Sign In
Loading

My Neighbourhood

Use your postcode to find local councillors, facilities, school catchment areas and more.

Find facilities in my area

Cardiff Council

www.cardiff.gov.uk

Disclaimer

​​​​​​​This notice is for customers of Cardiff Council and citizens of Cardiff. 


The Council process personal data on a day-to-day basis. We hold certain information about you this is known as personal data. We are registered with the Information Commissioner’s Office and any information we hold will be processed in line with the principles set out by ICO Regulations, which we must comply with.


We will:


  • Continue to strengthen our processes for maintaining the privacy of all personal information we hold. 
  • Have need for all our employees to comply fully with Data Protection law. 
  • Only hold the minimum personal information needed to allow us to perform our role as a Council. 
  • Delete personal information once the need to hold it has passed. 
  • Access and process all personal information in line with fair processing set out upon collecting information from Individuals. 
  • Design our systems and processes to comply with data protection principles. 
  • Take immediate action if we discover that our policies are not being complied with. 


​This notice is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards that are in place to protect it.



This privacy notice explains how Cardiff Council (as a Data Controller) will collect, use and protect personal data specifically with regards to the coronavirus pandemic.​

The Council already holds data on citizens, employees and stakeholders.  
Where we already hold information regarding vulnerability as defined in the current guidance from the Government and Public Health Wales, we may share this for emergency planning purposes or to protect your vital interests by sharing with services both inside and outside the Council.  

We may, in this current crisis, need to ask you for personal data including sensitive personal data that you have not already supplied - for example, your age or if you have any underlying illnesses or are vulnerable.  This is so the Council can assist you and prioritise its services.

If we have information indicating that you are vulnerable in the current pandemic, we may contact you to ensure your safety and to assist you where possible.

You can view the Council’s main Privacy Notice which contains more information on how we collect, use and protect personal data generally, as well as your rights as a data subject.


Covid-19 High Risk Groups

Personal data is being collected to assess and provide support to adults, children and young people who are in high-risk categories and would be considered vulnerable, if infected with Coronavirus. 



Assess and provide support for staff

Personal data is being collected to enable the Council to identify any staff (or those closely linked to staff/dependents) who are in any of the high-risk categories and would be considered vulnerable, if infected with Coronavirus. 


What is the legal basis for our use of your personal information?

Most ​of the personal information we process is provided to us directly by you, under the General Data Protection Regulation (GDPR).

The lawful bases we rely on for using your personal information are:
  • ​GDPR Article 6 (d) we need to protect your vital interests
  • GDPR Article 6 (e) we need it to perform a public task

When we collect data about your health, we also rely on the following lawful bases:
  • GDPR Article 9 (2) (i) we need to collect it for public health​
  • GDPR Article 9 (2) (j) we need to analyse your information

Your rights

Under data protection law, you have rights including:
 
  • Y​our right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
  • You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you


Who to contact if you have concerns about how your data is being processed 


You can contact Cardiff Council’s Data Protection Team or directly contact Cardiff Council's Data Protection Officer:
By post: Data Protection Officer, County Hall, Room 357, Atlantic Wharf, Cardiff Bay, CF10 4UW

You also have the right to complain to the Information Commissioner’s Office using the following details:
Information Commissioner's Office (ICO) website : 

By post: The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0330 414 6421
Further advice and guidance from the ICO on this issue can be found on the ICO website​​​​​​​​​​​​​​​External link opens in a new window.
This privacy notice explains how Cardiff Council, Vale of Glamorgan and Cardiff & Vale University Health Board (as Data Controllers) will collect, use and protect personal data specifically with regards to the coronavirus pandemic.

Personal information is shared across organisations for the purpose of responding to the critical public health crisis in respect of the COVID-19 pandemic.  The personal data in respect of this service is processed for three purposes, these are to:​

Test


The testing of key health and social care workers, other critical workers, members of their household and citizens across the Cardiff & the Vale UHB area at Community Testing Units, Mobile Testing Units and/or at home. ​

Trace


Using results of confirmed cases to make contact with individuals and identify details and make contact with household members.​

Protect 


Enhancing the public health surveillance and response system to enable the prevention of infection and the tracking of the virus as restrictions are eased. The Protection Team operated by Cardiff Council and Vale of Glamorgan Council will make daily contacts with the Primary and Secondary Contacts to monitor the wellbeing and provide advice and clinical recommendations.​

What is the legal basis for our use of your personal information?


Some of the personal information we process is provided to us directly by you, or your representative, for the following reasons:
  • In order to operate a COVID-19 contact tracing service, including providing advice and support to those that have been in contact with an individual who has received a positive SARS-CoV-2 test, and the booking of SARS-CoV-2 tests for those displaying COVID-19 symptoms.



We also receive personal information indirectly, from the following sources in the following scenarios:
  • ​If you have received a positive SARS-CoV-2 test; your name, date of birth, address and contact details would have been provided to us by your testing centre operated by one of the partner organisations.
  • If you have been identified as having been potentially in contact with an individual who has received a positive SARS-CoV-2 test; your name, date of birth, address and contact details would have been provided to us by that individual or their representative / employer, or another organisation or individual that may hold the relevant information.


The lawful bases we rely on for using your personal information are:  

  • GDPR Article 6 (e) we need it to perform a public task


As extra protection is provided for certain classes of information called 'special category personal data' such as health information, an additional lawful basis must be identified in order to process these classes of information, as outlined below:
  • ​GDPR Article 9(i) – processing is necessary for reason of public interest in the protection of public health.


Other applicable articles may include:
  • ​GDPR Article 9(g) – processing is necessary for reasons of substantial public interest
  • GDPR Article 9 (2) (h) Provision of preventative or occupational medicine, health or social care or treatment, or the management of health or social care systems


Data Protection Act 2018 – Schedule 1, Part 1, (2) (2) (f) – Health and social care purposes
Data Protection Act 2018 – Schedule 1, Part 1, (3) (a) – necessary for reasons of public interest in the area of public health


Your data may also be processed by one or more of the partner organisations listed below. 

All partner organisations have the status of ‘Joint Data Controller’, which means that they are responsible in law for the data that they process, and we are all party to an agreement that sets out how and why we process that information.

  • ​All 22 Welsh Local Authorities
  • All 7 Local Health Boards
  • Public Health Wales NHS Trust
  • Velindre Hospital NHS Trust (through NHS Wales Informatics Service - NWIS)
  • Welsh Ambulance Service Trust




How we store your personal information

Your information is securely stored securely.  We keep information only for as long as it is needed and when no longer needed it will be deleted / destroyed securely.

  • ​The data we collect for people tested positive with COVID-19 will be held for 7 years.
  • The data collected on contacts of people with COVID-19 but do not have any symptoms will be held for the minimum retention period of 5 years.
  • Test results and information related to any ongoing conditions related to COVID-19 will also reside in your electronic health record for a longer period in accordance with normal NHS retention schedules.

The processing of your data for contact tracing purposes is supported by:
  • Public Health (Control of Disease) Act 1984
  • The Health Service (Control of Patient Information) Regulations 2002
  • Coronavirus Act 2020
  • The Health Protection (Coronavirus Restrictions) (Wales) Regulations 2020


Covid-19 Vaccine Programme


In order to oversee preparations for the Covid-19 vaccine delivery programme in Wales – and the offer of a vaccine to health and care staff information on eligible staff, the minimum amount of personal data necessary in order to create lists of those staff to be offered a vaccination will be shared. 

To support the creation of this list, demographic details already held about you will be shared with the NHS Wales Informatics Services (NWIS). Data will be shared with NWIS in a secure manner, and NWIS will use this data to ensure staff are accurately identified ahead of the administration of any vaccine. Your details are not kept for any longer than they are required for these purposes and when no longer required are securely disposed of.

Your rights


Under data protection law, you have rights including:
  • ​Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
  • You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.




See GOV.UK - Coronavirus (COVID-19) testing: privacy information​​​​​​​​​​​​External link opens in a new window
See NHS Wales - Test, Trace and Protect: Privacy and Data Protection Information​​​​​​​​​​​​​External link opens in a new window


How to complain if you are unhappy about how your data is used

​You can complain directly to the Council you can complain directly to:

Cardiff Council
Email: dataprotection@cardiff.gov.uk ​
By post: Data Protection Officer, County Hall, Room 357, Atlantic Wharf, Cardiff Bay, CF10 4UW

Vale of Glamorgan Council
Email: DPO@valeofglamorgan.gov.uk
By post: The Data Protection Officer, Vale of Glamorgan Council, Civic Offices, Holton Road, Barry, Vale of Glamorgan, CF63 4RU

Cardiff & Vale University Health Board
Email: Uhb.Dpo@wales.nhs.uk
By post: Cardiff and Vale University Health Board, Information Governance Department, Woodland House, Maes-y-Coed Road, Cardiff, CF14 4TT

You also have the right to complain to the Information Commissioner’s Office using the following details:

Information Commissioner's Office (ICO)
By post: The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0330 414 6421
Further advice and guidance from the ICO on this issue can be found on the ICO website​​​​​​​​​​​​​​​External link opens in a new window.

 
The types of personal data we hold and process about you can include:

  • Contact details, including name, address, telephone numbers and email address. 
  • Identifying details, including date of birth, national insurance number and employee and membership numbers.
  • Information that is used to calculate and assess eligibility for benefits 
  • Financial information relevant to the calculation or payment of benefits, for example, bank account and tax details. 
  • Information about your family, dependents or personal circumstances, where required by a relevant service
  • Information about your health where required by a relevant service such as Social Services 
  • Information about a criminal convictions where relevant. 

Where you have provided us with personal data about other individuals, such as family members or dependants please ensure that those individuals are aware of the information contained within this notice.

We may process your personal data to fulfil our obligations and this can include the processing of your personal data for all or any of the following purposes:

  • ​to contact you. 
  • to assess eligibility for our services including calculating and providing you with benefits. 
  • to identify your potential or actual benefit options. 
  • for statistical and reference purposes 
  • to comply with our legal and regulatory obligations as a Local Authority 
  • to address queries from you and to respond to any actual or potential disputes concerning you. 
  • Employment
From time to time we will share your personal data with partner organisations and service providers so that they can help us carry out our duties, rights and discretions in relation to the services we provide. Some of those organisations will simply process your personal data on our behalf and in accordance with our instructions. In each case we will only share data to the extent that we consider the information is reasonably required for these purposes.

Any Personal Information we hold will be disclosed, with reasonable purpose to:

  • Our staff – where the information is vital and required for their work. 
  • The Courts – under the direction of a Court Order. 
  • Our partners – strictly in line with agreed procedures. 
  • Others – as detailed in the Council’s Data Protection registration. 

Under the Digital Economy Act 2017, the Council may share personal data provided to us with other Council’s for the purposes of fraud, crime detection/prevention, to improve public service delivery, statistical research.

Cardiff Council has a duty to protect the public fund it manages. Therefore, the information that you have provided to us may be used for the prevention and detection of fraud or shared with Council Officers responsible for auditing or administering public funds.

Where requested or if we consider that it is reasonably required, we may also provide your data to government bodies and dispute resolution and law enforcement organisations, including those listed above, the Pensions Regulator, the Pensions Ombudsman and Her Majesty’s Revenue and Customs (HMRC). They may then use the data to carry out their legal functions.

In some cases these recipients may be outside the UK. This means your personal data may be transferred outside the EEA to a jurisdiction that may not offer an equivalent level of protection as is required by EEA countries. If this occurs, we are obliged to verify that appropriate safeguards are implemented with a view to protecting your data in accordance with applicable laws. Please use the contact details below if you want more information about the safeguards that are currently in place.
We will only keep your personal data for as long as we need to in order to fulfil the purpose(s) for which it was collected and for so long afterwards as we consider may be required to deal with any questions or complaints that we may receive, unless we elect to retain your data for a longer period to comply with our legal and regulatory obligations.

More details can be found on the Council’s retention schedule.​​​​​​​​​​​​​​​​External link opens in a new window
You have a right to access and obtain a copy of the personal data that the Council holds about you and to ask the Authority to correct your personal data if there are any errors or it is out of date. In some circumstances you may also have a right to ask the Council to restrict the processing of your personal data until any errors are corrected, to object to processing or to transfer or (in very limited circumstances) erase your personal data.

If you wish to exercise any of these rights or have any queries or concerns regarding the processing of your personal data, please contact the Data Protection Officer as indicated below. You also have the right to lodge a complaint in relation to this privacy notice or the Councils processing activities with the Information Commissioner’s Office which you can do through the website below or their telephone helpline.

You can obtain further information about these rights from the Information Commissioner’s Office​​​​​​​​​​​​​​​External link opens in a new window or via their telephone helpline 0303 123 1113.
The Council holds personal data about you in its capacity as data controller. This includes the need to process your data to contact you, to calculate, secure and pay your benefits, for statistical and reference purposes. Further information about how we use your personal data is provided below.

The legal basis for our use of your personal data will generally be one or more of the following:

  • ​we need to process your personal data to satisfy our legal obligations as the Local Authority 
  • we need to process your personal data to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body; [and/or] 
  • because we need to process your personal data to meet our contractual obligations to you 
  • processing is necessary in order to protect the vital interested of the data subject or of another natural person
We may update this notice periodically. Where we do this we will inform you of the changes and the date on which the changes take effect.
​​​​​​​​​​Some departments of the council need to have their own specific privacy policy due to the nature of the services they deliver.​​ 
 

Why we are providing this notice to you
Cardiff Council require your personal data to perform specific tasks relative to Adults receiving Care and Support, in line with public interests.


This notice is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards that are in place to protect it.


What personal data we hold, and how we obtain it
During the course of our involvement with you, we collect a variety of information from you;

  • name, address, and date of birth
  • your needs and circumstances
  • professional opinions
  • staff supporting you
  • when and where staff met with you
  • what the meetings were about and what happened in them
  • information that your carer / other people you know have given to us
  • information provided by other services working with you, e.g. Health, care workers and voluntary agencies


How we will use your personal data
We will use this information to make sure that;

  • staff supporting you have accurate, up to date information to help decide the best possible support for you
  • there are accurate records when we review your care and support
  • any concerns can be properly looked into if you have a complaint
  • you only have to give your information once


How long we keep your personal data
Under data protection law, we will only keep your personal data for as long as we need in order to fulfil the purpose(s) for which it was collected.


More details can be found on the Council’s retention schedule;

Sharing Information between services
Sometimes we have to share personal information without asking the individual. This can happen;

  • for legal proceedings when a Court Order is made
  • if there is a risk of harm or abuse to you or other people
  • where you may be unable to give consent at any time, for example because of a physical or mental health condition
  • to assist the authorities with the prevention / detection of crime or the prosecution of offenders, or the assessment / payment of tax


Keeping your information confidential
The Council have a legal duty to keep your information about you confidential and secure.  If we need to share information about you we will:

  • tell you why we need it
  • ask only for what we need, and not collect too much or irrelevant information
  • protect it and make sure nobody has access to it who shouldn’t have
  • let you know whether we share it with other organisations to give you better services, and whether you can say no
  • make sure we don’t keep it longer than necessary


Your Rights
As a data subject, you have many rights regarding your personal data.  This includes:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to the withdrawal of consent
  • Right to data portability
  • Right to the restrict processing
  • Right to object
  • Rights in relation to automated decision making and profiling


Withdrawing Consent
If we are relying on consent to process your data, you can request to withdraw consent or restrict / object to some elements of the processing.  The council does not rely on consent in most cases because it has legal requirements to do certain tasks.  For example, processing planning applications, collecting council tax payments and social work tasks are based on legal requirements, not on consent.

Contacting us / Data Protection Officer
Please contact the Data Protection Officer for further information.


Data Protection Officer
Information Governance Team
County Hall
Atlantic Wharf
Cardiff
CF10 4UW
dataprotection@cardiff.gov.uk


Further Information
For further information please refer to the Council’s Full Privacy Notice.

How do we collect your personal information?
Personal information may be collected by -

  • paper form (e.g. via Household Enquiry Form)
  • via www.gov.uk/register-to-vote
  • email
  • telephone
  • website
  • face to face (via our employees)
  • other Council departments

What information do we collect from you?
We collect your name, address, email address and telephone number. Sometimes we collect other information you may feel is sensitive to you. This might be your nationality, date of birth, national insurance number or the reason you might require a postal or proxy vote. We may require further evidence from you such as copies of your passport, marriage certificate or driving licence.


Why do we collect & process this information?
Cardiff Council collects & processes this information to allow eligible electors to vote in elections. We are required by law to provide an electoral service. In order for us to do this, you must provide your personal information to us. The law that requires us to do this is the Representation of the People Act 1983.


The information supplied/collected will be processed in line with the requirements of the General Data Protection Regulation and the Data Protection Act 2018

Who might we share your information with?
Our software providers will also store your information, but only on our instructions. They won’t use it for any other reasons, and they have to look after it in the same way we would. You can view their privacy information


We may share information with other departments of Cardiff Council where the information is requested for the prevention and detection of a crime. This information is requested solely to comply with the Council’s statutory requirements. The information will not be used for any other purpose. All staff who deal with this matter are advised that it is a criminal offence to disclose or make use of any information provided under the terms of their request.  The provision relating to the supply of the Register of Electors are contained within the Representation of the People (England and Wales) Regulations 2001. It is an offence to contravene the provisions in those Regulations. A person found guilty of such an offence is liable on a summary conviction to a fine not exceeding level 5 on the standard scale.


We are required to provide copies of the full electoral register to certain organisations and individuals by law.  They may use it for their own reasons that are different to ours, but they still have to look after it in the same way.


The full register is published once a year and is updated every month and can only be supplied to the following people and organisations:

  • British Library
  • UK Statistics Authority
  • Electoral Commission
  • Boundary Commission
  • Jury Summoning Bureau
  • Elected Representatives (MP, MEPS, Local Councillors)
  • Police and Crime Commissioner
  • Candidates standing for elections
  • Local and National Political Parties
  • Community Councils
  • Police Forces, National Crime Agency
  • Credit Reference Agencies

 

We will also share data with the following companies:

Company

​​Reason

National Fraud Initia​tive​​​​​​​

This authority is under a duty to protect the public funds it administers, and to this end may use the information you have provided for the prevention and detection of fraud. It may also share this information with other bodies responsible for auditing or administering public funds for these purposes​​

The Individual Electoral Registration Digital Service (IERDS)​​​​​​​​​​​​​​​External link opens in a new window

To verify your identity, the data you provide will be processed by the Individual Electoral Registration Digital Service managed by the Cabinet Office. As part of this process your data will be shared with the Department of Work and Pensions and the Cabinet Office suppliers that are data processors for the Individual Electoral Registration Digital Service.

The Department for Work and Pensions (DWP)​​​​​​​​​​​​​​​​​​External link opens in a new window

Will use your information to verify your eligibility for the electoral register. They won’t use it for any other reasons and they have to look after it in the same way.

Electoral Reform Services​​​​​​​​​​​​​​​​​​External link opens in a new window

ERS print our Household Enquiry Forms and Invitations to Registers. They will use your information, but only on our instructions. They won’t use it for any other reasons, and they have to look after it in the same way we would.  

 ​

MPS Marketing Services (214kb PDF)​​​​​​​​​​​​​Link opens in a new window

MPS print our poll cards and ballot papers for elections. They will use your information, but only on our instructions. They won’t use it for any other reasons, and they have to look after it in the same way we would.  

iCom Printworks (390kb PDF)​​​​​​​​​​​​​​Link opens in a new window

iCom print our postal vote mailers. They will use your information, but only on our instructions. They won’t use it for any other reasons, and they have to look after it in the same way we would.  

 

Restore Datashread (4.3mb PDF)​​​​​​​​​​​​​Link opens in a new window

Cardiff Council uses Restore Datashread for the secure destruction of confidential waste. When registration paperwork is no longer required it is securely destroyed by this company

The Maltings​​​​​​​​​​​​​External link opens in a new window

After elections our paperwork is securely stored with The Maltings for a set retention period before secure destruction is authorised


The Electoral Register is published once a year. When this is published the previous register is frozen and a bound copy is sent into archive. These are stored on our behalf at Glamorgan Archives.

You can visit Glamorgan Archives at :-
Glamorgan Archives - Clos Parc Morgannwg, Leckwith, CARDIFF, CF11 8AW


If you have opted to be included in the open register, by law your information can be shared with anyone who requests it. They may use it for their own reasons that are different to ours, but they still have to look after it in the same way.  The electoral register can also be viewed at our office in County Hall by anyone who requests it. Inspection of the Electoral register is under supervision. They can take hand written notes but no copies or photographs can be taken. The information taken must not be used for direct marketing purposes, in accordance with data protection legislation, unless it has been published in the open version. Anyone who fails to observe these conditions is committing a criminal offence and will be charged a penalty of up to £5,000. 


You can choose whether or not to have your personal details included in the open version of the register; however, they will be included unless you ask for them to be removed. Removing your details from the open register will not affect your right to vote.


What do we do with your information?
We use it for electoral purposes.

The information supplied/collected will be processed in line with the requirements of the General Data Protection Regulation and Data Protection Act 2018 


Sometimes we have to give it to other authorities, organisations or people. This would be for the prevention or detection of crime, or to comply with a legal obligation, for example. We don't need your consent to do this, but if we can, we'll let you know if we've passed your information on.


How long do we keep hold of your information?
For as long as we need it. Once we no longer need it, we will keep it for a set period (a retention period) but not use it. When the retention period expires we will delete your information from our records.


Your rights

You are entitled to exercise your individual rights, including access to information, correcting inaccurate information or objecting to the processing of your personal data


Write to - The Data Protection Officer, County Hall, Atlantic Wharf, Cardiff , CF10 4UW

Email the Data Protection Officer at individualrights@cardiff.gov.uk

 

Further Information
You can access the Councils Full Privacy notice

Why we are providing this notice to you

Cardiff Council receives requests for personal information under the Data Protection Act, Freedom of Information Act and Environmental Information Regulations on a daily basis. These requests are processed by the corporate Information Governance Team. This Privacy Notice explains how and why Cardiff Council process your personal information as an information requester.

What personal data we hold, and how we obtain it

To ensure we comply with our obligations under the Data Protection Act, we will ask you for a reasonable amount of personal information before we begin to process your requests and disclose information. This includes, but is not limited to:

  • Identifiable Information: Date of Birth, National Insurance Number, Employee and Membership Numbers.
  • Contact details: Name, Address, Telephone Number and Email Address.
  • Proof of Photographic Identification: A copy of your Passport or Drivers Licence.
  • Proof of Address: A copy of a recent Utility Bill or relevant Statement.
  • Proof of Parental Responsibility; Guardianship; Executor.


All information is obtained from you directly, as the requester. Where you have provided us with personal data about other individuals, such as family members or dependants, please ensure that those individuals are aware of the information contained within this notice and Cardiff Council’s main Privacy Notice.

How we will use your personal data

When you submit a request for information, Cardiff Council have a legal obligation to process your personal information under the relevant legislation to which your request pertains.

In line with this legal obligation, your personal data will be used to:

  • Correspond with you, including disclosing the requested information.
  • Verify and cross-check your identity as the requester and/or Data Subject.
  • Ensure the identified information pertains to yourself and no other individuals with identical names and Date of Birth.
  • Ensure any third party requesters have the relevant authority to receive your personal information.


How long we keep your personal data

We only retain your personal information for the amount of time we need it in order to comply with our legal obligations. We retain information relating to requests for a period of 3 years from the date the request is closed, however we may choose to change or extend this period in line with business requirements. Further information can be found on Cardiff Council’s Corporate Retention Schedule​​​​​​​​​​​​​External link opens in a new window​​.

Sharing your Information

We will only share your personal information as a requester for the following reasons:

  • for legal proceedings when a Court Order is made
  • in connection with Legal Proceedings and/or for the purposes of establishing, exercising or defending legal rights
  • to assist the authority with the prevention / detection of crime or the prosecution of offenders, or the assessment / payment of tax

Data Processors

The Information Governance Team uses Third Party platforms to assist with managing the Council’s legal obligations, and to ensure your request is processed efficiently and securely in line with the Data Protection Principles. Data Processing Agreements are in place with the following third party organisations to ensure your data is processed in line with the Data Protection Act:

Your Rights

As a data subject, you have many rights regarding your personal data. This includes:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to the withdrawal of consent
  • Right to data portability
  • Right to the restrict processing
  • Right to object
  • Rights in relation to automated decision making and profiling.

Withdrawing Consent

If we are relying on consent to process your data, you can request to withdraw consent or restrict / object to some elements of the processing. If you have consented to another individual requesting/receiving your information, and you wish to withdraw this Consent, this must be done before your personal information is disclosed. To do this, please contact the Data Protection Officer via the below details.

Data Protection Officer
Information Governance Team
County Hall
Atlantic Wharf
Cardiff
CF10 4UW

dataprotection@cardiff.gov.uk​

Why we are providing this notice to you
The Council is required by law to protect the public funds we administer and as a result, to ensure that taxpayers’ money is not taken out of the system fraudulently.


This notice is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards that are in place to protect it.


What personal data we hold
In order to perform this task, we can collate a variety of data we already hold about you. For further information please refer to the Council’s Full Privacy Notice.


Organisations we share your personal data with
To prevent and detect fraud, we may share information provided to us with other bodies responsible for auditing and administering public funds, such as the Cabinet Office, Department for Work and Pensions or other Council’s.


The Auditor General for Wales (the Auditor General) reviews the accounts of The Council and requires us to participate in data matching exercises to help in the prevention and detection of fraud.


Data matching involves comparing computer records held by one body against other computer records held by the same or another body, to see how far they match. This is usually personal information. 


This kind of data matching allows potentially fraudulent claims/payments to be identified. A match can identify a variation which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
We are required to provide specific sets of data to the Auditor General for matching for each exercise and these are set out in the Wales Audit Office  guidance​​​​​​​​​​​​​​​​External link opens in a new window.

The use of data by the Auditor General is carried out under his powers in Part 3 of the Public Audit (Wales) Act 2004. It does not require the consent of the individuals concerned under the General Data Protection Regulation.


Data matching by the Audit General is subject to a Code of Practice​​​​​​​​​​​​​​​​​External link opens in a new window.

For further information on the Auditor General’s legal powers and the reasons why it matches particular information, see;
http://www.audit.wales/about-us/national-fraud-initiative/fair-processing-notices 

Code of Data Matching Practice​ (605kb PDF)​​​​​​​​​​​​​​Link opens in a new window


Contacting us / Data Protection Officer
If you have any concerns relating to the National Fraud Initiative, please contact the Data Protection Officer for further information.


Data Protection Officer​
Information Governance Team
County Hall
Atlantic Wharf
Cardiff
CF10 4UW
dataprotection@cardiff.gov.uk

Written content submitted through our customer service ChatBot (Bobi) in Welsh will be processed by Google Translate in order to derive an English text equivalent for content recognition. This means that any information entered in Welsh is also subject to the data processing terms of Google Translate.​​​​​​​​​​​​​​​​​External link opens in a new window Due to Google Translate operating outside the EU,  any data entered into this chat will be transferred outside of the EU. For further information on this please see Google Translate Privacy Policy.​​​​​​​​​​​​External link opens in a new window

Images uploaded to the ChatBot as part of a fly-tipping report may also be handled outside the EU. They are temporarily stored in the Cloud before being submitted to the Waste Management team. After submission, images are retained in the Cloud for 24 hours before being deleted. 

All chatbot transcripts are recorded for training and monitoring purposes. Transcripts will be retained by Cardiff Council for twelve months.
In response to school closures following the COVID-19 pandemic, Cardiff Council acknowledges that children entitled to free school meals are not currently provided with an alternative. As such, we have allocated time and resources to ensure children who would have received free meals can now receive an electronic voucher instead. We are working closely with a selected company (Sodexo) to ensure this is facilitated as quickly as possible. As such, limited personal data will be provided to the company in order to facilitate this service and ensure needs are met. Our lawful bases for the processing of personal data for this purpose are contract and public task.

If you would like more information on how Sodexo process personal data, you can view their privacy policy​​​​​​​​​​​​Link opens in a new window.
Elected Councillors are the controllers accountable for the processing of personal information in connection with requests received from ward constituents.
 
In accordance with current data protection legislation, this Privacy Notice provides information about how Elected Councillors process personal information for the purpose of responding to requests from constituents and provides information about the privacy rights of individuals.
 

What is the role of an elected representative?

Elected Councillors regularly hold advice surgeries and respond to casework and policy queries raised by residents in their ward. In order to provide assistance and respond to these enquires, it is necessary to process personal data relating to the constituent making the request and other individuals who may be involved or identified in the matters raised or during the course of enquiries.
 

How is personal data processed when responding to requests from constituents?

When you ask an Elected Councillor for help and assistance they will need to collect some information from you. This will generally include personal information such as your name, address and contact information together with details of your problem or concern. 

The law treats some types of personal information as ‘special’ because the information requires more protection due to its sensitivity. This includes information about racial or ethnic origin; sexuality and sexual life; religious or philosophical beliefs; trade union membership; political opinions; genetic and bio-metric data; physical or mental health; and criminal convictions and offences.  It will only be necessary to collect this type of information where it is relevant to the request you are making. In these circumstances you will need to complete a Consent Form (626kb PDF). ​​​​​​​​​​​​​Link opens in a new window
 
The personal information you provide and Elected Councillors may receive from organisations or individuals in the course of enquiries, will only be used to progress the problem or concern you have raised. Your personal data will not be used in a way that goes beyond your reasonable expectations.
 

Is my personal data shared with anyone else?

Personal information about you will only be disclosed on a ‘need to know’ basis to a relevant third party organisation and/or individual who is able to provide information to help address or resolve your concern. Examples include Cardiff Council, another council or Welsh Government, elected representatives and other holders of public office, landlords, law enforcement agencies and investigating bodies, the media, healthcare, social and welfare advisers or practitioners.  

No personal information obtained by Elected Councillors will be further disclosed other than for the purpose of progressing and responding to requests from constituents, unless required by law eg. for crime prevention or detection or the safeguarding of vulnerable children or adults. 

Personal information may be stored on behalf of Elected Councillors by the Council on a dedicated part of its secure network. Other than technical and monitoring operations, access and processing is undertaken only in accordance with Elected Councillors instructions.   

Any third parties with whom Elected Councillors may share your data are obliged to keep your details securely, and to use your data for purposes already communicated to you.

If you specifically ask an Elected Councillor not to disclose information identifying you to other third parties they may need to contact, they will try to respect that. However, please be aware that it may not be possible to progress a matter for you on an anonymous basis.

When an Elected Councillor’s term of office ends, they may transfer any unresolved requests from you to another ward councillor, unless you tell them not to do so.
 

How is personal data about other individuals processed in connection with requests from constituents?

In representing constituents, Elected Councillors will from time to time also process personal information relating to:

  • employees working in the Council and/or other public sector, third sector or private sector organisations 
  • elected representatives and others in public office
  • complainants and enquirers 
  • relatives, guardians and associates of the constituent an Elected Councillor represents  
  • business or other contacts 
  • the subject of complaints

​What is the legal basis for processing my personal data?

​The legal bases relied on for processing personal information in relation to responding to requests from constituents are:

  • the implied or explicit consent of the constituent making the request (or any other relevant persons where this is appropriate) 
  • in the substantial public interest in elected representatives responding to casework requests 
  • for the performance of a task carried out in the public interest or the exercise of an Elected Councillor’s functions, to carry out casework to support or promote democratic engagement
  • in pursuit of an Elected Councillors legitimate interests as an elected representative and those of their constituent, in order to assist in resolving concerns raised with them, when it is assessed that these interests override any privacy intrusion involved in processing personal data about other individuals   ​

Is my personal data transferred beyond the EEA? 

Personal information within Elected Councillors control will not be sent beyond the European Economic Area (‘EEA’)

or

Some service providers are located outside of the European Economic Area (EEA) and therefore it may be necessary to transfer your personal data outside of the EEA. Where Elected Councillors do transfer your data outside of the EEA they will make sure that it is protected in the same way as if the data was inside the EEA.


For how long will my personal data be kept? 

Following closure of a case, the case papers are usually kept until the end of an Elected Councillor’s term of office or 3 years, unless you ask them to do otherwise or otherwise required by law.


Casework is often revisited to provide the best service and representation for constituents, from whom Elected Councillors may continue to receive correspondence. Therefore, it is reasonable for an elected representative to hold personal data for this length of time.


If an Elected Councillors period of office ends before resolving a constituent’s request, they may transfer the case file to another ward councillor, unless you ask them not to do so. 



How is my personal data safeguarded? 

Security measures are taken to ensure that personal information within an Elected Councillor’s control is protected from accidental loss or alteration, inappropriate access, misuse or theft. 

What rights do I have to my personal data? 

At any point while an Elected Councillor is in possession of, or processing, your personal data, you, the data subject, may withdraw your consent for them to process your data.  

You also have the following rights: 

  •  Right of access – you have the right to request a copy of the information that Elected Councillors hold about you.
  • Right of rectification –you have a right to correct data that Elected Councillors hold about you that is inaccurate or incomplete.
  • Right to be forgotten in certain circumstances you can ask for the data Elected Councillors hold about you to be erased from their records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing. 
  • Right of portability – in certain circumstances, you have the right to have the data Elected Councillors hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing, such as direct marketing and automated processing 
  • Right to complain - if an Elected Councillor refuses your request under rights of access, they will provide you with a reason why. You have the right to complain.  If an Elected Councillor is unable to resolve your complaint to your satisfaction, you may complain to the Information Commissioner’s Office (please see contact details below).


You can get in touch with an Elected Councillor by letter, email or telephone, using the contact details given on the Council’s website​.


Please note that Elected Councillors will need to ask for identification if you choose to exercise any of the above rights in relation to your personal data.

The Information Commissioner’s Office (ICO) is responsible for upholding information rights in the UK. For a detailed explanation of all these rights and, the circumstances in which they apply, please visit the ICO website​​​​​​​​​​​​Link opens in a new window.

If you wish to complain to the Information Commissioner the contact details are:

Information Commissioner's Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

Tel: 0303 123 1113 

Email: casework@ico.org.uk​
​​​​​​​​​  

This privacy policy has been recently updated to reflect the change in the way our courses are conducted due to Covid-19. 
 
This notice is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards that are in place to protect it.

The type of personal information we collect 

We currently collect and process the following information:
  • Email Address
  • Phone number


How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:​

  • To identify the work you submit as part of our vocational courses 

We also receive personal information indirectly, from the following sources in the following scenarios:

  • Via Google forms on the work turned in you submit as part of our vocational courses

We use the information that you have given us in order to identify students who have submitted work.


The lawful basis for processing your data

Under the General Data Protection Regulation (GDPR), the lawful basis we rely on for processing this information is: 

(a) Your consent. 

You are able to remove your consent at any time. You can do this by contacting vocationaleducation@cardiff.gov.uk​


Organisations we may share your personal data with

We may share your personal data with third parties and service providers for the purposes of:

  • Verifying your completed work.
  • Offering online learning. 

How we store your personal information ​


Your information is securely stored on Google drive.

We keep your email address and the work you submitted as part of your course for 6 months after you have completed the course. We will then dispose your information by deleting it from Google Drive.


Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information. 

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. 

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.


If you wish to exercise any of these rights or have any queries or concerns regarding the processing of your personal data, please contact the Data Protection Officer as indicated below. You also have the right to lodge a complaint in relation to this privacy notice or the Council’s processing activities with the Information Commissioner’s Office.


You can obtain further information about these rights from the Information Commissioner’s Office website or via their telephone helpline 0303 123 1113.​


Contacting the Data Protection Officer

Please contact the Data Protection Officer for further information. 


Data Protection Officer 

Information Governance Team 

County Hall 

Atlantic Wharf

Cardiff 

CF10 4UW 

dataprotection@cardiff.gov.uk 


Our contact details 

Vocational Education Cardiff

Cardiff Harbour Author

ity, 

Queen Alexandra House,

Cargo Road, Cardiff Bay, 

CF10 4LY

07814 544244

vocationaleducation@cardiff.gov.uk





This notice was last updated on 30th June 2020.

This privacy notice is intended for residents of Cardiff who utilise the Cardiff Recycling centre for the recycling and disposal of their household waste. Cardiff Recycling Centre is part of Cardiff Council, who is the Data Controller for the purpose of the information collected.
 

What data do we collect and why?

In order to process your recycling bookings, Cardiff Council collects the following data:
  • First Name and Surname​
  • Address
  • Email address
  • Vehicle registration number
  • Phone number
This is collected for the purpose of allocating booking slots, managing access and checking eligibility to the recycling centres operated by Cardiff Council. Your booking information will also be used to monitor the effectiveness of our recycling centres and ensure the service is not fraudulently used.
 

How do we collect your data?

We collect your data when you complete your registration via our online forms, located on the Cardiff Council Website. Cardiff Council uses a third party known as MiPermit to process registrations and its bookings. ​

We also collect data when you make enquiries on our website through the live chat. Written content submitted through our customer service ChatBot (Bobi) in Welsh will be processed by Google Translate in order to derive an English text equivalent for content recognition. This means that any information entered in Welsh is also subject to the data processing terms of Google Translate.

The legal basis for our use of your personal data 

Cardiff Council holds personal data about you in its capacity as data controller. Further information about how we use your personal data is provided below. ​
 
The legal basis for our use of your personal data will generally be one or more of the following: 
  • we process your personal data to comply with our legal obligations as a Local Authority to collect and recycle household waste 
  • we process your personal data to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body
  • we process your data where necessary to protect our legitimate interests as a Local Authority 
  • we process your data where necessary for the performance of a contract

How will we use your data?

Cardiff council collects your data collected in order to:​
  • Create bookings for the recycling centres 
  • Check eligibility to whether you can use the recycling centre
  • To ensure households do not exceed the limit on visits to the recycling centres 
  • To identify any misuse of the recycling centres
  • Contact you if there are any changes to your bookings
  • Conduct statistical analysis on the use of recycling centres and how many times people use the recycling centre over the year
  • Assist in evidence with waste enforcement where appropriate

How long do we store your data?

Your data is only kept for only as long as required in order to fulfil legal requirements, contractual obligations and to protect our legitimate interests. The information we collect regarding your recycling is kept for a duration of two years, following which it is securely deleted. ​
 

​Who do we share your data with?

When completing your registration, your data is processed via MiPermit, a third party company. This means they act as a Data Processor on our behalf and data is temporarily stored on their servers. 

Cardiff Council has implemented the necessary security measures to ensure compliance with current data protection legislation, including a Data Sharing Agreement and relevant impact assessments. 

All information is held and transmitted only in accordance with current data protection legislation and Cardiff Council’s data protection policy. For further information on how MiPermit process personal data, view the MiPermit privacy policy.​​​​​​​​​​​​​​​​​​External link opens in a new window


What are your data protection rights​


Cardiff Council would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:​

  • The right to access – You have the right to request Cardiff Council for copies of your personal data. 
  • The right to rectification – You have the right to request that Cardiff Council correct any information you believe is inaccurate. You also have the right to request Cardiff Council to complete the information you believe is incomplete.
  • The right to erasure – You have the right to request that Cardiff Council erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that Cardiff Council restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to Cardiff Council’s processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that Cardiff Council transfer the data that we have collected to another organization, or directly to you, under certain conditions.​

​​​Additional Privacy Notices

For further information on how Cardiff Council processes personal data, please refer to the full Privacy Notice.

If you would like to know more about how MiPermit process personal data, you can find out more by viewing their Privacy Policy.​​​​​​​​​​​​​​​External link opens in a new window 


Changes to our Privacy Notice

Changes to our Privacy Notice can occur at any time in order to reflect updates in existing legislation, best practice and guidance from the Information Commissioner’s Office. These changes are published on our website.


How to contact us​

If you have any questions about Cardiff Councils privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us by post:


Data Protection Officer 

Information Governance Team 

County Hall 

Atlantic Wharf 

Cardiff 

CF10 4UW 

Or via email at dataprotection@cardiff.gov.uk​​​​​​​​​​​​​​​External link opens in a new window


How to contact the appropriate authority

Should you wish to report a complaint or if you feel that Cardiff Council has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office​​​​​​​​​​​​​​External link opens in a new window via their website or by calling 0303 123 1113.  

How your personal information will be used


If you make a claim for the £500 care worker payment your employer will share information such as your full name, national insurance number, the date payment was made with the Local Authority who are administering the scheme on behalf of Welsh Government. 

This information will also be shared with a local authority who will undertake checks to ensure that the scheme has been administered properly, that those who have received payment were eligible to do so and to ensure that no duplicate payments have been made (for example where an employee works for more than one care provider). 

If you would like to know more about how your personal information will be used for the purpose of administering the scheme and making the payment to you please speak to your employer.

Cardiff Council are administering the scheme on behalf of Welsh Government for individuals who work within Cardiff. Your personal information provided on this form is being collected from your employer on the basis of your consent and application for the £500 payment. 

As a public authority Cardiff Council has a responsibility to ensure the correct use of public money and as such payment details may be shared both within the Council and with a lead authority as designated by Welsh Government for the prevention and detection of fraud and error.  No further uses of your personal data will be made unless the law allows or requires Cardiff Council to do so. 

Your information will be held for 7 years following payment being made. 

Should you wish to know more about how Cardiff Council uses personal data, and your data protection rights then please read our Privacy Notice.​



Xerox

Cardiff Council may use an external company known as Xerox for the printing and posting of some of its mail, providing a service known as Hybrid Mail. All information is held and transmitted only in accordance with current data protection legislation and Cardiff Council’s data protection policy. For further information on how Xerox manage personal data, view Xerox Privacy Policy​​​​​​​​​​​​​​​​​​External link opens in a new window.


Contacting Data Protection 


Please contact the Data Protection Officer for further information.

Data Protection Officer
Information Governance Team
County Hall
Atlantic Wharf
Cardiff
CF10 4UW 


dataprotection@cardiff.gov.uk 


You have the right to withdraw your consent to the processing at any time by notifying the Data Protection Officer in writing. ​​​

​​​ ​​​​​​​​ ​​​​​​​​​​​​​​​​​​​​​​​​​​ ​​​​ ​​ ​​​​​​​​​​​ ​​​​​​​​​​