Why does the Council need your personal data?
In order to deliver services in an effective way the Council will need to collect and use personal information about you. Your privacy is important to us and the Council will process the information you provide in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018. Your data will be kept secure and confidential and the Council will only collect the personal information that is required to provide efficient services to you.
What personal data does the Council collect?
The type of personal data the Council collects will depend on the specific service being provided, but may include data such as name, contact details, and financial details. Where appropriate, the Council may also need to collect ‘special category’ data (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, data concerning a person’s sex life, or sexual orientation) and/or criminal conviction data.
What is the Council’s lawful basis for processing your personal data?
Under Data Protection legislation, the Council must have a lawful basis for any personal data it processes. The majority of personal data processed by the Council is under the lawful basis of ‘Public Task’ which means ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority”.
Who does the Council share your personal data with?
To ensure that the Council provides you with an efficient and effective service, it will sometimes need to share your personal data with other partner organisations that support the delivery of the service you may receive. This may include:
- Other Local Authorities
- Fire Service
- Housing Associations
- Voluntary Organisations
- Regulatory Bodies
The Council may also need to supply your personal data to other organisations it has contracted to provide a service to you. The Council will not make any disclosures to third parties for marketing purposes unless you give us your consent to do so.
The Council has a duty to protect the public funds it administers and may use the personal data provided by you, as well as data matching techniques, to detect and prevent fraud. The Council will also make any disclosures required by law and may also share this information with other bodies responsible for detecting/preventing fraud or auditing/administering public funds to ensure money is targeted and spent in the most appropriate and cost effective way. In order to achieve this, information may be shared with other internal departments within Pembrokeshire County Council and with Audit Wales.
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by visiting: CIFAS
Under the UK General Data Protection Regulation, you have rights as an individual which you can exercise in relation to the information we hold about you:
- The right to be informed – you have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the UK GDPR.
- The right of access – you are entitled to request access to and a copy of, personal data we hold about you. There are some exemptions, which means you may not always receive all the information we process.
- The right to rectification – you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- The right to erasure - you have the right to ask us to erase your personal data in certain circumstances. This is not an absolute right.
- The right to restrict processing may apply – you have the right to request that we stop processing your personal data in certain circumstances. However, this may delay or prevent us delivering a service to you. We will seek to comply with your request but may be required to hold or process information to comply with our legal duties.
- The right to object to processing - you have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.
- The right to data portability - this only applies to personal data you have given us. You have the right to ask that we transfer the personal data you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. This is not an absolute right.
Complaints or Queries?
The Council takes any complaints received about Data Protection seriously and encourages people to bring to our attention if they believe that our collection or use of personal data is unfair, misleading or inappropriate.
This Privacy Statement and the individual service Privacy Notices do not provide exhaustive details of all aspects of our collection and use of personal data. However, the Council is happy to provide any additional information or explanation needed.
Any complaints or requests for this should be sent to the address below:
Data Protection Officer
Pembrokeshire County Council
Email: email@example.com Telephone: 01437 764551
If you want to make a complaint about the way the Council has processed your personal data, you can contact the Information Commissioner’s Office as the statutory body which oversees Data Protection law:
Information Commissioner’s Office
Email firstname.lastname@example.org Telephone no: 0303 1231113
Departmental Privacy Notices
Pembrokeshire County Council will use your personal data for the provision of services, including those detailed in the structure below. For individual service Privacy Notices select the headings below.
Leisure & Cultural Services
Economic Development & Regeneration
Partnership & Scrutiny Support
Audit, Risk and Information Services
Child Care & Play
School Improvement & Governance
Additional Learning Needs
Youth Services & Youth Offending
Adult Community Learning
How does the Council ensure compliance with Data Protection legislation?
Personal Information Promise
- Value the personal information entrusted to us and make sure we respect that trust;
- Go further than just the letter of the law when it comes to handling personal information, and adopt good practice standards;
- Consider and address the privacy risks first when we are planning to use or hold personal information in new ways, such as when introducing new systems;
- Be open with individuals about how we use their information and who we give it to;
- Make it easy for individuals to access and correct their personal information;
- Keep personal information to the minimum necessary and delete it when we no longer need it;
- Have effective safeguards in place to make sure personal information is kept securely and does not fall into the wrong hands;
- Provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or don’t look after personal information properly;
- Put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises; and
- Regularly check that we are living up to our promises and report on how we are doing
What does the Council do?
As a Local Authority, Pembrokeshire County Council delivers services to you – examples of the types of service provided (and links to individual service Privacy Notices) are listed on the Departmental Privacy Notices page.
How long does the Council keep your personal data?
The Council will keep your personal data for as long as it is required by us or other regulatory bodies, and in accordance with our Local Authority Retention and Disposal Schedules & Retention Schedule for Schools. In most cases this will be a minimum of 6 years. Your personal data will be securely disposed of once it is no longer required.