Our Contact Details
Any queries regarding our use of your information should be sent to the Data Protection Officer at:
0300 200 6565
How your information will be used
The Senedd Commission is the data controller of the information you provide and will ensure it is protected and used in line with the UK’s data protection legislation.
What information are we collecting?
We collect the following information about you
- Name
- Contact details such as address and post code
- Employee number
- Special categories of data
Some information will be collected directly by Senedd Commission staff, while other information will be provided by third parties, such as Members of the Senedd or their staff when reporting incidents.
When there has been a suspected incident we will require that a MS form is completed that will collect basic personal identifiers. We might need to follow up on this initial incident report and collect details such as the date and time of the incident, the nature of the incident, affected systems or data, and any actions taken to mitigate the impact. Additionally, the reports may document the identities of individuals involved, including Members of the Senedd, their staff, Commission Staff employees and third parties, as well as any relevant communications and findings from the investigation.
Why are we collecting it?
The Senedd Commission security team have responsibility to ensure the safe environment of the Commission estate and those within it. This includes providing security advice to constituency offices. The security team monitor activity that might pose potential or direct harm to members in order to ensure their personal safety and to monitor incidents and trends.
Who will have access to the information?
The Incident reports will only be accessible by trained vetted members of the Senior Security Team.
Will the information be shared with any third parties, or publicised?
We may be required to provide information such as incident reports, footage or other evidence to the Police or other Government agencies to aid with ongoing investigations. We may also be asked to provide
footage to third parties (such as insurance companies or solicitors) where there is an appropriate claim or legal activity which requires its disclosure. We might also be required share with the Senedd Commissioner for Standards during the course of an investigation relating to a Member of the Senedd. We work closely with other organisation and the Police including operation principality. We will share data only when we have a lawful basis to do so.
Where will the information be stored?
The information will be stored securely on our ICT systems which includes third party cloud services provided by Microsoft including Ms Forms and Microsoft Azure. We may also use of Microsoft’s artificial intelligence tools to process your information. Any transfer of data by Microsoft outside of the EEA is covered by contractual clauses under which Microsoft ensure that personal data is treated in line with domestic legislation. To find out more about how Microsoft will use your information, you can read their privacy statement here.
Retention and deletion
Retention and deletion will depend on the severity of the incident, data will be separated into tiers and will be saved accordingly in line with the retention and deleted. Deletion will occur through some automated processes. There will be no paper copy data.
Our legal bases for collecting, holding and using your personal information
Data protection law sets out various legal bases which allow us to collect, hold and use your personal information. For the purpose of processing the personal data you provide, we rely on the following legal bases:
- Article 6(1)(e) Public Task - The processing is necessary for the performance of a task carried out in the public interest.
The Government of Wales Act 2006 provides the Senedd Commission with powers to provide a safe secure environment for the Welsh.
Legal basis for processing Special Category Data
Article 9(1) GDPR defines special category personal data as including personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
Article 9. For example: Article 9(2)(g) Substantial Public Interest.
Sharing data
In the event of a request for information being made under access to information legislation, it may be necessary to disclose all or part of the information that you provide. We will only do this if we are required to do so by law.
Your rights
As a data subject, you have a number of rights. The rights which apply depend on the legal bases we are relying on to use your personal information. Those rights will not apply in all instances, and the Commission will confirm whether or not that is the case when you make a request.
The rights include the right to request access to your own personal information, sometimes called a ‘subject access request’.
Additionally, you have the right to request from us:
- that any inaccurate information we hold about you is corrected (please note that you are required to keep us up to date with any changes to your personal information);
- that information about you is deleted (in certain circumstances);
- that we stop using your personal information for certain purposes or in certain circumstances; and that your information is provided to you or a third party in a portable format (again, in certain circumstances).
If you would like to engage any of the rights that you have under data protection legislation ask a question or make a complaint about how your information is used.
Making a complaint
You can complain to the Data Protection Officer if you are unhappy with how we have used your data. Contact details can be found above.
If, following a complaint, you remain dissatisfied with our response, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113