Our website uses cookies. See our cookies page for information about them and how you can remove or block them. Click here to opt in to our cookies

Funding Privacy Notice


In applying to Creative Scotland (CS) for funding you are supplying CS with personal information about yourself and/or organisation. CS requires this personal information to fully assess your application and make decisions on the allocation of public funding. The following sections contain details of how CS will use this personal information. To help clarify some of the wording, a ‘Definitions’ Section is located at the bottom of this Privacy Notice.

Creative Scotland's status

CS shall be the controller of the personal information and shall comply with the Data Protection Laws when processing the personal information.

Personal information CS uses

  • Name
  • Contact information which may include email address, phone number, postal address
  • Supporting application information which may identify you e.g. photograph
  • CV (if applicable)
  • Banking information for successful applicants e.g. account number. See our Banking Details page for more information.

Use and sharing of your personal information

Download the section of the Privacy Notice for each fund below, in PDF format.

CS’s legal basis for processing the personal information:

  • carry out tasks in the public interest or in the exercise of its official authority as a Controller (public function)
  • for the performance of a contract
  • processing is necessary for compliance with a legal obligation - to comply with a common law or statutory obligation
  • for the purposes of a legitimate interest(s). A legitimate interest is when Creative Scotland, or a third party on our behalf, have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. These interests cover a number of aspects of our business operations, including:
  • -      Information, system, network and cyber security purposes, including the monitoring and protection of our IT systems;

    -      System development and enhancement;

    -      Record management arrangements; and

    -      Ensuring we are able to keep up to date with our contacts and developments in their organisations.

Transfer of personal information outside the European Economic Area

CS shall ensure that if the processing of the personal information, as mentioned above, involves the transfer of the personal information to organisations established in countries outside the European Economic Area, then such transfer(s) shall comply with the Data Protection Laws.

Where your personal information is transferred outwith the EEA, we will provide you with information regarding the safeguards that we have put in place with the recipient country to protect your personal information.

Information about other data subjects

If your funding application and / or supporting information contains personal information about other data subjects, you must comply with the Data Protection Laws when providing their personal information to CS.

What will happen if you do not provide the information CS requires

CS will be unable to enter into a contract with you to provide funding for your project.

Data Subject Rights

When personal information about a data subject is processed, the data subject has the right to:

  • Receive transparent information e.g. this Privacy Notice
  • Access personal information – a data subject has the right to request access to personal information held about them and can do this by contacting CS’s Data Protection Officer (contact details are provided below)
  • Erase personal information – a data subject can request that their personal information be erased
  • Rectify inaccurate or incomplete personal information – a data subject can request their information to be updated
  • Restrict personal information while, for example, a request for rectification of inaccurate or incomplete personal information is being reviewed by CS
  • Object to processing of personal information in defined circumstances

Changes to this Privacy Notice

Any changes CS may make to this Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Making a complaint

If you have any concerns with how CS has processed your personal information, you should contact CS’s Data Protection Officer in the first instance, as CS would welcome the opportunity to work with you to resolve any complaint.

The contact details for CS’s Data Protection Officer are:

Data Protection Officer
Creative Scotland
2-4 Waterloo Place
Edinburgh, EH1 3EG

Telephone: 0330 333 20000

Email: dataprotection@creativescotland.com

If you are still dissatisfied, you can submit a complaint to the Information Commissioners Office (ICO) either by telephone or by completing an online form. The ICO’s contact details are as follows:

Telephone: 0303 123 1113

Website: https://ico.org.uk/concerns/

Website Privacy Notice

Further information on the information that CS collects when you visit the CS website is available in our Website Privacy Notice


CS means Creative Scotland

Controller determines the purposes and means of processing personal information

Data Subject means the living individual who the personal information is about

Funding Applicant is the individual and/or organisation that has submitted an application to receive funding from CS

Personal Information means information obtained by CS from and regarding the individual/organisation as part of the application and assessment process

Processing means any act that is performed in relation to the personal information including collecting, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, aligning, combining, restricting, erasing or destroying

Access to Information Laws include the Freedom of Information (Scotland) Act 2002 and the Environmental Information (Scotland) Regulations 2004 and any legislation supplementary thereto introduced in Scotland

Data Protection Laws include the Privacy and Electronic Communications (EC Directive) Regulations 2003; any legislation implementing the Privacy and Electronic Communications Directive 2002/58/EC of 12 July 2002; the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (GDPR); and any legislation supplementary to the GDPR introduced in the United Kingdom, including the Data Protection Act 2018’

European Economic Area means the Member States of the European Union, Iceland, Norway and Lichtenstein