This Privacy Notice is designed to help you understand how ColegauCymru (“The Charity”,” we”, “us”) collect and process the information that you share with us. The General Data Protection Regulation (GDPR) and Data Protection Act (2018) together replaced The Data Protection Act 1998 on 25 May 2018. We are providing this privacy notice in compliance with this legislation.
ColegauCymru Privacy Notice
Who is the Data Controller?
The Data Controller of the information we collect about you is ColegauCymru, Unit 7 Cae Gwyrdd, Greenmeadow Springs, Tongwynlais, Cardiff, CF15 7AB. Queries should be sent to DPO@colegaucymru.ac.uk.
Why do we collect your data and the legal grounds for doing so?
Whether in visiting us in person or via our website, or at an event or a meeting arranged by us ColegauCymru collects, stores and manages data which we use in the course of our work.
This data is used for funding, statistical, marketing, assessment and administrative purposes, to ensure health and safety and to inform you of changes to our services, to provide news updates, job vacancies and information to help participation in meetings or events.
The Law says we can only collect or process your data if there is a legal basis to do so. The legal bases on which the Charity relies upon to process all types of personal data include:
- To fulfil a contract we have with you
- When we have a legal obligation
- Where it is in the public interest
Also, where you have given your consent for us to do so, although this is also necessary in a limited number of circumstances. There are additional provisions in the legislation that enable us to process personal data that is known as special category personal data. This includes your racial or ethnic origin, your political opinions, your religious or philosophical beliefs, your trade union membership, your genetic or biometric data, your health, your sex life and sexual orientation and any criminal convictions and offences.
What information do we collect?
- Your name, address and contact details (including e-mail and telephone number), date of birth and gender
- Details of your bank account or other payment details
- Information on your marital status, next of kin and emergency contacts
- Information about medical or health conditions, including whether you have a disability for which the Charity needs to make reasonable adjustments
- Equal opportunities monitoring information including information about your ethnic origin – as this is special category data, we will ensure this information is held securely and can only be accessed by relevant members of the Group where required for this purpose
Unless you advise us otherwise, when we hold photographs, videos and other electronic content, we reserve the right to include this material in promotional and publicity activity. Unless purchased or granted to us, any images shared with us will remain the copyright of the content creator and will be credited as such. This content includes images shared via social media, email or other means. In some cases, the use of images will be covered by a specific agreement or licence.
Where do we collect your data from?
We collect your information from various sources including directly from you, your IP address via cookie consent on our website and CCTV footage from onsite cameras installed for your safety and the safety of our staff.
Length of retention
We keep relevant information for 6 years or longer if required by any legitimate administrative or legal procedure. Digital content and accompanying information may be kept and published electronically or in print and held for as long as the resource or material is required by us.
Feedback forms/questionnaires relating to services we provide will be kept for one year unless proof of attendance, satisfaction or other information is required by any legitimate third party and for the purposes of fulfilling grant conditions.
Who do we share your data with?
The Charity partners with a number of third parties with whom we share data. This may include individuals, organisations or other corporate entities outside of the United Kingdom of Great Britain and Northern Ireland. We share information with government and associated organisations in order to gain funding, to enable professional development events, to support learners and potential learners, to comply with legal requirements. This information may include both qualitative and quantitative data for statistical analysis and may not be limited to the data listed above. We do not use any third party located outside of the UKGBNI or the EU and all data storage is also held within the EU.
Read the full ColegauCymru Privacy Notice
ColegauCymru will at all times comply with the requirements of the General Data Protection Regulation (GDPR).
Further information on the GDPR can be found on the Information Commissioner’s Office website.
Please address any comments or enquiries to: DPO@colegaucymru.ac.uk