Privacy policy

This notice is for customers of Cardiff Council and citizens of Cardiff.

The Council process personal data on a day-to-day basis. We hold certain information about you this is known as personal data. We are registered with the Information Commissioner’s Office and any information we hold will be processed in line with the principles set out by ICO Regulations, which we must comply with.

We will:

  • Continue to strengthen our processes for maintaining the privacy of all personal information we hold.
  • Have need for all our employees to comply fully with Data Protection law.
  • Only hold the minimum personal information needed to allow us to perform our role as a Council.
  • Delete personal information once the need to hold it has passed.
  • Access and process all personal information in line with fair processing set out upon collecting information from Individuals.
  • Design our systems and processes to comply with data protection principles.
  • Take immediate action if we discover that our policies are not being complied with.

This notice is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards that are in place to protect it.

What personal data we hold and how we obtain it

The types of personal data we hold and process about you can include:

  • Contact details, including name, address, telephone numbers and email address.
  • Identifying details, including date of birth, national insurance number and employee and membership numbers.
  • Information that is used to calculate and assess eligibility for benefits
  • Financial information relevant to the calculation or payment of benefits, for example, bank account and tax details.
  • Information about your family, dependents or personal circumstances, where required by a relevant servic
  • Information about your health where required by a relevant service such as Social Services
  • Information about a criminal convictions where relevant.

Where you have provided us with personal data about other individuals, such as family members or dependants please ensure that those individuals are aware of the information contained within this notice.

How we will use your personal data

We may process your personal data to fulfil our obligations and this can include the processing of your personal data for all or any of the following purposes:

  • to contact you.
  • to assess eligibility for our services including calculating and providing you with benefits.
  • to identify your potential or actual benefit options.
  • for statistical and reference purposes
  • to comply with our legal and regulatory obligations as a Local Authority
  • to address queries from you and to respond to any actual or potential disputes concerning you.
  • Employment

Organisations that we may share your personal data with

From time to time we will share your personal data with partner organisations and service providers so that they can help us carry out our duties, rights and discretions in relation to the services we provide. Some of those organisations will simply process your personal data on our behalf and in accordance with our instructions. In each case we will only share data to the extent that we consider the information is reasonably required for these purposes.

Any Personal Information we hold will be disclosed, with reasonable purpose to:

  • Our staff – where the information is vital and required for their work.
  • The Courts – under the direction of a Court Order.
  • Our partners – strictly in line with agreed procedures.
  • Others – as detailed in the Council’s Data Protection registration.

Your information may have been shared with Xerox in order to contact you. For further information on how Xerox manage personal data, view the Xerox Privacy Policy.

Under the Digital Economy Act 2017, the Council may share personal data provided to us with other Council’s for the purposes of fraud, crime detection/prevention, to improve public service delivery, statistical research.

Cardiff Council has a duty to protect the public fund it manages. Therefore, the information that you have provided to us may be used for the prevention and detection of fraud or shared with Council Officers responsible for auditing or administering public funds.

Where requested or if we consider that it is reasonably required, we may also provide your data to government bodies and dispute resolution and law enforcement organisations, including those listed above, the Pensions Regulator, the Pensions Ombudsman and Her Majesty’s Revenue and Customs (HMRC). They may then use the data to carry out their legal functions.

In some cases these recipients may be outside the UK. This means your personal data may be transferred outside the EEA to a jurisdiction that may not offer an equivalent level of protection as is required by EEA countries. If this occurs, we are obliged to verify that appropriate safeguards are implemented with a view to protecting your data in accordance with applicable laws. Please use the contact details below if you want more information about the safeguards that are currently in place.

How long we keep your personal data

We will only keep your personal data for as long as we need to in order to fulfil the purpose(s) for which it was collected and for so long afterwards as we consider may be required to deal with any questions or complaints that we may receive, unless we elect to retain your data for a longer period to comply with our legal and regulatory obligations.

More details can be found on the Council’s retention schedule

Your rights

You have a right to access and obtain a copy of the personal data that the Council holds about you and to ask the Authority to correct your personal data if there are any errors or it is out of date. In some circumstances you may also have a right to ask the Council to restrict the processing of your personal data until any errors are corrected, to object to processing or to transfer or (in very limited circumstances) erase your personal data.

If you wish to exercise any of these rights or have any queries or concerns regarding the processing of your personal data, please contact the Data Protection Officer as indicated below. You also have the right to lodge a complaint in relation to this privacy notice or the Councils processing activities with the Information Commissioner’s Office which you can do through the website below or their telephone helpline.

You can obtain further information about these rights from the Information Commissioner’s Office or via their telephone helpline 0303 123 1113.

The legal basis for our use of your personal data

The Council holds personal data about you in its capacity as data controller. This includes the need to process your data to contact you, to calculate, secure and pay your benefits, for statistical and reference purposes. Further information about how we use your personal data is provided below.

The legal basis for our use of your personal data will generally be one or more of the following:we need to process your personal data to satisfy our legal obligations as the Local Authority

  • we need to process your personal data to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body; [and/or]
  • because we need to process your personal data to meet our contractual obligations to you
  • processing is necessary in order to protect the vital interested of the data subject or of another natural person

Updating this notice

We may update this notice periodically. Where we do this we will inform you of the changes and the date on which the changes take effect.

Contacting Data Protection

Please contact the Data Protection Officer for further information.

Data Protection Officer
Information Governance Team
County Hall
Atlantic Wharf
Cardiff
CF10 4UW

dataprotection@cardiff.gov.uk

You have the right to withdraw your consent to the processing at any time by notifying the Data Protection Officer in writing.