PRIVACY NOTICE – Parliamentary Venues and Visitor Services
This privacy statement explains how we collect and use personal information about you when engaging with the Parliamentary Venues and Visitor Services.
The Senedd Commission is the data controller of the information you provide and will ensure it is protected and used in line with data protection legislation. Any queries regarding our use of your information should be sent to the Data Protection Officer at:
What information we are collecting
We collect, store and use your personal data when you contact us with an enquiry, to provide feedback or to arrange an activity with us through the following channels:
Depending on the nature of your enquiry or activity, this information may comprise/contain personal or special categories of personal data. Personal data is provided to us by individuals or by someone contacting us on their behalf.
The personal data we process include:
contact details including name, address, telephone number, email address; and
content and details of the enquiry in either electronic form or hard copy notes.
activity organisers and some attendees’ names, addresses, telephone numbers, email addresses, website addresses, including social media handles to publicise visits;
requirements or information necessary to enable delivery of the service or activity, such as language preferences, subjects being studied and to what level, reason for visit, who you are visiting, number of attendees, specific accessibility requirements and dietary needs;
some activities receive a travel subsidy and some events incur additional costs. Where individuals receive a remuneration, financial details will be collected;
images are supplied to use by third parties to enable us to curate exhibitions. These images will be shared on social media, promotional websites and publicity associated with the exhibition.
plenary and committee seat bookings;
event spaces and meeting room bookings;
attending a meeting on our estate; and
any accessibility requirements that you notify us about.
We request feedback to assist us in improving our service and to celebrate good practices. We may also use the information provided for reporting on our performance.
Some feedback methods do not require personal information, but customers voluntarily provide this.
The information provided may comprise/contain personal or special categories of personal data as defined by the General Data Protection Regulation (EU) 2016/679 (“GDPR”). The definition of special category data includes personal data revealing race, ethnic origin, political views, religion, trade union membership, health and sexual orientation.
What we will do with your information
The information collected will assist us in answering your enquiry or in the preparation and delivery of your activity.
If we can’t provide you with an answer at the first point of contact, we may forward your enquiry on to other relevant service areas (departments) to enable us to respond to your enquiry.
If you address your correspondence to a particular Member of the Senedd we will pass your email on to them, and it will be dealt with in line with their own processes.
We will only use your information for the purpose of dealing with your enquiry.
If it appears that your enquiry is for another organisation, we will not share or forward your information with them without seeking your permission first.
Depending on the activity, information may be shared with Members of the Senedd and their staff and another service areas (departments) involved in delivering your activity.
As part of the estate security we also share your information with both the security department and onsite police unit in respect of maintaining the Welsh Parliament as a secure and safe environment.
Constructive feedback on our services is noted on our feedback log, a Microsoft Word document. Feedback is shared with the relevant service areas (departments) to improve our services and to celebrate good practices.
If there is a threat, accusation, abusive language or indication of illegal activity within the correspondence then this will be shared with our Head of Security to consider whether it should be shared wider within the Senedd or externally with the police.
Any hard copy information will be securely stored in a locked cupboard at our offices in Cardiff Bay or Colwyn Bay.
Electronic copies will be retained on our secure ICT system. Our ICT system includes third party cloud services provided by Microsoft. Any transfer of data by Microsoft outside of the EEA is covered by contractual clauses under which Microsoft ensure that personal data is treated in line with European legislation.
How long your information will be retained
Information collected is retained for 1 year once your enquiry has been completed.
Activities such as tours and Plenary seat bookings are retained for 1 year once the activity has taken place unless otherwise informed at the time of booking.
Bookings for event spaces and meeting rooms are retained for 2 years once the event or meeting has taken place.
Contact details for exhibitors and potential exhibitors will be held until the end of the Senedd term.
Images for exhibitions will be held for 2 years on our ICT system and indefinitely on our social media channels and websites.
Financial information such as order forms, purchase orders, delivery notes and invoices will be retained for 6 years after the end of the financial year the budget relates to, as per our retention schedule.
The Feedback Log will be retained for a period of 5 years after the Service Plan (department plan) ends. Each Service Plan runs for a period of 5 years in line with each Senedd term. Therefore feedback will be retained for a maximum of 10 years. Feedback is gathered by the methods listed below.
Any personal information will be removed from the Feedback Log after 1 year from the date the information was captured. If the nature of the feedback is sensitive, then personal information will not be captured in the first place.
We will not share your feedback with an external organisation or publish your comments without seeking your consent first.
Feedback methods include but are not limited to:
Visitor books are on public display in the Senedd and our North Wales office. Customers are encouraged to provide their name and where they are from, withholding detailed locations and contact information. Visitor books are kept indefinitely, and personal information will not be removed.
Verbal feedback that we receive will be recorded directly in the Feedback Log and shared with the relevant person(s) and service areas (departments). Information gathered will comprise of names and possible contact details if a response is requested.
Emails, letters and thank you cards:
Emails and hard copy communication may contain personal information, including names and contact details (email and postal addresses, telephone numbers). This information will be retained for 1 year by the receiver and will be included on the Feedback Log.
Feedback received via the website form will contain a name, email or postal address, and if provided telephone number and postcode.
We use Microsoft forms to gather statistical information on our customer satisfaction scores and level of engagement, as well as the comments you provided - these are noted and distributed via Microsoft applications.
Our ICT system includes third party cloud services provided by Microsoft. Any transfer of data by Microsoft outside of the EEA is covered by contractual clauses under which Microsoft ensure that personal data is treated in line with European legislation.
Your information will be processed to enable us to respond to your enquiry, activity and to respond to your feedback. We consider this task to be necessary to our role of engaging with the people of Wales, which is one of our strategic goals, as set out in the Senedd Commission Strategy 2016 - 2021.
The legal basis we are relying on to use your information is that it is necessary for a task carried out in the public interest, or you have given your consent for processing. Where we process special category data, the legal basis for processing is that it is necessary for reasons of substantial public interest (read alongside paragraph 6 of Schedule 1 to the Data Protection Act 2018) or you have given explicit consent to the processing.
Where we rely on consent, or explicit consent, to process your personal data, you have the right to withdraw your consent at any time.
You have certain rights over the information we hold. In summary the rights are:
The right to be informed about how your personal information is used;
The right of access to copies of your personal information;
The right to rectification if your information is inaccurate;
The right to erasure of your personal information;
The right to restrict our use of your personal information;
The right to data portability;
The right to object to the use of your personal information;
Rights in relation to automated decision making and profiling.
If you would like to engage any of the rights that you have under data protection legislation; ask a question; or make a complaint about how your information has been used, you can contact the Senedd Commission’s Data Protection Officer on 0300 200 6565 or via firstname.lastname@example.org.
You can also make a complaint to the Information Commissioner's Office (ICO) if you believe we have not used your information in line with the law. The ICO's contact details can be found on their website.
Requests for information made to the Commission
In the event of a request for information being made under access to information legislation, it may be necessary to disclose all or part of the information that you provide. This may include information which has previously been removed by the Senedd for publication purposes. We will only do this if we are required to do so by law.