What happens to information held about you? Your rights and our obligations to you.
How We Use Personal Data
This document explains how Blaenau Gwent County Borough Council (BGCBC) obtains, holds, uses and discloses information about people (their personal data), the steps we take to ensure that it is protected, and also describes the rights individuals have in regard to their personal data handled by BGCBC.
The use and disclosure of personal data is governed by the Data Protection Act 2018 (‘the Act’). Blaenau Gwent County Borough Council is registered with the Information Commissioner’s Office as a ‘data controller’ for the purposes of the Act. As such BGCBC is obliged to ensure that it handles all personal data in accordance with the Act.
BGCBC takes that responsibility very seriously and takes great care to ensure that personal data is handled appropriately in order to secure and maintain individuals’ trust and confidence in the Council.
1. Why do we handle personal data?
BGCBC processes personal information to enable it to provide a range of public services to local people and businesses which include:
- Maintaining our own accounts and records
- Supporting and managing our employees
- Promoting the services the Council provides
- Marketing our local tourism
2. What type/classes of personal data do we handle?
In order to carry out the purposes described under section 1 above BGCBC may obtain, use and disclose personal data including the following:
- Personal details
- Family details
- Lifestyle and social circumstances
- Goods and services
- Financial details
- Employment and education details
- Housing needs
- Visual images, personal appearance and behaviour
- Licenses or permits held
- Student and pupil records
- Business activities
- Case file information
- Physical or mental health details
- Racial or ethnic origin
- Trade union membership
- Political affiliation
- Political opinions
- Offences (including alleged offences)
- Religious or other beliefs of a similar nature
- Criminal proceedings, outcomes and sentences.
BGCBC will only use appropriate personal data necessary to fulfil a particular purpose or purposes. Personal data could be information which is held on a computer, in a paper record i.e. a file, as images, but it can also include other types of electronically held information e.g. CCTV images.
3. Who information is processed about
In order to carry out the purposes described under section 1 above BGCBC may obtain, use and disclose personal data about the following:
- Staff, persons contracted to provide a service
- Complainants, enquiries or their representatives
- Professional advisors and consultants
- Students and pupils
- Carers or representatives
- Recipients of benefits
- Offenders and suspected offenders
- Licence and permit holders
- Traders and others subject to inspection
- People captured by CCTV images
- Representatives of other organisations
4. Where do we obtain personal data from?
In order to carry out the purposes described under section 1 above BGCBC may obtain personal data from a wide variety of sources, including the following:
- Law enforcement agencies;
- HM Revenue and Customs;
- Licensing authorities;
- Legal representatives;
- Prosecuting authorities;
- Defence solicitors;
- Security companies;
- Voluntary sector organisations;
- Approved organisations and people working with the Council;
- Central government, governmental agencies and departments;
- Emergency services;
- Individuals themselves;
- Relatives, guardians or other persons associated with the individual;
- Current, past or prospective employers of the individual;
- Healthcare, social and welfare advisers or practitioners;
- Education, training establishments and examining bodies;
- Business associates and other professional advisors;
- Employees and agents of BGCBC;
- Suppliers, providers of goods or services;
- Persons making an enquiry or complaint;
- Financial organisations and advisors;
- Credit reference agencies;
- Loss Adjusters
- External claims handlers
- Medical consultants and GPs
- Survey and research organisations;
- Trade, employer associations and professional bodies;
- Local government;
- Voluntary and charitable organisations;
- Ombudsman and regulatory authorities;
- The media;
- Data Processors working on behalf of BGCBC;
- Probation Service
- Public Protection Multi Agency Sharing Hubs;
- Information openly available on the internet;
- Body Worn Cameras worn by officers
- Other departments within the Council.
BGCBC may also obtain personal data from other sources such as its own CCTV systems, or correspondence.
5. How do we handle personal data?
In order to achieve the purposes described under section 1 BGCBC will handle personal data in accordance with the Act. In particular we will ensure that personal data is handled fairly and lawfully with appropriate justification. We will strive to ensure that any personal data used by us or on our behalf is of the highest quality in terms of accuracy, relevance, adequacy and non-excessiveness, is kept as up to date as required, is protected appropriately, and is reviewed, retained and securely destroyed when no longer required.
6. How do we ensure the security of personal data?
BGCBC takes the security of all personal data under our control very seriously. We will ensure that appropriate policy, training, technical and procedural measures are in place, including audit and integrity monitoring, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so, and then under strict guidelines as to what use may be made of any personal data contained within them. These procedures are continuously managed and enhanced to ensure up-to-date security.
7. Who do we disclose personal data to?
We sometimes need to share information with the individuals we process information about and other organisations. Where this is necessary we are required to comply with all aspects of the Act. What follows is a description of the types of organisations we may need to share some of the personal information that we process with for one or more reasons:
- Family, associates or representatives of the person whose personal data we are processing
- Healthcare, social and welfare organisations
- Educators and examining bodies
- Providers of goods and services
- Financial organisations
- Local and central government
- Ombudsman and regulatory services
- Press and the media
- Professional advisers and consultants
- Courts and tribunal
- Trade unions
- Political organisations
- Credit reference agencies
- Professional bodies
- Survey and research organisations
- Police forces
- Housing associations and landlords
- Voluntary and charitable organisations
- Religious organisations
- Students and pupils including their relatives, guardians, carers or representatives
- Data processors
- Regulatory bodies
- Courts, prisons
- Customs and excise
- International law enforcement agencies and bodies
- Security companies
- Partner agencies, approved organisations and individuals working with the police
- Licensing authorities
- Service providers
- Healthcare professionals
- Current past and prospective employers and examining bodies
- Law enforcement and prosecuting authorities
- Legal representatives, defence solicitors
- Police complaints authority
- The disclosure and barring service
- External claim handlers
- Loss Adjusters
- Insurance Brokers and Insurers
It may sometimes be necessary for the Council to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the Act.
8. What are your rights in relation to your personal data which is handled by BGCBC?
Individuals have various rights under the Act:
Right of access
You can obtain a copy, subject to exemptions, of your personal data held by the Council. The application process is confirmed on the attached.
Under the Act you are also entitled to obtain confirmation as to whether or not data concerning you is being processed by the Council. Where that is the case, you are entitled to the following information subject to exemptions:
- The purposes of and legal basis for the processing
- The categories of personal data concerned
- The recipients to whom the personal data has been disclosed
- The period for which it is envisaged that the personal data will be stored
- Communication of the personal data undergoing processing and of any available information as to its origin.
*Please note that ‘processing’ means an operation or set of operations performed on personal data such as collection, recording, organisation, structuring, storage, adaption, alteration, erasure, restriction, retrieval.
Proof of ID and any further information needed to locate the information may be required before the Council can comply with your request.
Any request for the above information should be made in writing to the Data Protection Officer and the Council will respond within one month.
Rectification of data
You can request the Council to rectify inaccurate personal data relating to you. If the data is inaccurate because it is incomplete, the Council must complete it if required to do so by you.
A request should be made in writing to the Data Protection Officer and a response will be sent within one month.
Erasure or restriction of personal data
You can request that the Council erase your data or restrict any processing of your data, subject to exemptions.
All requests should be made to the Data Protection Officer. The Council will then inform you of whether the request has been granted and if it has been refused, the reasons for the refusal.
Right not to be subject to automated decision-making
Under the Act you have the right, subject to exemptions, not to be subject to a decision when it is based on automated processing and it produces a legal effect or a similarly significant effect on you. You have a right to express your point of view and obtain an explanation from the Council of its decision and challenge it.
However, it should be noted that this right does not apply to all decisions as there are exemptions for example authorisation by law, performance of a contract to which you are a party.
9. How long does BGCBC retain personal data?
BGCBC keeps personal data as long as is necessary for the particular purpose or purposes for which it is held in accordance with the Council’s Retention Policy.
10. Contact Us
Any individual with concerns over the way BGCBC handles their personal data may contact the Data Protection Officer at the Council as below:
Blaenau Gwent County Borough Council, Legal & Corporate Compliance, General Offices, Ebbw Vale, Gwent, NP23 6DN.
Telephone 01495 311556
You can also raise concerns with the Information Commissioner for Wales. The Information Commissioner can be contacted at:
Information Commissioner’s Office – Wales
Telephone: 02920 678400 Fax: 02920 678399