In accordance with data protection legislation, this notice gives you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards that are in place to protect it.
The right to privacy is very important to us and we appreciate that you trust us to act in a responsible manner when you give us personal information. Personal data, or personal information, means any information about an individual from which that person can be identified.
The Council is registered as a data controller with the Information Commissioner’s Office (ICO). Full details of the registration are available via the ICO register of data controllers. The Council as the data controller is responsible for the personal data of pupils.
The categories of information that we process
- personal identifiers and contact details (such as name, email address)
Why we collect and use the information
The personal data collected is essential in order for the Council to consult and meet statutory obligations regarding the consultation of the Council’s Welsh in Education Strategic Plan for the purpose of developing the plan further.
- collect opinions and comments
The information will not be used for purposes that are not compatible with why it is gathered in the first instance, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process personal data without your knowledge or consent, where this is required or permitted by law.
We collect and use personal information because we have one of the following legal bases for processing:
- to comply with a legal obligation under Article 6(1)(c) of the UK GDPR
- to perform a public interest task under Article 6(1)(e) of the UK GDPR
How we store data
Personal data is stored in line with our Council’s Data Protection Policy.
This information will be kept for a period of no longer than 6 months and will then be deleted.
We are also required by lawto protect the public funds we administer and may share information provided to us with other bodies responsible for auditing or administering public
funds in order to prevent and detect fraud and irregularity.
How we look after your information
Under data protection legislation, we must protect any information that we collect from you. We have put in place appropriate security measures and applied security standards and controls to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Information which you have provided will be stored securely. In addition, we limit access to personal data to those employees, contractors and other third parties who need to have access to it. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your data protection rights
Under data protection law, you have rights as a data subject. The rights are not absolute and they may only apply under certain circumstances. Your data subject rights include:
Your right to obtain confirmation that information about you is being used.
Your right of access - you have the right to ask us for copies of your personal information (please see ‘requesting access to your personal data’ below for more details).
Your right to rectification - you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to restriction of processing - you have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - you have the the right to object to the processing of your personal data in certain circumstances. You have the right to object to processing of personal data that is likely to cause, or is causing, damage or distress.
In certain circumstances, you also have the following rights to:
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- seek redress, either through the ICO, or through the courts
Requesting access to your personal data
Under data protection legislation, individuals have the right to request access to information about them that we hold. This is commonly known as a 'data subject access request'. This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
To make a request for your personal information, contact the Council offices directly.
The following are details of the data controller:
Council Data Protection Officer
Address: Isle of Anglesey County Council, Council Offices, Llangefni, Anglesey, LL77 7TW
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) who is the independent regulator for data protection. If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance, so that we can try to resolve any issues.
Information Commissioner’s Office (ICO)
Telephone: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Advice and guidance is available via their website www.ico.org.uk
Changes to our privacy notice
We keep our Privacy Notice under regular review and will publish any revisions.