and is not considered personal information in law as this data will not directly or indirectly reveal your identity. We may hold this information indefinitely and collect this information to:
- Allow us and members of the public to have visibility of the level of uptake and the potential of the app to reduce the rate of spread of infections of COVID-19; and
- To gather information required to obtain formal regulatory approval (from the Medicines and Healthcare Products Regulatory Agency) and accreditation for the app.
You can learn more about how your personal information is anonymised.
5. How we use your personal information
We will only use your personal information when the law allows us to do so and to the minimum extent possible.
These are the purposes for which your personal information is used:
| Personal information | Purpose / activity |
|---|---|
| Mobile phone number | To send your authorisation code to you by text. Your authorisation code is needed for exposure notifications to be provided to other app users if you receive a positive COVID-19 test result. |
| Estimated date of infection | To identify the relevant time period during which other app users could have been infected if they were near an app user who has received a positive COVID-19 test result. The infectious time period is used to identify the relevant random IDs from the app user’s device who has tested positive, to allow exposure notifications to be provided to other app users who have been in close contact with the infected app user during the infectious time period and therefore could be at risk of having contracted COVID-19. Used to produce a self-isolation certificate for a particular period. |
| Date of COVID-19 test | This is sent to you so you know the date of the test we are referring to when we let you know you have tested positive. |
| Authorisation code | To allow exposure notifications to be provided to other app users, if you receive a positive COVID-19 test result. This is also used to collect metric data. |
| IP address | To send information from your phone to the app server to allow exposure notifications to be provided to other app users and to collect metric data. |
| Diagnosis keys | To provide exposure notifications to app users and to collect metric data. |
| Exposure notification | To inform you that you may have been at risk of contracting the virus and to collect metric data. |
| Your age group | To ensure you are presented with the correct age-appropriate app processes and security protections relevant for your age |
| Your confirmation of app use | To generate metrics. |
| Your request for a self-isolation certificate Confirmation of self-isolation certificate sent to you, your chosen recipients and your Local Authority | To generate metrics. To confirm that your self-isolation certificate has been sent to the recipient as you requested. |
| Self-isolation certificate (Estimated end date of self-isolation, Your name) | If you request a self-isolation certificate, the app generates the self-isolation certificate unique reference number and sends you a link to a web page, where you can provide details of the persons and organisations you want to share your certificate with. The web page will also collect your name as you want it to appear in the self-isolation certificate. Your employer may need this information for health and safety, as well as management purposes. Local Authorities need this information to assess your application for a self-isolation support grant. Your self-isolation certificates are sent to your selected recipients using a secure email service (Gov.UK Notify). |
| Your email address | To send you your copy of the self-isolation certificate via email. This information is also included in your self-isolation certificate when it is sent to you, it is not included when the self-isolation certificate is sent to others. |
| Recipient email address(es) | To send recipients a copy of your self-isolation certificate via email. Each recipient will only see their own email address on the self-isolation certificate; they will not be able to see the email addresses of the other recipients of your self-isolation certificate. |
| Your full postcode | To determine which Local Authority is responsible for your self-isolation grant. |
| Your Self-isolation Notice/Certificate reference number | This unique certificate number is included in your self-isolation certificate. This unique certificate number is anonymous on its own. It is stored anonymised in the app servers for 14 days to ensure that only one self-isolation certificate is issued for each isolation period and for preventing or detecting fraud. |
What are the lawful grounds
These are the lawful grounds on the basis of which each controller processes your personal information for the above purposes:
Personal Data:
- Mobile phone number
- Estimated date of infection
- Date of COVID-19 test
- Authorisation code
- Diagnosis keys
- IP address
- Your confirmation of app use
- Your age group
| Data Controller | Legal basis |
|---|---|
| Scottish Government |
|
| NHS National Services Scotland |
|
| Public Health Scotland |
|
Personal Data:
- Exposure notification
| Data Controller | Legal basis |
|---|---|
| Scottish Government |
|
| NHS National Services Scotland |
|
| Public Health Scotland |
|
Personal Data:
- Self-isolation Notice/Certificate data (Estimated end date of self-isolation and Your name)
- Your email address
- Recipient email address (e.g. your employer or Scottish Local Authority)
- Your full postcode
- Your Self-isolation Notice/Certificate reference number
- That you have requested a self-isolation certificate, the confirmation of sent self-isolation certificate(s) and whether a self-isolation certificate has been sent to a Local Authority
| Data Controller | Legal basis |
|---|---|
| Scottish Government | Scottish Government does not have access to your data, but makes decisions about the processing, such as the purposes and means to use and to issue your self-isolation certificate.
|
| Scottish Local Authorities |
|
| Your Employer / Other Organisations |
|
Automated decision-making
Exposure notifications: the generation of exposure notifications advising you to self-isolate is an automated process, not involving a human. This is carried out on the basis of the consent you provided when you started using the app.
The exposure notification includes the date of the potential exposure but does not include information about where and with whom the potential exposure took place, as we have no way of knowing this. You will receive an exposure notification if any of the random IDs stored on your device matches with a diagnosis key released by another app user by inserting their authorisation code into their device after that app user has received a positive COVID-19 test result. The app tries to match the random IDs on your device with the diagnosis keys on the app server every 2 hours. The exposure notification means that your device has been within 2 metres of that other app user’s device for at least 15 minutes within a 14 day time period during which that other app user could have passed the virus on to you. The 14 day time period from which the diagnosis keys are taken is the 14 days immediately prior to the authorisation code being inserted.
The app will advise you to self-isolate in line with current guidelines, and signpost you to further information. Although recommended, the decision on whether or not to self-isolate is ultimately yours. If after reading the additional information, you wish to discuss the advice to self-isolate and its implications, you can call the National Coronavirus Helpline (0800 028 2816). You also have the right to call the National Coronavirus Helpline to question the advice if you think the advice is incorrect so that you may then make an informed decision as to whether to self-isolate. If you have tested positive, you can discuss the notification with your existing contact tracer to understand the implications.
You can disable exposure notifications from the app settings at any time and/or uninstall the app from your device at any time although doing so will prevent you receiving exposure notifications.
Automated and semi-automated processing
When an authorisation code is inserted, the device sends the diagnosis keys to the app server using the IP address of the device and these are held on the app server anonymously to allow other app users’ devices to search for a match. The processing does not require consent as it is not based solely on automated processing as app users are required to take action to insert authorisation codes into the app.
Processing of anonymised random IDs: the processing of anonymised random IDs as a result of close proximity with other app users is also an automated process. To work, the app requires that location services are switched on when using Android phones but the app does not use GPS location services or Google location services to track your movements.
The processing does not require consent as the random IDs are anonymised. You also can delete the anonymised random IDs stored on your device using the settings and/or uninstall the app from your device at any time.
Storage and access to information on your device
The app stores and accesses information on your device (for example the diagnosis keys from your device are provided to the app server if you enter an authorisation code). For the purposes of the Privacy and Electronic Communications Regulations 2003, such storage and access is strictly necessary for the purposes of the service provided by the app.
The web page which you can use to request the self-isolation certificate only uses cookies and other similar technologies which are strictly necessary.
6. Disclosures of your personal information
Your personal information is shared with the third parties set out below for the purposes/activities mentioned in the table set out in the section How we use your personal information.
| Personal information | Party with whom personal information is shared |
|---|---|
| Mobile phone number | Data processors:
|
| Exposure notification | Data processors:
|
| IP address | Data processors:
|
| Estimated end date of self-isolation | Data processors:
Third party recipients:
|
| Your full postcode | Data processors:
|
The app can only be downloaded from the Apple app Store and the Google Play Store. In this regard they are independent controllers as owners of the app stores. Their processing activity is separate to the processing of personal information on the app. Furthermore, although Apple and Google have developed the technology on which the app is based, neither company obtain any personal information from the app, the exposure notifications or the self-isolation notices.
7. Data retention
| Personal information | Length of time this information is kept |
|---|---|
| Mobile phone number |
|
| Estimated date of infection |
|
| Your age group | This information is not kept. |
| Authorisation code |
|
| IP address | The app uses your IP address only for a few seconds every time data needs to be sent from your device to the app server. IP addresses are not stored and are deleted immediately once the data they are transporting has reached the server. |
| Diagnosis keys |
|
| Exposure notification |
|
| Your confirmation of app use | This is identifiable to you when it is combined with your IP address, only for a few seconds to allow the app server to collect metric data e.g. regarding total number of people using the app. IP addresses are not stored and are deleted immediately once this information has reached the app server. At that point this information can no longer be linked to you. |
| Estimated end date of self-isolation |
|
| Your Self-isolation Notice / Certificate reference number | This information is held on the app server for 14 days in order to verify that only one self-isolation certificate per person per self-isolation period is generated. |
| Your self-isolation certificate (Your name, Estimated end date of self-isolation and Your Self-isolation Notice / Certificate reference number) |
|
The anonymous, random IDs which are held on your device when you come into close contact with another app users are kept for 14 days. This is a global policy set by Apple and Google.
We hold metric data indefinitely.
8. International transfers
Your personal information is not transferred outside the UK.
You should check with your employer and any other persons and organisations who you allow your self-isolation certificate to be sent to whether they transfer your personal information outside of the UK.
9. Data security
Click here to learn more about how the app works and the security measures used.
10. Your rights
You have the following rights under data protection laws in relation to your personal information.
| Your data protection right | How to exercise your right |
|---|---|
| The right to access your personal information. | Since only very limited personal information is retained in a short term and temporary manner, it would not be possible to comply with this request. A copy of your self-isolation certificate will be sent to you if you provide your correct e-mail address. |
| The right to have personal information rectified if it is inaccurate or incomplete. |
|
| The right to have personal information erased and to prevent processing. |
|
| The right to 'block' or suppress processing of personal information. |
|
| The right to portability. |
|
| The right to object to the processing. | If you want to delete the anonymous data stored on your device you can do so using the device settings. You can also select the 'Leave' function in the settings and/or uninstall the app at any time. It is not possible to comply with this right when it comes to your self-isolation certificate and the e-mail addresses and postcode you have submitted because these are retained only for a very short time. |
| Rights in relation to automated decision making and profiling. |
|
| The right to withdraw consent. |
|
In relation to the personal information contained in the self-isolation certificates which you allow to be sent to your Local Authority, your employer and other persons and organisations, you may be able to exercise some of these rights. You will need to contact these persons and organisations directly to do so.
Further information on your rights can be found on the Information Commissioner’s website.
If you have questions regarding your rights, please contact Scottish Government using the details set out in Controllers’ contact details.
If you have any specific questions to Public Health Scotland or NHS National Services Scotland, please contact the Data Protection Officer of that organisation using the contact details available in the NHS Inform Website.
If you have any questions specific to your Local Authority please contact the Data Protection Officer of that organisation using the contact details available on their website or here.
If you have any questions specific to your employer and any other person or organisation which you allow your self-isolation certificate to be sent to you will need to contact these persons and organisations directly.
11. Your right to complain
If you are unhappy with any aspect of this privacy information notice, or how your personal information is being processed in connection with the app, please contact Scottish Government using the details set out in Controllers’ contact details.
If you are unhappy with anything that either Public Health Scotland or NHS National Services Scotland have done, please contact the Data Protection Officer of that organisation using the contact details available in the NHS Inform Website.
If you are unhappy with anything that your Local Authority has done please contact the Data Protection Officer of that organisation using the contact details available on their website or here.
If you are unhappy with anything that your employer and any other person or organisation you allow your self-isolation certificate to be sent has done, you will need to contact these persons and organisations directly.
If you feel any of us have been unable, or unwilling, to resolve your information rights concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). The ICO is the supervisory authority responsible for data protection in the UK.
For further information, including independent data protection advice and information in relation to your rights, you can contact the Information Commissioner at:
The Information CommissionerWycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113.
Website: www.ico.org.uk
You can also report any concerns here: https://ico.org.uk/concerns/handling
12. Changes to this privacy information notice
We keep our privacy information notice under regular review.
This version was last updated on 11 February 2021. It may change and if it does, changes will be notified to you when you next start the app. The new notice may be displayed on-screen and you may be required to read and accept the changes to continue your use of the app.
We may also update this privacy notice as part of a version change to the app. In that case the updated privacy notice will be provided to you when you install the new version.
13. Related and third party services and websites
The National Contact Tracing Centre, Local Authorities and employers and any other person and organisation to which you allow your self-isolation certificate to be sent are each subject to their own privacy notices. The app may, from time to time, contain links to related and/or third party websites and services. Please note that these websites and services have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal information that may be collected through these websites or services. Please check these policies before you submit any personal information to these websites, agree to allow us to send personal information on your behalf or at your request or use these services.
The app has functionality allowing you to send your friends and family a suggestion to download the app. If you use this function, a notification is sent to your selected contacts using your chosen communication method (e.g. text, email, Whatsapp message). These third parties have their own privacy notices according to which they process your information. We do not retain or store any such notification data.
The app has functionality allowing you to send your self-isolation certificate to recipient(s) whose email address(es) you provide. If you use this function, the self-isolation certificate is emailed to the address(es) you provided for your selected recipient(s). We do not accept any responsibility or liability for incorrect or invalid email addresses provided.
14. Glossary
| app backend | Is the part of the app that is not in your phone. This is managed by NES Digital Services on behalf of Scottish Government. The app Backend is hosted within the Amazon Web Services computers. |
| app server | The app server holds the anonymous diagnosis keys used by the app to allow those to be checked for a match with random IDs on other app users’ devices. The app server also collects metric data. |
| Authorisation code (referred to as “Test Code” in the app) | A random code entered into the app by an app user who has had a positive COVID-19 test result, to allow exposure notifications to be provided to other app users. |
| AWS (Amazon Web Services) | Is a cloud computing platform provided by Amazon. It provides cloud infrastructure for the app. |
| Bluetooth IDs (ids) | Refer to Identifier Beacons. |
| CE marking | Is a certification mark that indicates conformity with health, safety and environmental protection standards for products sold within the European Economic Area. |
| CMS | The National Contact Tracing Centre Case Management System provided by NHS NSS. |
| Consent | Occurs when you have freely given, for a specific reason, an informed and unambiguous indication of your wishes by way of a clear affirmative action (such as ticking a box) e.g. by ticking a box to agree to the processing of your data. |
| Controller | Any body which, alone or jointly with others, determines the purposes and means of the processing of personal information. Scottish Government, Public Health Scotland, NHS National Services Scotland and Scottish Local Authorities are controllers in respect of personal information in connection with the app. Users’ employers and any other person and organisation to which users allow their self-isolation certificate to be sent are also controllers. |
| Diagnosis keys | Random IDs sent from a user’s device to the app server after that user has inserted an authorisation code on their app. We have explained here when diagnosis keys are considered personal information and when they are anonymised. This is very technical, but here is a video that explains how it works. |
| Email address | An email address uniquely identifies a mailbox as provided by your email service. When an email is sent to your email address, it’s collected by your email service and placed in your mailbox, which you access through your email account. |
| ENS | Exposure Notification Service |
| Estimated end date of isolation | This is the date on which you will no longer need to self-isolate. |
| Exposure notification | A notification provided by the app to an app user who has been in contact with an unnamed person who has tested positive for COVID-19, where the contact was recent enough, and for a sufficient time at a close enough distance, to mean that the app user receiving the notification may have been at risk of contracting the virus. The notification does not include who the contact was with and where it was but does indicate date of potential infection. This is very technical, but here is a video that explains how it works. |
| GAENS | Google and Apple Exposure Notification Service. |
| Identifier Beacons | Also known as ‘Random IDs’ or ‘anonymous rolling identifiers’: these are random numbers used by the Google and Apple Exposure Notification Service. These are random numbers used by the app to create exposure notifications on app users’ devices. You can learn more here. |
| IP address | A numerical label assigned to a mobile device by the mobile phone or Wi-Fi service provider. It is typically made up of 4 sets of numbers (e.g. 192.168.0.50). As a consequence of how data traffic passes across the internet, the IP address is inevitably transferred to the app server. but this video explains how IP addresses work, but this video explains how IP addresses work. |
| Local Authority (Scottish) | Your Local Authority is your Council. It is One of the 32 Scottish local authorities established by the Local Government etc. (Scotland) Act 1994. They are responsible for administering self-isolation support grants. |
| MHRA | Is the Medicines and Healthcare Products Regulatory Agency. |
| A service hosted within NHS NSS which will support the contact tracing function. | |
| NDS | Also referred to as NES Digital Service, is part of NHS Education for Scotland (NES). They provide digital infrastructure services for the app on behalf of the data controllers. NHS Education for Scotland is the legal entity as Data Processor. |
| Personal information | Any information relating to an identified or identifiable individual who can be identified, directly or indirectly from that information. |
| Processor | Any body which processes personal information on behalf of the controller. |
| Processing | Any action or operation which is performed on personal information (whether or not by automated means) such as collection, recording, storage, use, disclosure and destruction of personal information. |
| Random IDs (also known as identifier beacons, keys, anonymous rolling identifiers and Bluetooth IDs) | These are random numbers used by the app to create exposure notifications on app users’ devices. You can learn more here. |
| Self-isolation certificate | It is a certificate proving that you have received an Exposure Notification; therefore, you are required to self-isolate You can use the certificate to prove that you need to self-isolate to other persons or organisations e.g. your employer or Local Authority. You can also send a copy to yourself. One self-isolation certificate can be produced for you per isolation period. The self-isolation certificate can also be used to support your application for a self-isolation support grant. |
| Self-isolation support grant | It is a grant which you may be eligible for if you are required to self-isolate and are experiencing financial difficulties due to be being told to self-isolate by the app. You will need to apply to your Local Authority to see if you are eligible. For more information on self-isolation support grants please click here for more information on self-isolation. |
