• Mae'r wefan hon ar gael yn y Gymraeg

Data Cymru – privacy policy (systems)

Local Government Data Unit ~ Wales (Data Cymru) is committed to protecting and respecting your privacy.

Data Cymru is registered with the Information Commissioner’s Office (ICO) (registration number: Z6554166). The ICO is the UK's independent body set up to uphold information rights.

By visiting and/or using our website and web-based systems, including those we host and/or manage on behalf of other organisations, you will be taken to have read, understood and accepted this privacy policy.

This privacy policy outlines what personal information we collect and how we will use that information.

If you have any questions about the use of your personal information, please contact us at enquiries@data.cymru, by calling us on 029 2090 9500, or by writing to us at Data Cymru, Local Government House, Drake Walk, Cardiff, CF10 4LG.

Changes to this policy

We will review and change this policy in line with any changes to the way in which we collect and process your information. Please make sure that you check this policy regularly.


Data Cymru acts as the ‘Data Controller’ for the personal information that we collect from users of our websites and web-based systems, inclduing our online surveys and consultations.

We use SmartSurvey to support our online survey and consultations. In these instances, SmartSurvey act as a dData Pprocessor and will only process the data in accordance with our instructions. You can find SmartSurvey’s privacy policy here .

Further information on the information we collect from you and what we do with it can be found below.

Where we host and/or manage websites or web-based systems (inclduing online surveys and consultations) on behalf of other organisations, we act as the ‘Data Processor’ - the organisation that owns the website or web-based system is the Data Controller. In these instances, we will act in accordance with the Data Controller’s requirements and will not use the information you provide for any other purpose. We do not sell your information to other parties nor do we store it to contact you for a purpose other than under the direction of the Data Controller. We employ a high standard of security and have implemented technical and organisational measures to ensure your personal information is processed securely. The Data Controller should provide you with information on how your information is used as well as information on how to access your information, rectify your information, object to the processing of your information or any other information regarding the handling of your information.

Some of our web-based systems are designed to allow you to upload and share information with others. This may include personal information about yourself or others. In these instances, we are the Data Processor and will only use the information as set out in the terms of use for that system.

The information we collect is stored safely and securely. All information is stored in the UK or Europe.

NSUK, our ICT infrastructure provider, will have access to the information we collect. However, their use is limited to that required to ensure our systems are operational.

Information we collect from you and what we do with it

Login information

Some of our websites and web-based systems require you to login to access either specific parts of the site or the site as a whole. Where this is the case, you will have to register and provide some, or all, of the following information:

  • User name
  • Email address
  • Name
  • Job title
  • Organisation details
  • Telephone number

Our lawful basis for collecting and holding this information is our fulfilment of an agreement (“contract”) to provide access to a site which would not otherwise be accessible to you.

We use this information to ensure appropriate access is granted to systems and to provide customer support and help about our service when you contact us. We may also use the information provided to contact you in relation to the site. We will ensure this contact is minimal and is for the following purposes:

  • To check that you still require access to the site;
  • To make sure the information we hold is correct;
  • To notify you of any changes to the site that may affect access or use of the system; and
  • Any other reason we feel is reasonable in direct relation to the system you are registered for.

In some cases, it may be necessary to share the registration information provided with Data Cymru project leads or other specific individuals before access is granted. This is to ensure that it is appropriate to grant access and ensure the correct level of access is provided. If it is determined that it is not appropriate to allow access, we will use the information provided to inform you and then the information will be deleted.

Where a user is granted access to a system, the registration information will be kept for as long you require access to the site.

You can access or amend the information that we hold about you in our web-based systems via your ‘User Profile’/’My Account’ page. If you want to object to us processing your information as detailed above, or no longer require access to a site and want your information removed, please contact us.

Contacting us

Many of our websites and web-based systems include a way of contacting us. You can also contact us via email, telephone or post.

When you contact us you will be asked to provide some or all of the following:

  • Email address
  • Name
  • Job title
  • Organisation details
  • Telephone number

Our lawful basis for collecting this information is our fulfilment of an agreement (“contract”) to provide a response to your query.

The information you provide to us is automatically logged and stored. We will use the information provided to provide a response, but for no other purpose. We will store this information for as long as necessary to fulfil your request.

We will share your information with other relevant Data Cymru colleagues to ensure you get the best response, but will share it no wider without your express consent.

If you want to access or amend the information that we hold about you, object to us processing your information as detailed above or want your information removed, please contact us.

Surveys and consultations

We may require you to provide some personal information when completing a survey or consultation. Where this is the case, we will make it clear what we need, the reasons why it is requested and how it will be used.

We will keep the information you provide securely on our servers for the time specified in the survey or consultation. We do not sell the information you provide to other parties or store it to contact you for a purpose other than specified in the survey or consultation. We only share your information with third parties where necessary to carry out the service(s) that are specified in the survey or consultation.

If you want to access or amend the information that we hold about you, object to us processing your information as detailed above or want your information removed, please contact us.

Other information

Some of our web-based systems ask you for other information to allow them to tailor content and views accordingly. While this isn’t necessarily personal information, we understand that sometimes it might feel as though it is. For instance, we may ask you to provide a postcode or select your local authority. This information is only used to tailor the content that you view or provide you with specific information. This information isn’t usually stored, but where it is, it is done so using cookies and is stored and used in accordance with our cookie policy (see below).

Information we collect from all site users and what we do with it

All of our websites and web-based systems automatically collect some information which is considered ‘personal information’.

IP address

Log files of all requests for files on our websites are maintained and analysed on our web servers. Log files do not capture personal information but do capture the user's IP address, which is automatically recognised by our web servers.

Aggregated analysis of these log files is used to monitor usage of the website or web-based system. This is our legitimate interest for collecting this information.

These aggregated analyses may be made available to Data Cymru staff and partners to allow them to measure, for example, overall popularity of the site and typical user paths through the site.

Data Cymru will not make any attempt to identify individual users, except where there is a reasonable suspicion that unauthorised access to systems is being attempted. In the case of all users, Data Cymru reserves the right to attempt to identify and track any individual who is reasonably suspected of trying to gain unauthorised access to our computer systems or resources.

As a condition of use of this site, all users of our sites consent to us using the access logs to attempt to track users who are reasonably suspected of gaining, or attempting to gain, unauthorised access.

All log file information collected by Data Cymru is kept secure and no access to raw log files is given to any third party other than our ICT provider, NSUK. Our log files are deleted regularly.

We may store IP addresses with survey or consultation responses to help us identify duplicate responses. They will not be used to identify any individuals.


We use cookies on our websites and web-based systems. Cookies are bits of data we store on the device you use to access our sites so we can recognise repeat visitors. We do not store any information that would, on its own, allow us to identify individual users without their permission. Cookies are not shared with any third parties. Any cookies that may be used are used either solely on a per session basis or to maintain user preferences and make it easier for you to use our sites. These are our legitimate interests for using this information.

We use the following cookies in our sites:

Analytical cookies

Analytical cookies help us understand how people use our sites. They do this by recording what someone has done on pages and interactions with our website. We use Google Analytics to collect and compile reports that help us improve our services. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

You can control and/or decline analytical cookies by changing your settings. To do this, simply click on in the website you are using.

Necessary cookies

Necessary cookies enable core functionality. They enable the technology our websites and web-based systems are written in (ASP.NET) to work correctly.

As these cookies are required for our sites to work, you have to disable them in your browser settings. Note: changing the setting on your browser to reject cookies means that you may not have access to important features on our sites.

By enabling cookies, you will be taken to have read, understood and agreed to our use of cookies.

Your rights as a ‘data subject’

Data Protection laws provide you with a number of individual rights.  These rights include, the right to request access to information, the right to be informed of processing, the right to erasure and right to rectification.  Further details on your individual rights can be found on the ICO website.

Where we are the Data Controller, you can contact us to exercise any of these rights, either at enquiries@data.cymru, or by writing to us at Data Cymru, Local Government House, Drake Walk, Cardiff, CF10 4LG.

Where we are hosting and/or managing a website or web-based system on behalf of another organisation, you should liaise directly with the relevant Data Controller to exercise your rights.

Unless a longer retention period is required or permitted by law, we will only hold your personal information on our systems for the period necessary to fulfil our purposes for processing.

Right to complain

If you feel that Data Cymru have mishandled your information, you have the right to complain. You can contact our Assistant Director (richard.palmer@data.cymru/ 029 20 909502) and we will resolve the matter as quickly as possible to prevent any further mishandling. Please see our complaints policy for further information.

You also have the right to complain to the Information Commissioner’s Office.

Necessary Disclosure by law

Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our website.


This website contains links to other sites. Please be aware that we, Data Cymru, are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this website.