Local Government Data Unit ~ Wales (Data Cymru) is committed to protecting and respecting your privacy.
Data Cymru is registered with the Information Commissioner’s Office (ICO) (registration number: Z6554166). The ICO is the UK's independent body set up to uphold information rights.
If you have any questions about the use of your personal information, please contact us at email@example.com, by calling us on 029 2090 9500, or by writing to us at Data Cymru, Local Government House, Drake Walk, Cardiff, CF10 4LG.
Changes to this policy
We will review and change this policy in line with any changes to the way in which we collect and process your information. Please make sure that you check this policy regularly.
Data Cymru acts as the ‘Data Controller’ for the personal information that we collect from users of our websites and web-based systems. Further information on the information we collect from you and what we do with it can be found below.
Where we host and/or manage websites or web-based systems on behalf of other organisations, we act as the ‘Data Processor’ - the organisation that owns the website or web-based system is the Data Controller. In these instances, we will act in accordance with the Data Controller’s requirements and will not use the information you provide for any other purpose. We do not sell your information to other parties nor do we store it to contact you for a purpose other than under the direction of the Data Controller. We employ a high standard of security and have implemented technical and organisational measures to ensure your personal information is processed securely. The Data Controller should provide you with information on how your information is used as well as information on how to access your information, rectify your information, object to the processing of your information or any other information regarding the handling of your information.
The information we collect is stored safely and securely. All information is stored in the UK or Europe.
NSUK, our ICT infrastructure provider, will have access to the information we collect. However, their use is limited to that required to ensure our systems are operational.
Information we collect from you and what we do with it
Some of our websites and web-based systems require you to login to access either specific parts of the site or the site as a whole. Where this is the case, you will have to register and provide some, or all, of the following information:
- User name
- Email address
- Job title
- Organisation details
- Telephone number
Our lawful basis for collecting and holding this information is our fulfilment of an agreement (“contract”) to provide access to a site which would not otherwise be accessible to you.
We use this information to ensure appropriate access is granted to systems and to provide customer support and help about our service when you contact us. We may also use the information provided to contact you in relation to the site. We will ensure this contact is minimal and is for the following purposes:
- To check that you still require access to the site;
- To make sure the information we hold is correct;
- To notify you of any changes to the site that may affect access or use of the system; and
- Any other reason we feel is reasonable in direct relation to the system you are registered for.
In some cases, it may be necessary to share the registration information provided with Data Cymru project leads or other specific individuals before access is granted. This is to ensure that it is appropriate to grant access and ensure the correct level of access is provided. If it is determined that it is not appropriate to allow access, we will use the information provided to inform you and then the information will be deleted.
Where a user is granted access to a system, the registration information will be kept for as long you require access to the site.
You can access or amend the information that we hold about you in our web-based systems via your ‘User Profile’/’My Account’ page. If you want to object to us processing your information as detailed above, or no longer require access to a site and want your information removed, please contact us.
Many of our websites and web-based systems include a way of contacting us. You can also contact us via email, telephone or post.
When you contact us you will be asked to provide some or all of the following:
- Email address
- Job title
- Organisation details
- Telephone number
Our lawful basis for collecting this information is our fulfilment of an agreement (“contract”) to provide a response to your query.
The information you provide to us is automatically logged and stored. We will use the information provided to provide a response, but for no other purpose. We will store this information for as long as necessary to fulfil your request.
We will share your information with other relevant Data Cymru colleagues to ensure you get the best response, but will share it no wider without your express consent.
If you want to access or amend the information that we hold about you, object to us processing your information as detailed above or want your information removed, please contact us.
Information we collect from all site users and what we do with it
All of our websites and web-based systems automatically collect some information which is considered ‘personal information’.
Log files of all requests for files on our websites are maintained and analysed on our web servers. Log files do not capture personal information but do capture the user's IP address, which is automatically recognised by our web servers.
Aggregated analysis of these log files is used to monitor usage of the website or web-based system. This is our legitimate interest for collecting this information.
These aggregated analyses may be made available to Data Cymru staff and partners to allow them to measure, for example, overall popularity of the site and typical user paths through the site.
Data Cymru will not make any attempt to identify individual users, except where there is a reasonable suspicion that unauthorised access to systems is being attempted. In the case of all users, Data Cymru reserves the right to attempt to identify and track any individual who is reasonably suspected of trying to gain unauthorised access to our computer systems or resources.
As a condition of use of this site, all users of our sites consent to us using the access logs to attempt to track users who are reasonably suspected of gaining, or attempting to gain, unauthorised access.
All log file information collected by Data Cymru is kept secure and no access to raw log files is given to any third party other than our ICT provider, NSUK. Our log files are deleted regularly.
We use the following cookies in our sites:
Analytical cookies help us understand how people use our sites. They do this by recording what someone has done on pages and interactions with our website. We use Google Analytics to collect and compile reports that help us improve our services. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
You can control and/or decline analytical cookies by changing your settings. To do this, simply click on in the website you are using.
Necessary cookies enable core functionality. They enable the technology our websites and web-based systems are written in (ASP.NET) to work correctly.
As these cookies are required for our sites to work, you have to disable them in your browser settings. Note: changing the setting on your browser to reject cookies means that you may not have access to important features on our sites.
Your rights as a ‘data subject’
Data Protection laws provide you with a number of individual rights. These rights include, the right to request access to information, the right to be informed of processing, the right to erasure and right to rectification. Further details on your individual rights can be found on the ICO website.
Where we are the Data Controller, you can contact us to exercise any of these rights, either at firstname.lastname@example.org, or by writing to us at Data Cymru, Local Government House, Drake Walk, Cardiff, CF10 4LG.
Where we are hosting and/or managing a website or web-based system on behalf of another organisation, you should liaise directly with the relevant Data Controller to exercise your rights.
Unless a longer retention period is required or permitted by law, we will only hold your personal information on our systems for the period necessary to fulfil our purposes for processing.
Right to complain
If you feel that Data Cymru have mishandled your information, you have the right to complain. You can contact our Assistant Director (email@example.com/ 029 20 909502) and we will resolve the matter as quickly as possible to prevent any further mishandling. Please see our complaints policy for further information.
You also have the right to complain to the Information Commissioner’s Office.
Necessary Disclosure by law
Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our website.
This website contains links to other sites. Please be aware that we, Data Cymru, are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this website.