The information on this page explains how Senedd Cymru /Welsh Parliament (“Senedd”) uses your personal information when an appointment is made to public offices which are made by the Senedd - (or which the Senedd recommends or nominates by resolution in plenary session for formal appointment by Her Majesty).
It also describes how long that information is kept for and the circumstances in which we will share it with other organisations.
What information are we collecting?
The information we ask for is used to enable us to consider your suitability for an advertised Public Appointment. You don’t have to provide what we ask for but it may affect our ability to process your application and assess your suitability for the relevant position if you don’t.
Personal data processed includes your title, name, home address, email address, telephone number, education, employment history and skills, employment references and answers to questions that we have deemed relevant to the role such as applications, CVs and personal statements. Information gathered for the purpose of due diligence checks or conflicts of interest information.
Special categories of data are also requested for monitoring of equal opportunity and treatment which may include your gender, ethnicity, nationality, sexual orientation, disability, and religion/belief.
We utilise any declaration of disability to enable us to assess and make reasonable adjustments to the recruitment process should they be required by the applicant.
The completion of the diversity information form is voluntary but we do encourage applicants to provide this information to assist us with our monitoring responsibilities.
If provided, your diversity information will be treated as confidential and will be held separately and will not be seen by the appointment panel. No individual will be identified as part of this process.
Why we are collecting this information and What we will do with the personal information you provide?
Personal data is collected and used to facilitate the administration of the Public Appointment process.
- During the appointment process the Commission, and any other parties involved in the appointment process, will use your personal information to:
- Evaluate your application and assess your suitability for the role in question;
- Make a decision about whether you should be selected for interview and appointment;
- Conduct relevant pre-appointment screening (e.g. carry out criminal record/National Security Vetting checks, references);
- Review and audit the process and its outcomes;
- Carry out diversity monitoring activities.
If invited to interview please be aware that we have on-site CCTV. Images are being monitored and may be recorded for the purpose of crime prevention and public safety. This scheme is controlled by: Senedd Commission - For further information contact: 0300 200 6555. Further details about use of CCTV is available in the privacy notice on the Senedd Website.
Information Processed at Pre-appointment stage
- If you are successful at interview, we will also ask you to provide
- Contact details of referees;
- Bank details;
- Valid Driving Licence / Passport;
- Completed Criminal Record Declaration (CRD) form
The CRD form contains its own Privacy Notice with regards to how the Vetting office uses the information provided
- This may include obtaining information about criminal convictions, cautions or other offences committed, whether past, current or pending
- The CRD form contains personal information that is held in line with the retention schedule outlined in the Vetting Policy.
Sharing personal information
We sometimes need to make personal data available to other organisations. These include other organisations with whom we need to share your personal data for specific purposes.
Where we need to share your personal data with others, we ensure that this data sharing complies with data protection legislation. For the purpose of this work we may need to share your personal data with:
- Members of the Senedd ;
- Chief Executive and Clerk of the Senedd;
- Wales Audit Office (for appointments for Auditor General for Wales and Non-Executive Members of the Wales Audit Office Board).
This data sharing is necessary for making public appointments in accordance with specific statutory requirements.
Details about successful applicants are published in Committee reports which will remain permanently online. Where appointments are discussed in a Senedd Committee or Plenary, this will be broadcast as part of the official record on Senedd TV.
Some of your personal information will also be exchanged with third parties where it is necessary to carry out pre-appointment screening e.g. UK National Security Vetting and/or obtaining personal references or references from previous employers.
Other than as set out above, your information will only be accessed and processed by authorised personnel of the Commission who are directly involved in the management and administration of the process and have a business need to access your personal information.
The Commission may also disclose applicant information to other third parties, for example in order to establish or defend the legal rights of the Commission, or in an emergency where the health or personal security of an applicant is at risk.
Some information will be stored on the Commission’s ICT network, which includes third party cloud services provided by Microsoft. Any transfer of data by Microsoft outside of the EEA is covered by contractual clauses under which Microsoft ensure that personal data is treated in line with European legislation.
Executive Search Agencies
Dependent on the appointment we may use an Executive Search Agency to assist with the campaign. Information will be kept by them in line with their own retention policies. The appointed agency will provide details of their respective privacy notice.
How long your information will be retained
Personal details of unsuccessful applicants will be retained for 12 months, in accordance with the Commission’s retention schedule. Documents will be destroyed in accordance with our destruction schedule.
Personal details of successful candidates will be kept for the duration of their appointment. Once this relationship ends, your data will be deleted from our system.
Our legal basis for collecting, holding and using your personal information
Data protection law sets out various legal bases which allow us to collect, hold and use your personal information. These are:
- Where we use your personal information to carry out our public functions. A key function of the Commission is to provide the Senedd with the staff and services it requires for its purposes and its work. An example of this is the processing undertaken in order to assess which applicant is best suited to a particular job;
- Where the processing is necessary in order to take steps to enter into a contract with you. An example of this is contacting your selected referees;
- Where we are under a legal obligation which requires us to process your personal information. An example of this is where we need to make reasonable adjustments to enable an applicant to take part in the recruitment process;
- Where we process your information in order to protect your vital interests. An example of this would be if we shared information about your health if a medical emergency occurred whilst you were on site;
- We will sometimes collect and use your personal information based upon your agreement. This is known as ‘consent’. We will always tell you where this is the case. An example is where we keep details of unsuccessful applicants for a fixed period to advise them of suitable future posts.
Data protection law recognises certain “special categories” of information. These are defined as information revealing a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information for uniquely identifying a person, information concerning heath, and information concerning a person’s sex life or sexual orientation.
These special categories are considered particularly sensitive and are afforded special protection. This is also the case for information relating to criminal offences or convictions. An example of this is the pre-employment vetting we undertake to ensure that Commission staff have the necessary trustworthiness, integrity and reliability. We will only collect and use these categories of information where we:
- consider it necessary and in the substantial public interest to do so, usually to meet our statutory and public functions;
- consider it necessary to meet any obligations we may have under employment law and safeguard your fundamental rights; or
- where you have given us your explicit consent to do so.
As a data subject, you have a number of rights. The rights which apply depend on the legal bases we are relying on to use your personal information. Those rights will not apply in all instances, and the Commission will confirm whether or not that is the case when you make a request.
The rights include the right to request access to your own personal information, sometimes called a ‘subject access request’.
Additionally, you have the right to request from us:
- that any inaccurate information we hold about you is corrected (please note that you are required to keep us up to date with any changes to your personal information);
- that information about you is deleted (in certain circumstances);
- that we stop using your personal information for certain purposes or in certain circumstances; and
- that your information is provided to you or a third party in a portable format (again, in certain circumstances).
If you would like to: engage any of the rights that you have under data protection legislation or ask a question, please contact the Data Protection Officer using one of the methods set out at the below.
If you are dissatisfied with how we are using your personal information or if you wish to complain about how we have handed a request, then please contact our Data Protection Officer and we will try to resolve any issues you may have.
You can also make a complaint to the Information Commissioner’s Office (ICO) if you believe we have not used your information in line with the law. The ICO’s contact details can be found on their website.
Requests for information made to the Commission
The Senedd Commission is subject to access to information legislation. In the event of a request for information being made under access to information legislation, it may be necessary to disclose all or part of the information that you provide. This may include information which has previously been removed by us for publication purposes. We will only do this if we are required to do so by law.
Changes to our privacy statement
We keep this privacy statement under regular review and will place any updates on this website. This privacy notice was last updated on 10 June 2020.
How to contact us
The Senedd is the data controller of the information you provide, and will ensure it is protected and used in line with data protection legislation.
If you have any further questions about the way in which we process personal data, or how to exercise your rights, please contact our Data Protection Officer at:
Tŷ Hywel, Pierhead Street, Cardiff Bay CF99 1SN
0300 200 6494