Management Training Scheme (MTS)

Privacy and data protection

This website is managed and maintained by NHS Education for Scotland (NES).

The NES data Protection Policy explains how we will manage the processing of your personal data to ensure compliance with Data Protection principles.

Under the Data Protection Act 1998, NES is registered as a data controller registered with the Information Commissioner. This registration describes the kind of information we may hold about you, how it may be processed and with whom it may be shared. Our registration is Z7921413 which can be viewed at:

NES holds personal information in electronic systems such as computer records and databases as well as on paper files. Personal data will be held for no longer than necessary in line with our records retention policy.

Sensitive information and why it may be requested

Sensitive data is defined as that which relates to racial or ethnic origins, political opinions, religious beliefs, union membership, physical or mental health (including disabilities), sexual life, the commission or alleged commission of offences and criminal proceedings.

NES will only process personal data where it is necessary to carry out our role in health workforce development; for example in mandatory monitoring of equality and diversity, to ensure that NES is a safe place to work, or to ensure compliance with other legal obligations, such as the sick pay policy or equal opportunities policy. Any other use of sensitive data, for example in research, will only be with the express consent of the individuals concerned.

User anonymity and personal information on SHOW and the NES websites

NES is part of the SHOW network and use SHOW to host this website. Log files are maintained and analysed of all requests for files on the SHOW servers. Aggregated analyses of these log files are used to monitor website usage. These analyses are made available to NES to allow them to measure, for example, overall popularity of the site and typical user paths through the site.

In combination with other information which is not collected by SHOW but which may be collected by suppliers of network services, it may in certain situations be possible to identify an individual user's use of the NES website. SHOW does not collect the additional information required and will make no attempt to track or identify individual users, except where explicit consent for this is given or where there is a reasonable suspicion that unauthorised access to systems is being attempted. In the case of all users, SHOW reserves the right to attempt to identify and track any individual who is reasonably suspected of trying to gain unauthorised access to computer systems or resources operating as part of the SHOW service. As a condition of use of this site, all users must give permission for SHOW to use its access logs to attempt to track users who are reasonably suspected of gaining or attempting to gain unauthorised access.

All log file information collected by SHOW and passed onto NES is kept secure and no access to raw log files is given to any third party

Use of cookies

NES does not store any information that would on its own allow us to identify individual users of this service without their permission. Any cookies that may be used by NES are used either solely on a per session basis or to maintain user preferences. Cookies are not shared with any third parties.

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Sharing personal information

Depending on the purpose for which you provided your personal data in the first place, NES may be required to share some information with other organisations: for example the NHS Board that employs you, or relevant professional or regulatory bodies.

Together with other public sector bodies, NES provides payroll information for NES staff and some trainees to support the National Fraud Initiative. More information here.

NES will use personal information as described in our registration. Under no circumstances will NES supply your personal details to organisations other than those described in our registration (see below).

National Fraud Initiative

This authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing and administering public funds, in order to detect and prevent fraud.

On behalf of the Auditor General for Scotland, Audit Scotland appoints the auditor to audit the accounts of this authority. Audit Scotland also assists appointed auditors by conducting a National Fraud Initiative which is a data matching exercise.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

Audit Scotland currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to Audit Scotland for matching for each exercise, and these are set out in Audit Scotland's Instructions (or Handbook), which can be found at:

The use of data by Audit Scotland in a data matching exercise is carried out with statutory authority:

  • Until October 2010, under auditors' powers in section 100 of the Local Government (Scotland) Act 1973 and section 53 of the Local Government in Scotland Act 2003. These powers may also be used, where appropriate, after October 2010.
  • From October 2010, under new data matching powers expected to be in included at Part 2A of the Public Finance and Accountability (Scotland) Act 2000 (as amended by Section 70 of the Criminal Justice and Licensing (Scotland) Act 2010)

Audit Scotland does not require the consent of the individuals concerned under the Data Protection Act 1998. Data matching by audit Scotland is subject to a Code of Data Matching Practice. This may also be found at

For further information on Audit Scotland's legal powers and the reasons why it matches particular information, see the full text fair processing notice at:  or contact Janice MacPhail (0131 220 8669)

Keeping you informed

NES or our partners may use the personal details you provide to tell you about relevant training opportunities, educational events or related activities. We may also contact you to invite you to participate in the evaluation of education or related research. Your personal details will not be provided to commercial organisations for direct marketing purposes.

Your rights

You have the right to:

  • find out what information NES holds about you
  • ask for inaccurate data to be corrected
  • see what information NES holds about you

How can I access information about me ?

  • If you would like to see the information you think we hold about you, please complete and return  'NES Subject Access Request Form'.
  • We will ask for proof of identity - such as a passport or photo ID driving licence - and a payment of £10 to cover administrative costs.
  • Once we have received your request, identification, and fee, we must respond to you within 40 days.

NES data protection contact details

For further information on data protection in NES, please contact:

Frank Rankin
Information Governance Manager
NHS Education for Scotland
2 Central Quay
89 Hydepark Street
G3 8BW

0141 223 1564

Caldicott Guardian

Every NHS organisation has a Caldicott Guardian whose role is to agree and review protocols governing the protection and use of patient identifiable information. NES does not deal directly with patient care and therefore we do not hold or process medical records. NES does, however, have a Caldicott Guardian tasked with ensuring patient privacy is protected in our work. He can be contacted as follows:

Dr Stewart Irvine,
Director of Medicine
NES Central Offices
Westport 102
West Port

0131 656 3352 

Other Data Protection Links

Information Commissioner website:
NHS Information Governance - eLibrary portal: