Navigate Up
Sign In
Loading

My Neighbourhood

Use your postcode to find local councillors, facilities, school catchment areas and more.

Find facilities in my area
new cardiff > ENG > Home > Disclaimer

Privacy Notice

This notice is for customers of Cardiff Council and citizens of Cardiff. 


The Council process personal data on a day-to-day basis. We hold certain information about you this is known as personal data. We are registered with the Information Commissioner’s Office and any information we hold will be processed in line with the principles set out by ICO Regulations, which we must comply with.


We will:


  • Continue to strengthen our processes for maintaining the privacy of all personal information we hold. 
  • Have need for all our employees to comply fully with Data Protection law. 
  • Only hold the minimum personal information needed to allow us to perform our role as a Council. 
  • Delete personal information once the need to hold it has passed. 
  • Access and process all personal information in line with fair processing set out upon collecting information from Individuals. 
  • Design our systems and processes to comply with data protection principles. 
  • Take immediate action if we discover that our policies are not being complied with. 


​This notice is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards that are in place to protect it.





This privacy notice explains how Cardiff Council (as a Data Controller) will collect, use and protect personal data specifically with regards to the coronavirus pandemic.​

The Council already holds data on citizens, employees and stakeholders.  
Where we already hold information regarding vulnerability as defined in the current guidance from the Government and Public Health Wales, we may share this for emergency planning purposes or to protect your vital interests by sharing with services both inside and outside the Council.  

We may, in this current crisis, need to ask you for personal data including sensitive personal data that you have not already supplied - for example, your age or if you have any underlying illnesses or are vulnerable.  This is so the Council can assist you and prioritise its services.

If we have information indicating that you are vulnerable in the current pandemic, we may contact you to ensure your safety and to assist you where possible.

You can view the Council’s main Privacy Notice which contains more information on how we collect, use and protect personal data generally, as well as your rights as a data subject.


Covid-19 High Risk Groups

Personal data is being collected to assess and provide support to adults, children and young people who are in high-risk categories and would be considered vulnerable, if infected with Coronavirus. 



Assess and provide support for staff

Personal data is being collected to enable the Council to identify any staff (or those closely linked to staff/dependents) who are in any of the high-risk categories and would be considered vulnerable, if infected with Coronavirus. 


What is the legal basis for our use of your personal information?

Most ​of the personal information we process is provided to us directly by you, under the General Data Protection Regulation (GDPR).

The lawful bases we rely on for using your personal information are:
  • ​GDPR Article 6 (d) we need to protect your vital interests
  • GDPR Article 6 (e) we need it to perform a public task

When we collect data about your health, we also rely on the following lawful bases:
  • GDPR Article 9 (2) (i) we need to collect it for public health​
  • GDPR Article 9 (2) (j) we need to analyse your information

Your rights

Under data protection law, you have rights including:
 
  • Y​our right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
  • You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you


Who to contact if you have concerns about how your data is being processed 


You can contact Cardiff Council’s Data Protection Team or directly contact Cardiff Council's Data Protection Officer:
By post: Data Protection Officer, County Hall, Room 357, Atlantic Wharf, Cardiff Bay, CF10 4UW

You also have the right to complain to the Information Commissioner’s Office using the following details:
Information Commissioner's Office (ICO) website : 

By post: The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0330 414 6421
Further advice and guidance from the ICO on this issue can be found on the ICO website​​​​External link opens in a new window .
This privacy notice explains how Cardiff Council, Vale of Glamorgan and Cardiff & Vale University Health Board (as Data Controllers) will collect, use and protect personal data specifically with regards to the coronavirus pandemic.

Personal information is shared across organisations for the purpose of responding to the critical public health crisis in respect of the COVID-19 pandemic. The personal data in respect of this service is processed for three purposes, these are to:

Test; the testing of key health and social care workers, other critical workers, members of their household and citizens across the Cardiff & the Vale UHB area at Community Testing Units, Mobile Testing Units and/or at home.

Trace; using results of confirmed cases to make contact with individuals and identify details and make contact with household members.

Protect; enhancing the public health surveillance and response system to enable the prevention of infection and the tracking of the virus as restrictions are eased. The Protection Team operated by Cardiff Council and Vale of Glamorgan Council will make daily contacts with the Primary and Secondary Contacts to monitor the wellbeing and provide advice and clinical recommendations.

What is the legal basis for our use of your personal information?

Most of the personal information we process is provided to us directly by you, under the General Data Protection Regulation (GDPR), the lawful bases we rely on for using your personal information are:

  • GDPR Article 6 (e) we need it to perform a public task

When we collect data about your health, we also rely on the following lawful basis:

  • GDPR Article 9 (2) (h) Provision of preventative or occupational medicine, health or social care or treatment, or the management of health or social care systems
  • GDPR Article 9 (2) (i) Public Health 

Data Protection Act 2018 – Schedule 1, Part 1, (2) (2) (f) – Health and social care purposes
Data Protection Act 2018 – Schedule 1, Part 1, (3) (a) – necessary for reasons of public interest in the area of public health.


Your rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information. • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances. 
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances. 
  • You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. 

View further information on the coronavirus testing programme​​​​External link opens in a new window ​​.

How to complain if you are unhappy about how your data is used

You can complain directly to the Council you can complain directly to:

Cardiff Council
Email: dataprotection@cardiff.gov.uk ​
By post: Data Protection Officer, County Hall, Room 357, Atlantic Wharf, Cardiff Bay, CF10 4UW

Vale of Glamorgan Council
Email: DPO@valeofglamorgan.gov.uk
By post: The Data Protection Officer, Vale of Glamorgan Council, Civic Offices, Holton Road, Barry, Vale of Glamorgan, CF63 4RU

Cardiff & Vale University Health Board
Email: Uhb.Dpo@wales.nhs.uk
By post: Cardiff and Vale University Health Board, Information Governance Department, Woodland House, Maes-y-Coed Road, Cardiff, CF14 4TT

You also have the right to complain to the Information Commissioner’s Office using the following details:

Information Commissioner's Office (ICO)
By post: The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0330 414 6421
Further advice and guidance from the ICO on this issue can be found on the ICO website​​​​External link opens in a new window .

 
The types of personal data we hold and process about you can include:

  • Contact details, including name, address, telephone numbers and email address. 
  • Identifying details, including date of birth, national insurance number and employee and membership numbers.
  • Information that is used to calculate and assess eligibility for benefits 
  • Financial information relevant to the calculation or payment of benefits, for example, bank account and tax details. 
  • Information about your family, dependents or personal circumstances, where required by a relevant service
  • Information about your health where required by a relevant service such as Social Services 
  • Information about a criminal convictions where relevant. 

Where you have provided us with personal data about other individuals, such as family members or dependants please ensure that those individuals are aware of the information contained within this notice.

We may process your personal data to fulfil our obligations and this can include the processing of your personal data for all or any of the following purposes:

  • ​to contact you. 
  • to assess eligibility for our services including calculating and providing you with benefits. 
  • to identify your potential or actual benefit options. 
  • for statistical and reference purposes 
  • to comply with our legal and regulatory obligations as a Local Authority 
  • to address queries from you and to respond to any actual or potential disputes concerning you. 
  • Employment
From time to time we will share your personal data with partner organisations and service providers so that they can help us carry out our duties, rights and discretions in relation to the services we provide. Some of those organisations will simply process your personal data on our behalf and in accordance with our instructions. In each case we will only share data to the extent that we consider the information is reasonably required for these purposes.

Any Personal Information we hold will be disclosed, with reasonable purpose to:

  • Our staff – where the information is vital and required for their work. 
  • The Courts – under the direction of a Court Order. 
  • Our partners – strictly in line with agreed procedures. 
  • Others – as detailed in the Council’s Data Protection registration. 

Under the Digital Economy Act 2017, the Council may share personal data provided to us with other Council’s for the purposes of fraud, crime detection/prevention, to improve public service delivery, statistical research.

Cardiff Council has a duty to protect the public fund it manages. Therefore, the information that you have provided to us may be used for the prevention and detection of fraud or shared with Council Officers responsible for auditing or administering public funds.

Where requested or if we consider that it is reasonably required, we may also provide your data to government bodies and dispute resolution and law enforcement organisations, including those listed above, the Pensions Regulator, the Pensions Ombudsman and Her Majesty’s Revenue and Customs (HMRC). They may then use the data to carry out their legal functions.

In some cases these recipients may be outside the UK. This means your personal data may be transferred outside the EEA to a jurisdiction that may not offer an equivalent level of protection as is required by EEA countries. If this occurs, we are obliged to verify that appropriate safeguards are implemented with a view to protecting your data in accordance with applicable laws. Please use the contact details below if you want more information about the safeguards that are currently in place.
We will only keep your personal data for as long as we need to in order to fulfil the purpose(s) for which it was collected and for so long afterwards as we consider may be required to deal with any questions or complaints that we may receive, unless we elect to retain your data for a longer period to comply with our legal and regulatory obligations.

More details can be found on the Council’s retention schedule.​​​​​External link opens in a new window
You have a right to access and obtain a copy of the personal data that the Council holds about you and to ask the Authority to correct your personal data if there are any errors or it is out of date. In some circumstances you may also have a right to ask the Council to restrict the processing of your personal data until any errors are corrected, to object to processing or to transfer or (in very limited circumstances) erase your personal data.

If you wish to exercise any of these rights or have any queries or concerns regarding the processing of your personal data, please contact the Data Protection Officer as indicated below. You also have the right to lodge a complaint in relation to this privacy notice or the Councils processing activities with the Information Commissioner’s Office which you can do through the website below or their telephone helpline.

You can obtain further information about these rights from the Information Commissioner’s Office​​​​External link opens in a new window or via their telephone helpline 0303 123 1113.
The Council holds personal data about you in its capacity as data controller. This includes the need to process your data to contact you, to calculate, secure and pay your benefits, for statistical and reference purposes. Further information about how we use your personal data is provided below.

The legal basis for our use of your personal data will generally be one or more of the following:

  • ​we need to process your personal data to satisfy our legal obligations as the Local Authority 
  • we need to process your personal data to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body; [and/or] 
  • because we need to process your personal data to meet our contractual obligations to you 
  • processing is necessary in order to protect the vital interested of the data subject or of another natural person
We may update this notice periodically. Where we do this we will inform you of the changes and the date on which the changes take effect.


​​​​​​​​​​Some departments of the council need to have their own specific privacy policy due to the nature of the services they deliver.​​ 
 

Why we are providing this notice to you
Cardiff Council require your personal data to perform specific tasks relative to Adults receiving Care and Support, in line with public interests.


This notice is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards that are in place to protect it.


What personal data we hold, and how we obtain it
During the course of our involvement with you, we collect a variety of information from you;

  • name, address, and date of birth
  • your needs and circumstances
  • professional opinions
  • staff supporting you
  • when and where staff met with you
  • what the meetings were about and what happened in them
  • information that your carer / other people you know have given to us
  • information provided by other services working with you, e.g. Health, care workers and voluntary agencies


How we will use your personal data
We will use this information to make sure that;

  • staff supporting you have accurate, up to date information to help decide the best possible support for you
  • there are accurate records when we review your care and support
  • any concerns can be properly looked into if you have a complaint
  • you only have to give your information once


How long we keep your personal data
Under data protection law, we will only keep your personal data for as long as we need in order to fulfil the purpose(s) for which it was collected.


More details can be found on the Council’s retention schedule;

Sharing Information between services
Sometimes we have to share personal information without asking the individual. This can happen;

  • for legal proceedings when a Court Order is made
  • if there is a risk of harm or abuse to you or other people
  • where you may be unable to give consent at any time, for example because of a physical or mental health condition
  • to assist the authorities with the prevention / detection of crime or the prosecution of offenders, or the assessment / payment of tax


Keeping your information confidential
The Council have a legal duty to keep your information about you confidential and secure.  If we need to share information about you we will:

  • tell you why we need it
  • ask only for what we need, and not collect too much or irrelevant information
  • protect it and make sure nobody has access to it who shouldn’t have
  • let you know whether we share it with other organisations to give you better services, and whether you can say no
  • make sure we don’t keep it longer than necessary


Your Rights
As a data subject, you have many rights regarding your personal data.  This includes:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to the withdrawal of consent
  • Right to data portability
  • Right to the restrict processing
  • Right to object
  • Rights in relation to automated decision making and profiling


Withdrawing Consent
If we are relying on consent to process your data, you can request to withdraw consent or restrict / object to some elements of the processing.  The council does not rely on consent in most cases because it has legal requirements to do certain tasks.  For example, processing planning applications, collecting council tax payments and social work tasks are based on legal requirements, not on consent.

Contacting us / Data Protection Officer
Please contact the Data Protection Officer for further information.


Data Protection Officer
Information Governance Team
County Hall
Atlantic Wharf
Cardiff
CF10 4UW
dataprotection@cardiff.gov.uk


Further Information
For further information please refer to the Council’s Full Privacy Notice.

How do we collect your personal information?
Personal information may be collected by -

  • paper form (e.g. via Household Enquiry Form)
  • via www.gov.uk/register-to-vote
  • email
  • telephone
  • website
  • face to face (via our employees)
  • other Council departments

What information do we collect from you?
We collect your name, address, email address and telephone number. Sometimes we collect other information you may feel is sensitive to you. This might be your nationality, date of birth, national insurance number or the reason you might require a postal or proxy vote. We may require further evidence from you such as copies of your passport, marriage certificate or driving licence.


Why do we collect & process this information?
Cardiff Council collects & processes this information to allow eligible electors to vote in elections. We are required by law to provide an electoral service. In order for us to do this, you must provide your personal information to us. The law that requires us to do this is the Representation of the People Act 1983.


The information supplied/collected will be processed in line with the requirements of the General Data Protection Regulation and the Data Protection Act 2018

Who might we share your information with?
Our software providers will also store your information, but only on our instructions. They won’t use it for any other reasons, and they have to look after it in the same way we would. You can view their privacy information


We may share information with other departments of Cardiff Council where the information is requested for the prevention and detection of a crime. This information is requested solely to comply with the Council’s statutory requirements. The information will not be used for any other purpose. All staff who deal with this matter are advised that it is a criminal offence to disclose or make use of any information provided under the terms of their request.  The provision relating to the supply of the Register of Electors are contained within the Representation of the People (England and Wales) Regulations 2001. It is an offence to contravene the provisions in those Regulations. A person found guilty of such an offence is liable on a summary conviction to a fine not exceeding level 5 on the standard scale.


We are required to provide copies of the full electoral register to certain organisations and individuals by law.  They may use it for their own reasons that are different to ours, but they still have to look after it in the same way.


The full register is published once a year and is updated every month and can only be supplied to the following people and organisations:

  • British Library
  • UK Statistics Authority
  • Electoral Commission
  • Boundary Commission
  • Jury Summoning Bureau
  • Elected Representatives (MP, MEPS, Local Councillors)
  • Police and Crime Commissioner
  • Candidates standing for elections
  • Local and National Political Parties
  • Community Councils
  • Police Forces, National Crime Agency
  • Credit Reference Agencies

We will also share data with the following companies:

National Fraud Initia​tive​​​​​​​

This authority is under a duty to protect the public funds it administers, and to this end may use the information you have provided for the prevention and detection of fraud. It may also share this information with other bodies responsible for auditing or administering public funds for these purposes​​

The Individual Electoral Registration Digital Service (IERDS)​​​​External link opens in a new window

To verify your identity, the data you provide will be processed by the Individual Electoral Registration Digital Service managed by the Cabinet Office. As part of this process your data will be shared with the Department of Work and Pensions and the Cabinet Office suppliers that are data processors for the Individual Electoral Registration Digital Service.

The Department for Work and Pensions (DWP)​​​​​​​External link opens in a new window

Will use your information to verify your eligibility for the electoral register. They won’t use it for any other reasons and they have to look after it in the same way.

Electoral Reform Services​​​​​​​External link opens in a new window

ERS print our Household Enquiry Forms and Invitations to Registers. They will use your information, but only on our instructions. They won’t use it for any other reasons, and they have to look after it in the same way we would.  

 ​

MPS Marketing Services (214kb PDF)​​​Link opens in a new window

MPS print our poll cards and ballot papers for elections. They will use your information, but only on our instructions. They won’t use it for any other reasons, and they have to look after it in the same way we would.  

iCom Printworks (390kb PDF)​​​​Link opens in a new window

iCom print our postal vote mailers. They will use your information, but only on our instructions. They won’t use it for any other reasons, and they have to look after it in the same way we would.  

 

Restore Datashread (4.3mb PDF)​​​Link opens in a new window

Cardiff Council uses Restore Datashread for the secure destruction of confidential waste. When registration paperwork is no longer required it is securely destroyed by this company

The Maltings​​External link opens in a new window

After elections our paperwork is securely stored with The Maltings for a set retention period before secure destruction is authorised


The Electoral Register is published once a year. When this is published the previous register is frozen and a bound copy is sent into archive. These are stored on our behalf at Glamorgan Archives.

You can visit Glamorgan Archives at :-
Glamorgan Archives - Clos Parc Morgannwg, Leckwith, CARDIFF, CF11 8AW


If you have opted to be included in the open register, by law your information can be shared with anyone who requests it. They may use it for their own reasons that are different to ours, but they still have to look after it in the same way.  The electoral register can also be viewed at our office in County Hall by anyone who requests it. Inspection of the Electoral register is under supervision. They can take hand written notes but no copies or photographs can be taken. The information taken must not be used for direct marketing purposes, in accordance with data protection legislation, unless it has been published in the open version. Anyone who fails to observe these conditions is committing a criminal offence and will be charged a penalty of up to £5,000. 


You can choose whether or not to have your personal details included in the open version of the register; however, they will be included unless you ask for them to be removed. Removing your details from the open register will not affect your right to vote.


What do we do with your information?
We use it for electoral purposes.

The information supplied/collected will be processed in line with the requirements of the General Data Protection Regulation and Data Protection Act 2018 


Sometimes we have to give it to other authorities, organisations or people. This would be for the prevention or detection of crime, or to comply with a legal obligation, for example. We don't need your consent to do this, but if we can, we'll let you know if we've passed your information on.


How long do we keep hold of your information?
For as long as we need it. Once we no longer need it, we will keep it for a set period (a retention period) but not use it. When the retention period expires we will delete your information from our records.


Your rights

You are entitled to exercise your individual rights, including access to information, correcting inaccurate information or objecting to the processing of your personal data


Write to - The Data Protection Officer, County Hall, Atlantic Wharf, Cardiff , CF10 4UW

Email the Data Protection Officer at individualrights@cardiff.gov.uk

 

Further Information
You can access the Councils Full Privacy notice

Why we are providing this notice to you
The Council is required by law to protect the public funds we administer and as a result, to ensure that taxpayers’ money is not taken out of the system fraudulently.


This notice is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards that are in place to protect it.


What personal data we hold
In order to perform this task, we can collate a variety of data we already hold about you. For further information please refer to the Council’s Full Privacy Notice.


Organisations we share your personal data with
To prevent and detect fraud, we may share information provided to us with other bodies responsible for auditing and administering public funds, such as the Cabinet Office, Department for Work and Pensions or other Council’s.


The Auditor General for Wales (the Auditor General) reviews the accounts of The Council and requires us to participate in data matching exercises to help in the prevention and detection of fraud.


Data matching involves comparing computer records held by one body against other computer records held by the same or another body, to see how far they match. This is usually personal information. 


This kind of data matching allows potentially fraudulent claims/payments to be identified. A match can identify a variation which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
We are required to provide specific sets of data to the Auditor General for matching for each exercise and these are set out in the Wales Audit Office  guidance​​​​​External link opens in a new window .

The use of data by the Auditor General is carried out under his powers in Part 3 of the Public Audit (Wales) Act 2004. It does not require the consent of the individuals concerned under the General Data Protection Regulation.


Data matching by the Audit General is subject to a Code of Practice​​​​​​External link opens in a new window .

For further information on the Auditor General’s legal powers and the reasons why it matches particular information, see;
http://www.audit.wales/about-us/national-fraud-initiative/fair-processing-notices 

Code of Data Matching Practice​ (605kb PDF)​​​​Link opens in a new window


Contacting us / Data Protection Officer
If you have any concerns relating to the National Fraud Initiative, please contact the Data Protection Officer for further information.


Data Protection Officer​
Information Governance Team
County Hall
Atlantic Wharf
Cardiff
CF10 4UW
dataprotection@cardiff.gov.uk

Written content submitted through our customer service ChatBot (Bobi) in Welsh will be processed by Google Translate in order to derive an English text equivalent for content recognition. This means that any information entered in Welsh is also subject to the data processing terms of Google Translate.​​​​​​External link opens in a new window

Images uploaded to the ChatBot as part of a fly-tipping report may also be handled outside the EU. They are temporarily stored in the Cloud before being submitted to the Waste Management team. After submission, images are retained in the Cloud for 24 hours before being deleted. 

All chatbot transcripts are recorded for training and monitoring purposes. Transcripts will be retained by Cardiff Council for twelve months.
In response to school closures following the COVID-19 pandemic, Cardiff Council acknowledges that children entitled to free school meals are not currently provided with an alternative. As such, we have allocated time and resources to ensure children who would have received free meals can now receive an electronic voucher instead. We are working closely with a selected company (Sodexo) to ensure this is facilitated as quickly as possible. As such, limited personal data will be provided to the company in order to facilitate this service and ensure needs are met. Our lawful bases for the processing of personal data for this purpose are contract and public task.

If you would like more information on how Sodexo process personal data, you can view their privacy policy​​Link opens in a new window .
Elected Councillors are the controllers accountable for the processing of personal information in connection with requests received from ward constituents.
 
In accordance with current data protection legislation, this Privacy Notice provides information about how Elected Councillors process personal information for the purpose of responding to requests from constituents and provides information about the privacy rights of individuals.
 

What is the role of an elected representative?

Elected Councillors regularly hold advice surgeries and respond to casework and policy queries raised by residents in their ward. In order to provide assistance and respond to these enquires, it is necessary to process personal data relating to the constituent making the request and other individuals who may be involved or identified in the matters raised or during the course of enquiries.
 

How is personal data processed when responding to requests from constituents?

When you ask an Elected Councillor for help and assistance they will need to collect some information from you. This will generally include personal information such as your name, address and contact information together with details of your problem or concern. 

The law treats some types of personal information as ‘special’ because the information requires more protection due to its sensitivity. This includes information about racial or ethnic origin; sexuality and sexual life; religious or philosophical beliefs; trade union membership; political opinions; genetic and bio-metric data; physical or mental health; and criminal convictions and offences.  It will only be necessary to collect this type of information where it is relevant to the request you are making. In these circumstances you will need to complete a Consent Form (626kb PDF). ​​​Link opens in a new window
 
The personal information you provide and Elected Councillors may receive from organisations or individuals in the course of enquiries, will only be used to progress the problem or concern you have raised. Your personal data will not be used in a way that goes beyond your reasonable expectations.
 

Is my personal data shared with anyone else?

Personal information about you will only be disclosed on a ‘need to know’ basis to a relevant third party organisation and/or individual who is able to provide information to help address or resolve your concern. Examples include Cardiff Council, another council or Welsh Government, elected representatives and other holders of public office, landlords, law enforcement agencies and investigating bodies, the media, healthcare, social and welfare advisers or practitioners.  

No personal information obtained by Elected Councillors will be further disclosed other than for the purpose of progressing and responding to requests from constituents, unless required by law eg. for crime prevention or detection or the safeguarding of vulnerable children or adults. 

Personal information may be stored on behalf of Elected Councillors by the Council on a dedicated part of its secure network. Other than technical and monitoring operations, access and processing is undertaken only in accordance with Elected Councillors instructions.   

Any third parties with whom Elected Councillors may share your data are obliged to keep your details securely, and to use your data for purposes already communicated to you.

If you specifically ask an Elected Councillor not to disclose information identifying you to other third parties they may need to contact, they will try to respect that. However, please be aware that it may not be possible to progress a matter for you on an anonymous basis.

When an Elected Councillor’s term of office ends, they may transfer any unresolved requests from you to another ward councillor, unless you tell them not to do so.
 

How is personal data about other individuals processed in connection with requests from constituents?

In representing constituents, Elected Councillors will from time to time also process personal information relating to:

  • employees working in the Council and/or other public sector, third sector or private sector organisations 
  • elected representatives and others in public office
  • complainants and enquirers 
  • relatives, guardians and associates of the constituent an Elected Councillor represents  
  • business or other contacts 
  • the subject of complaints

​What is the legal basis for processing my personal data?

​The legal bases relied on for processing personal information in relation to responding to requests from constituents are:

  • the implied or explicit consent of the constituent making the request (or any other relevant persons where this is appropriate) 
  • in the substantial public interest in elected representatives responding to casework requests 
  • for the performance of a task carried out in the public interest or the exercise of an Elected Councillor’s functions, to carry out casework to support or promote democratic engagement
  • in pursuit of an Elected Councillors legitimate interests as an elected representative and those of their constituent, in order to assist in resolving concerns raised with them, when it is assessed that these interests override any privacy intrusion involved in processing personal data about other individuals   ​

Is my personal data transferred beyond the EEA? 

Personal information within Elected Councillors control will not be sent beyond the European Economic Area (‘EEA’)

or

Some service providers are located outside of the European Economic Area (EEA) and therefore it may be necessary to transfer your personal data outside of the EEA. Where Elected Councillors do transfer your data outside of the EEA they will make sure that it is protected in the same way as if the data was inside the EEA.


For how long will my personal data be kept? 

Following closure of a case, the case papers are usually kept until the end of an Elected Councillor’s term of office or 3 years, unless you ask them to do otherwise or otherwise required by law.


Casework is often revisited to provide the best service and representation for constituents, from whom Elected Councillors may continue to receive correspondence. Therefore, it is reasonable for an elected representative to hold personal data for this length of time.


If an Elected Councillors period of office ends before resolving a constituent’s request, they may transfer the case file to another ward councillor, unless you ask them not to do so. 



How is my personal data safeguarded? 

Security measures are taken to ensure that personal information within an Elected Councillor’s control is protected from accidental loss or alteration, inappropriate access, misuse or theft. 

What rights do I have to my personal data? 

At any point while an Elected Councillor is in possession of, or processing, your personal data, you, the data subject, may withdraw your consent for them to process your data.  

You also have the following rights: 

  •  Right of access – you have the right to request a copy of the information that Elected Councillors hold about you.
  • Right of rectification –you have a right to correct data that Elected Councillors hold about you that is inaccurate or incomplete.
  • Right to be forgotten in certain circumstances you can ask for the data Elected Councillors hold about you to be erased from their records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing. 
  • Right of portability – in certain circumstances, you have the right to have the data Elected Councillors hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing, such as direct marketing and automated processing 
  • Right to complain - if an Elected Councillor refuses your request under rights of access, they will provide you with a reason why. You have the right to complain.  If an Elected Councillor is unable to resolve your complaint to your satisfaction, you may complain to the Information Commissioner’s Office (please see contact details below).


You can get in touch with an Elected Councillor by letter, email or telephone, using the contact details given on the Council’s website​.


Please note that Elected Councillors will need to ask for identification if you choose to exercise any of the above rights in relation to your personal data.

The Information Commissioner’s Office (ICO) is responsible for upholding information rights in the UK. For a detailed explanation of all these rights and, the circumstances in which they apply, please visit the ICO website​​Link opens in a new window .

If you wish to complain to the Information Commissioner the contact details are:

Information Commissioner's Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

Tel: 0303 123 1113 

Email: casework@ico.org.uk​
​​​​​​​​​  


Xerox

Cardiff Council may use an external company known as Xerox for the printing and posting of some of its mail, providing a service known as Hybrid Mail. All information is held and transmitted only in accordance with current data protection legislation and Cardiff Council’s data protection policy. For further information on how Xerox manage personal data, view Xerox Privacy Policy​​​​​​​External link opens in a new window .


Contacting Data Protection 


Please contact the Data Protection Officer for further information.

Data Protection Officer
Information Governance Team
County Hall
Atlantic Wharf
Cardiff
CF10 4UW 


dataprotection@cardiff.gov.uk 


You have the right to withdraw your consent to the processing at any time by notifying the Data Protection Officer in writing. ​​​

​​​
​​​​​​​​ ​​​​​​​​​​​​​​​​​​​
Cymraeg