Information Compliance Privacy Notice
Personal data is collected and used by the Information Compliance Team at Powys County Council who manage
- Information requests made under the Freedom of Information Act 2000, and the Environmental Information Regulations 2004,
- Requests made by those exercising their data protection rights, being
- Subject Access Requests ('SAR')
- Rectification Requests
- Erasure Requests
- Restriction of Processing Requests
- Objection Requests
- Requests regarding rights related to automated decision-making including profiling.
- Data Protection complaints and personal data breaches
You can contact either the Information Compliance Team or PCC via (mail/email/telephone):
Information Compliance / Powys County Council
Spa Road East,
01597 826 000
Powys County Council's Data Protection Officer (DPO) can also be contacted via the contact methods listed for the Information Compliance Team above.
What Personal Information is collected?
The Information Compliance Team collects the following personal information when dealing with information rights and information requests:
- Full Names
- Personal information used to establish identification of requestor (e.g., a passport number etc)
- Data of birth
- Contact details
- In the cases of a SAR any personal information about the requester which is already being processed by a specific (or all) service areas of the Council to which the request relates.
- Any relevant information pertaining to the complaint or personal data breach.
- Personal information that is shared voluntarily by a requester, such as opinions.
In connection to an investigation into a personal data breach or data protection complaint, the Information Compliance Team will only process the personal data that forms part of the breach or complaint in order to manage any appropriate investigation and to assess whether or not it needs reporting to the Information Commissioner's Office ('ICO').
The Legal Basis:
In order to process personal data when responding to an information rights or information requests, breach of personal data or data protection complaint, then the Council relies on Article 6 (1) (c) and 6 (1) (e) of the UK GDPR - processing is necessary for compliance with a legal obligation to which PCC is subject, and, processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Is any Personal Information shared with anyone else?
Personal information will, when appropriate, be shared with:
- Internal Council departments;
- Other organisations who may provide assistance to the undertaking of the request, complaint or breach;
- Information Commissioner's Office (ICO); and
- Any other parties only when the law requires or allows us to do so.
Retention of Personal Information.
The Information Compliance Team keep an audit of all requests and retain personal information outlined in this notice for 7 years until it is deleted. This is to ensure that the team can, should the requester (or the ICO) query a particular response, respond to that query, evidencing how a request, complaint or breach investigation was handled and indicate what the outcome was.
For information on your rights as a data subject and information on how to lodge a complaint, please visit the Council's privacy notice here: Data Protection and Privacy