Privacy Notice

What happens to information held about you? Your rights and our obligations to you.

How We Use Personal Data

This document explains how Aneurin Leisure Trust obtains, holds, uses and discloses information about people (their personal data), the steps we take to ensure that it is protected, and also describes the rights individuals have in regard to their personal data handled by Aneurin Leisure Trust.

The use and disclosure of personal data is governed by the Data Protection Act 2017 (‘the Act’). Aneurin Leisure Trust is registered with the Information Commissioner’s Office as a ‘data controller’ for the purposes of the Act. As such Aneurin Leisure Trust is obliged to ensure that it handles all personal data in accordance with the Act.

Aneurin Leisure Trust takes that responsibility very seriously and takes great care to ensure that personal data is handled appropriately in order to secure and maintain individuals’ trust and confidence.

1. Why Do We Handle Personal Data?

Aneurin Leisure Trust processes personal information to enable it to provide a range of services to its customers which include:

Maintaining our own accounts and records
Supporting and managing our employees
Promoting the services that Aneurin Leisure Trust provides

2. What Type/Classes of Personal Data Do We Handle?

In order to carry out the purposes described under section 1 above Aneurin Leisure Trust may obtain, use and disclose personal data including the following:

Personal details
Family details
Lifestyle and social circumstances
Goods and services
Financial details
Employment and education details
Visual images
Business activities
Physical or mental health details
Racial or ethnic origin
Trade union membership
Offences (including alleged offences)
Religious or other beliefs of a similar nature

Aneurin Leisure Trust will only use appropriate personal data necessary to fulfil a particular purpose or purposes. Personal data could be information which is held on a computer, in a paper record i.e. a file, as images, but it can also include other types of electronically held information e.g. CCTV images.

3. Who Information Is Processed About

In order to carry out the purposes described under section 1 above Aneurin Leisure Trust may obtain, use and disclose personal data about the following:

Customers
Suppliers
Staff, persons contracted to provide a service
Complainants, enquiries or their representatives
Professional advisors and consultants
Students and pupils
People captured by CCTV images
Representatives of other organisations

4. Where Do We Obtain Personal Data From?

In order to carry out the purposes described under section 1 above Aneurin Leisure Trust may obtain personal data from a wide variety of sources, including the following:

HM Revenue and Customs
Voluntary sector organisations
·Approved organisations and people working with the Aneurin Leisure Trust
Auditors
Central government, governmental agencies and departments;
Individuals themselves
Relatives, guardians or other persons associated with the individual
Current, past or prospective employers of the individual
Education, training establishments and examining bodies
Business associates and other professional advisors
Employees and agents of Aneurin Leisure Trust
Suppliers, providers of goods or services
Persons making an enquiry or complaint
Financial organisations and advisors
·External claims handlers
Witnesses
Medical consultants and GPs
Trade, employer associations and professional bodies
Local government
Voluntary and charitable organisations
Ombudsman and regulatory authorities
The media
Data Processors working on behalf of Aneurin Leisure Trust
Information openly available on the internet
Other departments within the Trust

Aneurin Leisure Trust may also obtain personal data from other sources such as its own CCTV systems, or correspondence.

5. How Do We Handle Personal Data?

In order to achieve the purposes described under section 1 Aneurin Leisure Trust will handle personal data in accordance with the Act. In particular we will ensure that personal data is handled fairly and lawfully with appropriate justification. We will strive to ensure that any personal data used by us or on our behalf is of the highest quality in terms of accuracy, relevance, adequacy and non-excessiveness, is kept as up to date as required, is protected appropriately, and is reviewed, retained and securely destroyed when no longer required.

6. How Do We Ensure the Security Of Personal Data?

Aneurin Leisure Trust takes the security of all personal data under our control very seriously. We will ensure that appropriate policy, training, technical and procedural measures are in place, including audit and integrity monitoring, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so, and then under strict guidelines as to what use may be made of any personal data contained within them. These procedures are continuously managed and enhanced to ensure up-to-date security.

7. Who Do We Disclose Personal Data To?

We sometimes need to share information with the individuals we process information about and other organisations. Where this is necessary, we are required to comply with all aspects of the Act. What follows is a description of the types of organisations we may need to share some of the personal information that we process with for one or more reasons:

Customers
Family, associates or representatives of the person whose personal data we are processing
Healthcare, social and welfare organisations
Providers of goods and services
Financial organisations
Educators and examining bodies
Local and central government
Ombudsman and regulatory services
Press and the media
Professional advisers and consultants
Trade unions
Professional bodies
Survey and research organisations
Police forces
Voluntary and charitable organisations
Data processors
Regulatory bodies
Law enforcement agencies and bodies
Security companies
Service providers
Press and the media
Current past and prospective employers and examining bodies
Legal representatives, defence solicitors
The disclosure and barring service
External claim handlers
Barristers
Loss Adjusters
Insurance Brokers and Insurers

It may sometimes be necessary for Aneurin Leisure Trust to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the Act.

8. What Are Your Rights In Relation To Your Personal Data Which Is Handled By Aneurin Leisure Trust?

Individuals have various rights under the Act:

Right of access

You can obtain a copy, subject to exemptions, of your personal data held by Aneurin Leisure. A copy of the application form is available on the Trust’s website.

Under the Act you are also entitled to obtain confirmation as to whether or not data concerning you is being processed by the Trust. Where that is the case, you are entitled to the following information subject to exemptions:

The purposes of and legal basis for the processing
The categories of personal data concerned
The recipients to whom the personal data has been disclosed
The period for which it is envisaged that the personal data will be stored
Communication of the personal data undergoing processing and of any available information as to its origin.

*Please note that ‘processing’ means an operation or set of operations performed on personal data such as collection, recording, organisation, structuring, storage, adaption, alteration, erasure, restriction, retrieval.

Proof of ID and any further information needed to locate the information may be required before the Trust can comply with your request.

Any request for the above information should be made in writing to the Data Protection Officer and the Trust will respond within one month.

Rectification of data

You can request the Trust to rectify inaccurate personal data relating to you. If the data is inaccurate because it is incomplete, the Trust must complete it if required to do so by you.

A request should be made in writing to the Data Protection Officer and a response will be sent within one month.

Erasure or restriction of personal data

You can request that the Trust erase your data or restrict any processing of your data, subject to exemptions.

All requests should be made to the Data Protection Officer. The Trust will then inform you of whether the request has been granted and if it has been refused, the reasons for the refusal.

Right not to be subject to automated decision-making

Under the Act you have the right not to be subject to a decision when it is based on automated processing and it produces a legal effect or a similarly significant effect on you. You have a right to express your point of view and obtain an explanation from the Trust of its decision and challenge it.

However, it should be noted that this right does not apply to all decisions as there are exemptions for example, performance of a contract to which you are a party.

9. How Long Does Aneurin Leisure Trust Retain Personal Data?

Aneurin Leisure Trust keeps personal data as long as is necessary for the particular purpose or purposes for which it is held in accordance with the statutory retention periods and national guidelines.

10. Contact Us

Any individual with concerns over the way Aneurin Leisure Trust handles their personal data may contact Aneurin Leisure Trust’s Data Protection Officer as below:

Legal & Corporate Compliance, General Offices, Ebbw Vale, Gwent, NP23 6DN.

E-mail DataProtection@blaenau-gwent.gov.uk

Telephone 01495 311556

You can also raise concerns with the Information Commissioner for Wales. The Information Commissioner can be contacted at:

Information Commissioner’s Office – Wales

2nd Floor

Churchill House

Churchill Way

Cardiff

CF10 2HH

Telephone: 02920 678400 Fax: 02920 678399

Email: wales@ico.org.uk Website: https://ico.org.uk/