Accessibility links

1
Language selection

Data protection

The General Data Protection Regulation (GDPR) and the Data Protection Act 2017 regulate the processing of information relating to individuals. This includes the obtaining, holding, use or disclosure of such information.

To make sure that we handle personal data lawfully and appropriately we must comply with the Act, and in particular the Data Protection Principles. These require that personal data must be:

  • processed fairly, lawfully and transparently
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and necessary
  • accurate and where necessary up to date
  • kept in identifiable form for no longer than necessary
  • processed securely

Your rights under the act

Your rights under the act are:

You have the right know whether your personal data is being processed and if so, the right to have a copy.

You have the right to have inaccurate personal data rectified without undue delay.

In certain circumstances you have the right to have your personal data erased or deleted.

In certain circumstances you have the right to restrict us from processing your information.

You have the right to receive the personal data which you have given us (the data controller) in a structured, commonly used and machine-readable format.

You have the right to object at any time to the processing of your personal data. We (the data controller) will no longer process your data unless we can show that there is a good reason to do so. This must override your interests, rights and freedoms, or be for our defence of legal claims.

Under the Act you have the right, subject to exemptions, not to be subject to a decision when it is based on automated processing.

Request to see your information

Please use the Subject Access Request Form.

A reply to a subject access request is normally made within one month. Proof of ID and any information needed to locate the information may be required.

Report incorrect data

You should write to us telling us what data is incorrect. We must respond to you within 21 days.

Contact

Legal and Regulatory Services
Address: Civic Offices, Angel Street, Bridgend, CF31 4WB.

Make a complaint

We do our best to meet the highest standards when collecting and using personal information. We take any complaints we receive about this very seriously.

If you are not happy with the way your data has been handled, please contact our complaints department. You may also contact the Information Commissioner’s Office

How long we keep your personal data

We will not keep your personal data for no longer than is necessary. The Data Retention Policy tells us how long we can keep personal information.

Further information about the Data Protection Act can be found on the Information Commissioner’s Office website.

A to Z Search