Conwy County Borough Council collects, processes and stores a wide range of information, including some personal information, in order to deliver services to benefit you.
We are responsible for managing the information we hold and recognise that this information is important to you. We take our responsibilities seriously and will use personal information fairly, correctly and safely in line with the legal requirements set out by current Data Protection legislation.
Anyone who receives information from us is also under a legal duty to do the same and has a set of data protection clauses included in their contract.
Where we need to share sensitive or confidential information such as medical details, we will do so only with your consent or where we are legally required to do so. We may share information to prevent risk of harm to an individual.
Why we need your information
We will use your personal information for a limited number of purposes and always in line with our responsibilities, where there is a legal basis and your rights under the Data Protection legislation.
We will use personal information:
- for the purpose for which you provided the information, e.g. the processing of a benefit claim, booking a tennis court;
- to enable us to communicate with you and provide the services you need;
- to monitor our performance in providing services to you;
- to gather statistical information to allow us to plan future provision of services and to obtain your opinion about our services;
- to enable us to perform statutory law enforcement functions, for example licensing, planning enforcement, trading standards food safety;
- for the prevention and/or detection of crime, task carried out in the public interest, or to comply with a legal obligation. For more information visit our web page: Crime and Emergencies
- to process financial transactions including grants, payments and benefits directly involving us or where we are acting on behalf of other government bodies, such as Department for Works and Pensions;
- for general processing where you have given your consent for us to do so;
- where it is necessary to protect individuals from harm or injury;
- to comply with various legal obligations or for us to seek legal advice or undertake legal proceedings;
We may not be able to provide you with a product or service if we do not have enough information and, in some instances, your consent to use that information.
We aim to keep your information accurate and up to date. You can help us to do this at any time by letting us know if any of the information you have given us, such as your address, changes. Visit our contact page for more details.
Ways in which we collect your information
Face to face:
We may keep a record of your visit to us to assist us in the delivery and improvement of the services that we provide to you and to others. Any such records that include personal information will be kept securely.
Ordinarily we will inform you if we record or monitor any telephone calls you make to us. We may do this to increase your security; so that we have a record of a call taking place and/or for training and quality purposes.
If you email us we may keep your email as a record that you have made contact. This includes your email address. We will not include any personal or otherwise confidential information in any email we send to you unless it is sent securely or you have agreed to us contacting you with this information in this way. We would also recommend that you keep the amount of personal or confidential information you send to us via email to a minimum.
On our website you will find links to other external websites, which we have provided for your information and convenience. This privacy notice applies solely to Conwy County Borough Council. We are not responsible for the content of those sites. When you visit other websites, we recommend that you take time to read their privacy notices. Partner Providers:
Some of the services IT & Digital Transformation Service offer are provided by partners, with responsibility to host their own IT systems and hold data. Any agreement to hold personal or sensitive data as part of the contract with a partner is on the strict condition it will not be shared without our permission, will be held within the UK and/or EU, and will be subject to the council’s policies and procedures with removal at the end of the contract. Furthermore partners are required to provide privacy notices and/or GDPR compliance statements within their respective systems, for example the council’s free wi-fi service and the App Conwy.
What we will do with your information
When deciding what personal information to collect, use and hold, we are committed to making sure that we will:
- only collect, hold and use personal information where it is necessary and fair to do so.
- be open with you about how we use your information and who we share it with; and
- adopt and maintain best practice high standards in handling any personal information.
- keep your personal information secure and safe.
- securely dispose of any personal information when it is no longer needed.
We may disclose personal information to a third party, but only where it is required by law, where that third party needs that information to provide you with a service on our behalf or where it is otherwise allowed under the Data Protection legislation. We will strive to make sure that the third party has sufficiently robust systems and procedures in place to protect your personal information.
How long we will hold your information
We will not keep your information any longer than necessary. Our document retention schedules contain information about how long we keep different types of information.
When we dispose of personal information, we will do so in a secure way.
Who we may share your information with
Your personal information may be shared within Conwy County Borough Council or with external partners and agencies involved in delivering services on our behalf. They will only have access to your information if it is needed to provide you with a service. The Council may also provide personal information to third parties, but only where it is necessary, either to comply with the law or where permitted under Data Protection legislation. Examples of third parties who we may share your information with include (but are not limited to):
- Health organisations
- Other Local Authorities
- Regulatory bodies such as the Department of Work and Pensions or the
- Care Inspectorate Wales
- Auditor General for Wales (pursuant to the duty at Section 33 of the Local Government (Wales) Measure 2009)
If your personal information is transferred outside the European Economic Area (EEA) for any reason we will ensure that safeguards are in place to protect it to at least the same standard applied within the EEA.
Your information rights
Under Data Protection legislation you, as the “Data Subject”, have the following rights. You have the right to:
- Access the information we hold about you.
- Request that we rectify any information about you that is incorrect. Simple inaccuracies, such as address changes will be made, however, depending on the purpose for use. Records, including statements and opinions may not be changed, but there will be the option for you to provide a supplementary statement, which will be added to the file.
- Request that records we hold about you are erased.
- Restrict the use of the information we hold about you if you have raised an objection, whilst your objection is investigated.
- Request that any information that you have provided to us is given back to you in a format that you can give to another service provider if required.
- Object to the use of your personal information, including automated decision making and profiling.
- Make a complaint to the Information Commissioners Office if you are not satisfied with how the information held about you has been handled.
Use of personal information for marketing
We will only send you information about our services and/or products if you have asked us to do so or, based on the information we hold, those services are considered of benefit to you. You can opt out of this at any time by letting us know using the contact details below. Your information may also be shared with other service providers who may contact you if they provide services to help you.
Use of CCTV
We have CCTV systems in IT Stores at Bodlondeb for the purposes of public safety and the prevention and detection of crime. Signs are prominently displayed notifying you that CCTV is in operation and providing you with details of who to contact for further information about them.
We will only disclose CCTV images to third parties for the purposes of public safety and the prevention and detection of crime.
The Prevention, Detection and Investigation of fraud
The Council is required by law to protect the public funds it administers and so may use any information you have provided for the prevention, detection and investigation of fraud and irregularity, for the performance of a contract, or, task carried out in the public interest, or to comply with a legal obligation. Part 6 of the Local Audit and Accountability Act 2014 and the Accounts and Audit (Wales) Regulations are the Legal basis.
As well as conducting our own ‘data matching’ exercises we may also share your information with other public bodies. These include (but are not limited to):
- The Auditor General for Wales
- Department for Work and Pensions
- Central and Local Government
- Her Majesty’s Revenue & Customs (HMRC)
- The Police
We may also share information with service providers or contractors and partner organisations, where the sharing of information is necessary, proportionate and lawful.
How to access the information we hold about you
You have the right to request a copy of your personal information, including video footage that we hold about you. If you would like to do so, please contact the IT Business & Performance Manager by email or by post giving us as much detail as possible about the information you require.
Please see the subject access request policy and form.
You will receive a copy of the information held about you along with an explanation of any codes used or other clarification that may be necessary.
Requesting that someone else look at your information on your behalf
You can request that someone else looks at your records on your behalf. To do this you will need to give us consent in writing informing us of who you want to look at the information for you. If a relative or someone else wishes to look at the records of a person who is not able to give their consent, this will only be allowed where it can be shown to be in the best interest of the person concerned.
How to contact us
To exercise any of your rights under the Data Protection legislation please contact us:
Conwy County Borough Council
If you are not happy with the response you receive from us you have the right to make a complaint to the Information Commissioner’s Office at:
We may use information such as your ethnic background, first language, gender, sexual orientation and age to gather statistics about the population of the area and the take up of our services. This is to help comply with our legal obligations and to plan the provision of services in the future.
Such analysis will not identify individuals or have impact on entitlement to services and facilities.