Accessibility Tools
Accessibility Tools
Call us: 0300 303 4321
Lochside Outreach Glenkens Outreach New Galloway Kelloholm Outreach Annandale and Eskdale Outreach Mid-Galloway Outreach Glenkens Outreach Dalry Castle Douglas Annan CAB Stranraer CAB Dumfries CAB (Headquarters)
Cookie Policy NHS Families Project Self-help Carbon Monoxide Alarms Fair Work First Thank You HSCP Complaints Procedure Warm Home Discount Scams & Gambling Food Banks in Dumfries and Galloway Energy COST OF LIVING HELP Volunteering Video Pension Wise Newsletter Meet our Volunteers Contact us Eu Citizen feeling in the dark about Brexit? Health Latest Volunteer Other Ways to Help Us Contact us Family Immigration Housing and Homelessness Law and Courts Work Debt and Money Consumer Rights Benefits Advice Subject Access Request Form Locations Who Funds Us Board of Directors Privacy & Cookie Policy Get Advice Who we are Home
Energy Efficiency Advice Lochside Outreach Mid-Galloway Outreach Kelloholm Outreach Vacancy – Volunteer Triage/Receptionist Lockerbie Outreach A Fond Farewell for Elizabeth Energy Advice on your Doorstep Bureau Closure Days Heat in Buildings Consultation Outreach Clinics Ending Soon Our 2022-23 Annual Report is out now! Our Opening Hours are Changing Be scam aware this December New Outreach at Lockerbie Christmas Opening Hours A tree-mendous Christmas for local charities Tennessee students visit Citizens Advice Service Warm Home Discount Scheme Outreach clinics for Glenkens Beware the Council Tax debt trap Money Talk Team Help to Claim Podcast Scam Alert War on Ukraine – UK and Scottish Government information Bright Deal Project Debt Happens, You’re Not Alone Press Release – Energy Crisis Communications Strategy 2022 Volunteer Strategy 2022 Doubling the Scottish Child Payment Adult Disability Payment
Home | Privacy & Cookie Policy

Privacy & Cookie Policy

This website uses cookies
This site uses cookies to enhance your browsing experience. We use necessary cookies to make sure that our website works. We’d also like to set analytics cookies that help us make improvements by measuring how you use the site. By clicking “Allow All”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts.
These cookies are required for basic functionalities such as accessing secure areas of the website, remembering previous actions and facilitating the proper display of the website. Necessary cookies are often exempt from requiring user consent as they do not collect personal data and are crucial for the website to perform its core functions.
A “preferences” cookie is used to remember user preferences and settings on a website. These cookies enhance the user experience by allowing the website to remember choices such as language preferences, font size, layout customization, and other similar settings. Preference cookies are not strictly necessary for the basic functioning of the website but contribute to a more personalised and convenient browsing experience for users.
A “statistics” cookie typically refers to cookies that are used to collect anonymous data about how visitors interact with a website. These cookies help website owners understand how users navigate their site, which pages are most frequently visited, how long users spend on each page, and similar metrics. The data collected by statistics cookies is aggregated and anonymized, meaning it does not contain personally identifiable information (PII).
Marketing cookies are used to track user behaviour across websites, allowing advertisers to deliver targeted advertisements based on the user’s interests and preferences. These cookies collect data such as browsing history and interactions with ads to create user profiles. While essential for effective online advertising, obtaining user consent is crucial to comply with privacy regulations.
Preferences Saved

Privacy Notice

Dumfries & Galloway Citizens Advice Service (also referred to as ‘D&GCAS’, ‘the charity’, ‘we’, ’our’, or ‘us’) is the Data Controller for any personal data we process about you for the purposes set out in this Privacy Notice. Our ICO registration number is Z6081270.
This notice outlines what personal data D&GCAS collects and processes about you when seeking advice and assistance from us. This notice does not cover personal data we process about our staff, workers, trustees, volunteers, applicants, supporters, or donors. There are separate privacy policies for these groups. Please read this notice carefully to understand how we process and look after your personal data.
D&GCAS is a member of the Scottish Association of Citizens Advice Bureaux (SACAB – operating name Citizens Advice Scotland), a network of 59 individual Citizens Advice Bureau (CABx). D&GCAS uses a case management system called CASTLE to record details of all our clients’ enquiries. We are a Joint Controller with Citizens Advice Scotland (CAS) for the data held on this system.

1.    Our Data Processing
1.1. Providing Advice and Assistance

D&GCAS is an independent charity (SC027107) that provides free, confidential, expert advice and assistance to help you resolve your problems. We deliver a holistic service and our data processing may vary depending on the support we are providing. We only use the personal data we need. Most data we process will have been provided by you during your discussions with our advisors. On occasion referrals are made to D&GCAS from other organisations. They may share your data with us to help us provide you with advice and support. They should make you aware when this happens.
D&GCAS processes personal data to keep records of the advice and support offered. We only ask for the information we need, let you decide what you are comfortable telling us, and explain why we need it. We also treat it as confidential. When we record and use your personal information we comply with the requirements of the UK GDPR and Data Protection Act 2018. This means that we use your personal in a way that is:

  • Lawful, fair and transparent
  • Compatible with the purposes that we have told you about
  • Adequate and necessary, we only use the data we need to use for the reason we told you
  • Accurate and up to date
  • Not excessive, we only keep your data for as long as we need it, and
  • Secure and protected

Personal data is processed by D&GCAS to help us to provide an effective and efficient service to you as well as for our insurance purposes. It may include your

  • Name
  • Address
  • Email
  • Phone number
  • Financial data

We may also sometime record data regarding criminal offence data if this information is needed to help us to advise you. You may also provide information about your ethnicity, mental and physical health, political and philosophical beliefs, religion, trade union membership, genetics, sexual life or gender. This is called ‘special category data’ and we will only use this type of personal data where it is necessary for us to deliver services to you and where we are permitted by law.
If you do not want us to record and use your information, we can help you as best we can, but advice will be limited and general rather than specific to your circumstances.

1.2.  Research and Advocacy

We also collect, use and share aggregated data such as statistical or demographic data as part of our research and advocacy work to tackle wider issues in society that affect citizens in Scotland. Aggregated data could be derived from your personal data but is not considered personal data in law as it will not directly or indirectly reveal your identity.
You can see examples of how data is used for research and advocacy work on the Citizens Advice Scotland website.

1.3.  Improvement of Services

We may also use personal data to help improve our services through:-

Follow Up Surveys and Customer Satisfaction Monitoring

We may conduct follow-up surveys and customer satisfaction monitoring with you to help assess and improve our services. All such monitoring will only take place where you have already given your consent for this to happen.


When you browse our website, we may use “cookies” to help us understand how our site is used by visitors, and to develop and enhance our services to you. You can visit our Cookie Policy here. A “cookie” is a bit of information kept on your computer. It tells us things like what device you are using and what pages you click on. We use cookies to:

  • Track aspects of user visits, including the length of a user’s visit, the browser they are using, their geographical location, and the use of the search facility on this website
  • Remember user selected contrast and/or text resizing style preference for this website
  • Record a user’s video preferences for our videos viewed on the website.

1.4.  Promoting our Services

We publish regular newsletters providing information about our service and on current issues which we believe may be of interest to our clients. Newsletters will only be sent to you with your prior consent. You can sign up for our newsletters at  Newsletter | Dumfries and Galloway Citizens Advice Service ( .

1.5.    Children’s Data

The D&GCAS website is not intended for children and we do not knowingly collect data relating to children from our website. However, we may collect information relating to children from you when providing advice and assistance. We will only collect the minimum amount of data necessary for providing you with the relevant support.

2.    Lawful bases we rely on to process your information

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances where:

  • It is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests,
  • You have given us your consent,
  • Processing is necessary for us to perform a public task carried out in the public interest, or
  • There is a legal obligation for us to do so.

Only one lawful basis need apply.
When we process special category personal data, the additional bases for processing that we rely upon is:

  • explicit consent
  • where there is a substantial public interest for us to do so

Please see Appendix 1 for further information on the lawful bases we may rely upon to process your personal data.

3.    Withdrawing Consent

If we rely upon your consent to process your personal data, you may request to withdraw consent at any time by contacting us at which point we shall stop processing your personal data in that way. Please note that this does not affect the legality of our processing up to the date of your withdrawal of consent.

4.    Sharing Data

We may need to share your data in the following situations using the relevant legal basis as noted below:


  • When you give us authority to work with organisations on your behalf
  • When referring between support organisations

Legitimate Interest:-

  • With Citizens Advice Scotland and with members of the Scottish Association of Citizens Advice Bureaux (SACAB)
  • With sub-processors delivering services for D&GCAS (e.g. technology providers)
  • With our insurers if you submit a complaint
  • With funders as part of research and advocacy work
  • With our external auditors Scottish Legal Aid Board (SLAB). They check that we are providing you with the highest quality of service and are allowed to access your information (if randomly selected) under the legal basis of ‘public task’.

Legal Obligation:-

In accordance with the law e.g. with a court order, other authorities, or any regulatory requirement to which the charity is subject.  For example, the Financial Conduct Authority (FCA) might ask us to share a randomised sample of client cases which are being dealt with by the bureau. This is to make sure the advice and service you get is lawful and meets the FCA rules and regulations.

Protection of Vital Interests:-

  • In exceptional circumstances where there is a high risk of harm to an individual. We have strict safeguarding procedures in place for when this may occur.

If we do need to share personal data we will have appropriate controls and processes in place through contracts and/or data sharing agreements. All data sharing will comply with data protection laws. Where possible we will anonymise data.

5.    Transfers to 3rd countries

We may at times transfer personal information outside the UK.
Some of our service providers process personal data we give them outside of the UK. Where this happens and the recipient country is not deemed adequate by the UK Government, then we will put in place additional measures to protect your personal data, such as contracts approved for use by the Information Commissioner’s Office, and any necessary supplementary measures.

6.    Retention

We will not keep your personal data for any longer than is reasonably necessary. We have a record of retention schedule that sets out the periods for retaining and reviewing all information that we hold. All data will be securely disposed of once it is no longer needed.
Most client information is retained for 7 years, however under certain circumstances we are legally required to retain personal data for longer, for example if you have entered into a debt remedy your information is retained for 7 years plus the length of the debt remedy. Where a complaint has been made and it involves an insurance claim or other dispute then we will retain it for 16 years.  Voicemails will be deleted after 28 days.  Forms which are completed when you make an initial enquiry to us through our telephone receptionists, or via email, will be kept electronically for 3 months before being deleted from our system.  Referral forms received from other organisations will also be kept for 3 months.

7.    Project Privacy Notices

Where D&GCAS is involved in delivering a national project locally, there may be an additional Privacy Notice for that project. Where you are a client of a project we will seek to refer you to the Privacy Notice to be read along with this one. These Privacy Notices are linked below:

Patient Advice and Support Service (PASS)

Add in Pensionwise link on website. Use the existing privacy notice

8.    Your Data Rights

Under data protection law, you have certain rights when organisations process your personal information. The rights available to you depend on our reason for processing.

  • Right of access to the data we process about you
  • Right to rectification of any data we process that may be incorrect
  • Right to erasure of data we process about you
  • Right to restrict processing of data we process about you
  • Right to object to D&GCAS processing your data
  • Right to data portability
  • Right not to be subject to automated decision-making and profiling
  • Complaints

You have a right to make a complaint if you are unhappy about the way that your personal data has been processed.  Youi may do this in writing, by email, by telephone or in person. You should contact the Data Controller as detailed at Section 10 of this document.  

So we can help you with your complaint, we need to know:

  • your name
  • how we can get in touch with you – email, phone or address
  • details of the complaint
  • problem – for example, whether you wanted help with debt or housing

We will then use the information you give us to deal with your complaint.  We will only access your information for other reasons if we really need to – for example:

  • for training and quality purposes (your personal data will be anonymised)
  • to include anonymised complaint statistics in internal reports

If you escalate your complaint to an external independent adjudicator, we’ll share your complaint information with them and we may share information with our legal advisors, if necessary.  If your complaint involves an actual or potential insurance claim, we will share details of your complaint with our insurer, ADS Insurance Brokers and Ansvar Insurance.
We keep your complaint information for 7 years. If your case has been subject to a serious complaint, insurance claim or other dispute we keep the data for 16 years.

10. Data Controller Contact Details

If you have any questions or queries, or wish to exercise your data rights you can contact D&GCAS at or write to
Marion Hamilton
Corporate Services Manager
Dumfries & Galloway Citizens Advice Service
81-85 Irish Street
If your queries are about personal data on CASTLE, our case management system, you should contact D&GCAS in the first instance, however your query may be passed to CAS as a Joint Controller of the system. You can find information on CAS’ data processing on the CAS Privacy Policy.

11.  Supervisory Authority Contact Details

You also have the right to lodge a complaint to the Information Commissioner about the processing of your data.
Their contact details are: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow
Cheshire, SK9 5AF. Tel: 0303 123 1113. The website is at:

12.  Changes

We reserve the right to amend this privacy notice from time to time.

Last Updated: June 2023.