Privacy Statement

Why does the Council need your personal data?

In order to deliver services in an effective way the Council will need to collect and use personal information about you. Your privacy is important to us and the Council will process the information you provide in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018. Your data will be kept secure and confidential and the Council will only collect the personal information that is required to provide efficient services to you.

ID: 7934, revised 27/10/2022

What personal data does the Council collect?

The type of personal data the Council collects will depend on the specific service being provided, but may include data such as name, contact details, and financial details. Where appropriate, the Council may also need to collect;special category data (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, data concerning a person's sex life, or sexual orientation) and/or criminal conviction data.

ID: 7936, revised 27/10/2022

What is the Council’s lawful basis for processing your personal data?

Under Data Protection legislation, the Council must have a lawful basis for any personal data it processes. The majority of personal data processed by the Council is under the lawful basis of Public Task which means processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

ID: 7933, revised 27/10/2022

Who does the Council share your personal data with?

To ensure that the Council provides you with an efficient and effective service, it will sometimes need to share your personal data with other partner organisations that support the delivery of the service you may receive. This may include:

  • Other Local Authorities
  • Police
  • Fire Service
  • HMRC
  • DWP
  • Housing Associations
  • Voluntary Organisations
  • Regulatory Bodies

The Council use data processors (third parties) who provide services to us in terms of IT provision and disaster recovery. There are contracts in place with these data processors and they cannot do anything with your personal information unless we have instructed them to do it.  They will hold your data securely and your personal information will only be shared in accordance with UK GDPR.  When it is necessary for your personal information to be transferred outside of the UK as part of these contracts, this will only be done in accordance with the UK GDPR.

The Council may also need to supply your personal data to other organisations it has contracted to provide a service to you. The Council will not make any disclosures to third parties for marketing purposes unless you give us your consent to do so.

The Council has a duty to protect the public funds it administers and may use the personal data provided by you, as well as data matching techniques, to detect and prevent fraud. The Council will also make any disclosures required by law and may also share this information with other bodies responsible for detecting/preventing fraud or auditing/administering public funds to ensure money is targeted and spent in the most appropriate and cost effective way. In order to achieve this, information may be shared with other internal departments within Pembrokeshire County Council and with Audit Wales (opens in a new tab).

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by visiting: CIFAS (opens in a new tab)

ID: 7935, revised 20/03/2024

Your Rights

Under the UK General Data Protection Regulation, you have rights as an individual which you can exercise in relation to the information we hold about you:

  • The right to be informed – you have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the UK GDPR.
  • The right of access – you are entitled to request access to and a copy of, personal data we hold about you.  There are some exemptions, which means you may not always receive all the information we process.
  • The right to rectification – you have the right to ask us to rectify personal data you think is inaccurate.  You also have the right to ask us to complete information you think is incomplete.
  • The right to erasure - you have the right to ask us to erase your personal data in certain circumstances.  This is not an absolute right.
  • The right to restrict processing may apply – you have the right to request that we stop processing your personal data in certain circumstances.  However, this may delay or prevent us delivering a service to you.  We will seek to comply with your request but may be required to hold or process information to comply with our legal duties.
  • The right to object to processing - you have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.
  • The right to data portability - this only applies to personal data you have given us.  You have the right to ask that we transfer the personal data you gave us from one organisation to another, or give it to you.  The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.  This is not an absolute right.
ID: 3455, revised 04/08/2021

Complaints or Queries?

The Council takes any complaints received about Data Protection seriously and encourages people to bring to our attention if they believe that our collection or use of personal data is unfair, misleading or inappropriate.

This Privacy Statement and the individual service Privacy Notices do not provide exhaustive details of all aspects of our collection and use of personal data. However, the Council is happy to provide any additional information or explanation needed.

Any complaints or requests for this should be sent to the address below:

Data Protection Officer
Pembrokeshire County Council
County Hall
SA61 1TP Telephone: 01437 764551

If you want to make a complaint about the way the Council has processed your personal data, you can contact the Information Commissioner's Office as the statutory body which oversees Data Protection law:

Information Commissioner's Office
Wycliffe House
Water Lane

Email   Telephone no: 0303 1231113


ID: 3456, revised 27/10/2022

Departmental Privacy Notices

Pembrokeshire County Council will use your personal data for the provision of services, including those detailed in the structure below. For individual service Privacy Notices select the headings below.

Chief Executive & Corporate Functions
Social Care & Housing
Infrastructure & Environmental Services
Law & Governance
ID: 3442, revised 08/11/2023

How does the Council ensure compliance with Data Protection legislation?

Pembrokeshire County Council endeavours to meet the highest standards when collecting and using personal data. A Data Protection Policy is in place which all employees have to sign up to on commencement of their employment and regular training is provided. 

A Records Management Policy is also in place setting out the Council’s expectations in relation to managing its records.

This Appropriate Policy Document sets out how the Council will protect the special category and criminal offence data which it processes.

A small dedicated Data Protection Team is in place to offer advice and assistance with monitoring compliance.

ID: 3448, revised 04/05/2023

Personal Information Promise

We will:

  • Value the personal information entrusted to us and make sure we respect that trust;
  • Go further than just the letter of the law when it comes to handling personal information, and adopt good practice standards;
  • Consider and address the privacy risks first when we are planning  to use or hold personal information in new ways, such as when introducing new systems;
  • Be open with individuals about how we use their information and who we give it to;
  • Make it easy for individuals to access and correct their personal information;
  • Keep personal information to the minimum necessary and delete it when we no longer need it;
  • Have effective safeguards in place to make sure personal  information is kept securely and does not fall into the wrong hands;
  • Provide training to staff who handle personal information and  treat it as a disciplinary matter if they misuse or don’t look after  personal information properly;
  • Put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises; and
  • Regularly check that we are living up to our promises and report on how we are doing
ID: 3435, revised 07/11/2022

What does the Council do?

As a Local Authority, Pembrokeshire County Council delivers services to you; examples of the types of service provided (and links to individual service Privacy Notices) are listed on the Departmental Privacy Notices page.

ID: 3438, revised 27/10/2022

How long does the Council keep your personal data?

The Council will keep your personal data for as long as it is required by us or other regulatory bodies, and in accordance with our Local Authority Retention and Disposal Schedules & Retention Schedules for Schools (opens in a new tab). In most cases this will be a minimum of 6 years. Your personal data will be securely disposed of once it is no longer required.

ID: 3439, revised 08/11/2023

How can you access your personal data?

You can find out if the Council holds any personal data by making a subject access request under the Data Protection Act 2018.

ID: 3440, revised 27/10/2022