What happens to information held about you? Your rights and our obligations to you.
How We Use Personal Data
This document explains how Aneurin Leisure obtains, holds, uses and discloses information about people (their personal data), the steps we take to ensure that it is protected, and also describes the rights individuals have in regard to their personal data handled by Aneurin Leisure.
The use and disclosure of personal data is governed by the Data Protection Act 2017 (‘the Act’). Aneurin Leisure is registered with the Information Commissioner’s Office as a ‘data controller’ for the purposes of the Act. As such Aneurin Leisure is obliged to ensure that it handles all personal data in accordance with the Act.
Aneurin Leisure takes that responsibility very seriously and takes great care to ensure that personal data is handled appropriately in order to secure and maintain individuals’ trust and confidence.
1. Why do we handle personal data?
Aneurin Leisure processes personal information to enable it to provide a range of services to its customers which include:
· Maintaining our own accounts and records
· Supporting and managing our employees
· Promoting the services that Aneurin Leisure provides
2. What type/classes of personal data do we handle?
In order to carry out the purposes described under section 1 above Aneurin Leisure may obtain, use and disclose personal data including the following:
· Personal details
· Family details
· Lifestyle and social circumstances
· Goods and services
· Financial details
· Employment and education details
· Visual images
· Business activities
· Physical or mental health details
· Racial or ethnic origin
· Trade union membership
· Offences (including alleged offences)
· Religious or other beliefs of a similar nature
Aneurin Leisure will only use appropriate personal data necessary to fulfil a particular purpose or purposes. Personal data could be information which is held on a computer, in a paper record i.e. a file, as images, but it can also include other types of electronically held information e.g. CCTV images.
3. Who information is processed about
In order to carry out the purposes described under section 1 above Aneurin Leisure may obtain, use and disclose personal data about the following:
· Staff, persons contracted to provide a service
· Complainants, enquiries or their representatives
· Professional advisors and consultants
· Students and pupils
· People captured by CCTV images
· Representatives of other organisations
4. Where do we obtain personal data from?
In order to carry out the purposes described under section 1 above Aneurin Leisure may obtain personal data from a wide variety of sources, including the following:
· HM Revenue and Customs;
· Voluntary sector organisations;
· Approved organisations and people working with the Aneurin Leisure;
· Central government, governmental agencies and departments;
· Individuals themselves;
· Relatives, guardians or other persons associated with the individual;
· Current, past or prospective employers of the individual;
· Education, training establishments and examining bodies;
· Business associates and other professional advisors;
· Employees and agents of Aneurin Leisure;
· Suppliers, providers of goods or services;
· Persons making an enquiry or complaint;
· Financial organisations and advisors;
· External claims handlers
· Medical consultants and GPs
· Trade, employer associations and professional bodies;
· Local government;
· Voluntary and charitable organisations;
· Ombudsman and regulatory authorities;
· The media;
· Data Processors working on behalf of Aneurin Leisure;
· Information openly available on the internet;
· Other departments within the Trust.
Aneurin Leisure may also obtain personal data from other sources such as its own CCTV systems, or correspondence.
5. How do we handle personal data?
In order to achieve the purposes described under section 1 Aneurin Leisure will handle personal data in accordance with the Act. In particular we will ensure that personal data is handled fairly and lawfully with appropriate justification. We will strive to ensure that any personal data used by us or on our behalf is of the highest quality in terms of accuracy, relevance, adequacy and non-excessiveness, is kept as up to date as required, is protected appropriately, and is reviewed, retained and securely destroyed when no longer required.
6. How do we ensure the security of personal data?
Aneurin Leisure takes the security of all personal data under our control very seriously. We will ensure that appropriate policy, training, technical and procedural measures are in place, including audit and integrity monitoring, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so, and then under strict guidelines as to what use may be made of any personal data contained within them. These procedures are continuously managed and enhanced to ensure up-to-date security.
7. Who do we disclose personal data to?
We sometimes need to share information with the individuals we process information about and other organisations. Where this is necessary we are required to comply with all aspects of the Act. What follows is a description of the types of organisations we may need to share some of the personal information that we process with for one or more reasons:
· Family, associates or representatives of the person whose personal data we are processing
· Healthcare, social and welfare organisations
· Providers of goods and services
· Financial organisations
· Educators and examining bodies
· Local and central government
· Ombudsman and regulatory services
· Press and the media
· Professional advisers and consultants
· Trade unions
· Professional bodies
· Survey and research organisations
· Police forces
· Voluntary and charitable organisations
· Data processors
· Regulatory bodies
· Law enforcement agencies and bodies
· Security companies
· Service providers
· Press and the media
· Current past and prospective employers and examining bodies
· Legal representatives, defence solicitors
· The disclosure and barring service
· External claim handlers
· Loss Adjusters
· Insurance Brokers and Insurers
It may sometimes be necessary for Aneurin Leisure to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the Act.
8. What are your rights in relation to your personal data which is handled by Aneurin Leisure?
Individuals have various rights under the Act:
Right of Access
You can obtain a copy, subject to exemptions, of your personal data held by Aneurin Leisure. A copy of the application form is available on the Trust’s website.
Under the Act you are also entitled to obtain confirmation as to whether or not data concerning you is being processed by the Trust. Where that is the case, you are entitled to the following information subject to exemptions:
· The purposes of and legal basis for the processing
· The categories of personal data concerned
· The recipients to whom the personal data has been disclosed
· The period for which it is envisaged that the personal data will be stored
· Communication of the personal data undergoing processing and of any available information as to its origin.
*Please note that ‘processing’ means an operation or set of operations performed on personal data such as collection, recording, organisation, structuring, storage, adaption, alteration, erasure, restriction, retrieval.
Proof of ID and any further information needed to locate the information may be required before the Trust can comply with your request.
Any request for the above information should be made in writing to the Data Protection Officer and the Trust will respond within one month.
Rectification of Data
You can request the Trust to rectify inaccurate personal data relating to you. If the data is inaccurate because it is incomplete, the Trust must complete it if required to do so by you.
A request should be made in writing to the Data Protection Officer and a response will be sent within one month.
Erasure or Restriction of Personal Data
You can request that the Trust erase your data or restrict any processing of your data, subject to exemptions.
All requests should be made to the Data Protection Officer. The Trust will then inform you of whether the request has been granted and if it has been refused, the reasons for the refusal.
Right Not to be Subject to Automated Decision-Making
Under the Act you have the right not to be subject to a decision when it is based on automated processing and it produces a legal effect or a similarly significant effect on you. You have a right to express your point of view and obtain an explanation from the Trust of its decision and challenge it.
However, it should be noted that this right does not apply to all decisions as there are exemptions for example, performance of a contract to which you are a party.
9. How long does Aneurin Leisure retain personal data?
Aneurin Leisure keeps personal data as long as is necessary for the particular purpose or purposes for which it is held in accordance with the statutory retention periods and national guidelines.
10. Contact Us
Any individual with concerns over the way Aneurin Leisure handles their personal data may contact Aneurin Leisure’s Data Protection Officer as below:
Legal & Corporate Compliance, General Offices, Ebbw Vale, Gwent, NP23 6DN.
Telephone 01495 311556
You can also raise concerns with the Information Commissioner for Wales. The Information Commissioner can be contacted at:
Information Commissioner’s Office – Wales
Telephone: 02920 678400 Fax: 02920 678399
Email: email@example.com Website: https://ico.org.uk/
By registering or placing an order on this site, you consent to the collection, use and transfer of your information under the terms of this policy.
Information That We Collect From You
When you visit or complete our contact form on www.lifeleisure.co.uk you may be asked to provide certain information about yourself including your name and contact details. We may also collect information about your usage of our website as well as information about you from e-mails or letters you send to us.
Use of Your Information
Your information will enable us to provide you with access to all parts of our site and to supply the services you have requested. It will also enable us to contact you where necessary. We will also use and analyse the information we collect so that we can administer, support, improve and develop our business.
In particular, we may use your information to contact you for your views on our services and to notify you occasionally about important changes or developments to the site or our services. Further, where you have consented, we might also use your information to let you know about other products and services which we offer which may be of interest to you and we may contact you by post, telephone or fax, as well as by e-mail. If you change your mind about being contacted in the future, please let us know.
The information you provide to us will be held on our computers in the UK and may be accessed by or given to our staff and third parties who act for us for the purposes set out in this policy or for other purposes approved by you. We may also pass aggregate information on the usage of our site to third parties but this will not include information that can be used to identify you.
Where you have consented when providing us with your details, we may also allow carefully selected third parties to contact you occasionally about products and services which may be of interest to you. They may contact you by e-mail. If you change your mind about being contacted by these companies in the future, please let us know, by contacting us at the address at the bottom of the page.
Finally, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
Countries outside the European Economic Area do not always have strong data protection laws. However, we will always take steps to ensure that your information is used by third parties in accordance with this policy.
Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
Cookies are small amounts of information which we store on your computer. Unless you have indicated your objection when disclosing your details to us, our system may issue cookies to your computer when you log on to the site. Cookies make it easier for you to log on to and use the site during future visits. They also allow us to monitor website traffic and to personalise the content of the site for you. You may set up your computer to reject cookies although, in that case, you may not be able to use certain features on our site. If you do not wish to receive cookies in the future, please let us know, by contacting us at the address at the bottom of the page.
Security & Data Retention
We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We will retain your information for a reasonable period or as long as the law requires.
Accessing & Updating
You are entitled to see the information held about you and you may ask us to make any necessary changes to ensure that it is accurate and kept up to date. If you wish to do this, please contact us. We are entitled by law to charge a fee of £10 to meet our costs in providing you with details of the information we hold about you.
All comments, queries and requests relating to our use of your information are welcomed and should be addressed to:
Big Wave Media
1st Floor, Exeland House
Telephone: 0845 643 2385