Privacy notice relating to the processing of personal data by the South East Wales Corporate Joint Committee for the management and governance of the committee

South East Wales Corporate Joint Committee

The South East Wales Corporate Joint Committee (SEWCJC or ‘committee’) is one of four corporate bodies established in Wales to ensure that there are consistent mechanisms in place when collaborating regionally for strategic development planning and regional transport planning.

The SEWCJC consists of the following members:

  1. Executive Leaders of the following Local Authorities (referred to in the Regulations as ‘Constituent Councils’) appointed under Part 3(7) of the Regulations;
    1. Cardiff Council
    2. Monmouthshire County Council
    3. Blaenau Gwent County Borough Council
    4. Bridgend County Borough Council
    5. Caerphilly County Borough Council
    6. Merthyr Tydfil County Borough Council
    7. Newport City Council
    8. Rhondda Cynon Taf County Borough Council (RCTCBC)
    9. Torfaen County Borough Council
    10. The Vale of Glamorgan Council
  2. Brecon Beacons National Park Authority (BBNPA) member appointed under Part 3(8) of the Regulations.
  3. Co-opted participants (optional) appointed under Part 3(9) of the Regulations.

Part of the SEWCJC’s obligations as a joint regional committee is to ensure that there are appropriate governance arrangements in place, and that these governance arrangements are appropriately managed and maintained.

About this privacy notice

This privacy notice is intended to provide information about how the SEWCJC will use (or ‘process’) personal data about individuals for the purpose of managing the following Committees, Sub-Committees, Advisory Boards and Groups:

  • South East Wales Corporate Joint Committee (SEWCJC)
  • Joint Overview and Scrutiny Committee
  • Governance & Audit Sub-Committee
  • Standards Committee
  • Appointments Sub-Committee
  • Regional Transport Sub-Committee
  • Strategic Development Sub-Committee
  • Investment Board
  • Regional Growth Board
  • Shareholder Group
  • Any future sub-committees, advisory board or groups which are approved by SEWCJC

The Data Controller

The SEWCJC is the controller for the personal data it processes.

The SEWCJC is registered with the ICO as a controller under registration number ZB295457.

How to contact us for data protection matters or concerns

You can contact us by phone, email and post as follows:

Email us: InfoRights@cardiffcapitalregion.co.uk 

Write to us as: Cardiff Capital Region, Data Protection Officer, Sbarc|Spark, Maindy Road, Cardiff, CF24 4HQ

You can also complain to the ICO if you are unhappy with how we have used your personal data, but we encourage you to contact us first.

The Data Protection Officer

RCTCBC provides a data protection support service to the SEWCJC, including the provision of a Data Protection Officer (DPO).

We encourage you to contact the SEWCJC in the first instance regarding any data protection matter. However, should you have the need to contact the Data Protection Officer directly, you can do so via email at Information.management@rctcbc.gov.uk

We recommend, when contacting the DPO, you send a copy of the correspondence to the SEWCJC as the data controller InfoRights@cardiffcapitalregion.co.uk

Whose personal data we process

We process personal data relating to:

  • Committee, Sub-Committee, Advisory Board and Group members
  • Officers who attend the committees, sub-committees, advisory boards and groups
  • Report authors

The categories of personal data we process

We may process the following categories of personal data relating to committee members, officers and report authors:

  • Name
  • Job title/role
  • Employer information (name, address)
  • Business contact information (address, email address, telephone number etc)
  • Personal contact information (address, email address, telephone number etc)
  • Information relating to any declaration of interest. This may include but is not limited to:
    • Financial interest
    • Business interest
    • Land or property interests
    • Political interest
    • Membership or affiliation with other organisations, e.g. a trade union, club, charity, associations etc.

Why we process the personal data

We process the personal data in order to fulfil our statutory obligations relating to the governance of committee meetings. This includes but is not limited to the following activities:

  • Managing membership
  • Managing the declarations of interests process
  • Arranging committing meetings
  • Managing attendee lists
  • Sending out invites
  • Preparing committee reports
  • Publishing and distributing committee reports
  • Recording attendance at meetings
  • Recording of public meetings
  • Producing and publishing minutes to document discussions and decisions made at committee meetings

Our lawful bases for processing the personal data

Under the General Data Protection Regulation (GDPR), our lawful bases for processing personal data to undertake our statutory functions is:

  • Legal Obligation (c) – processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Public Task – Article 6 (e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Substantial public interest – Article 9 (2) (g) – processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

The primary legislation, regulations and guidance that supports this includes:

Who or where we get the personal data from

We may receive the personal data from the following individuals or organisations:

  • Committee members
  • Officers within the SEWCJC and Local Authorities
  • Support staff within the SEWCJC and Local Authorities

Who we share the personal data with

Minutes of committee meetings are published on the Cardiff Capital Region website and can be found here:

Data Processors

A data processor is a company or organisation that processes personal data on behalf of a controller. The SEWCJC uses data processors that provide services to us. The categories of data processors we use are:

  • ICT Services and Support providers

Our data processors act only upon our instruction – they cannot do anything with your personal data unless we have instructed them to do it. They will not share your personal information with any organisation apart from us or use it for their own purposes. They will hold it securely and retain it for the period we instruct.

Should you have a specific query relating to our data processors, please contact InfoRights@cardiffcapitalregion.gov.uk

How long we retain the personal data

Publication of minutes, background papers and any other relevant documentation following a committee meeting will be retained for 6 years.

Declaration of interests will be retained for 1 year until superseded.

Your data protection rights

Under data protection law, you have rights we need to make you aware of. The right available to you depend on our reason for processing the information.

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right on the ICO’s website.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right on the ICO’s website.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right on the ICO’s website.

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests. You can read more about this right on the ICO’s website.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering a contract and the processing is automated. You can read more about this right on the ICO’s website.

You are not required to pay any charge for exercising your rights. We have one month to respond to your request from the date your request is validated. We may extend this period by a further two months if the request is complex or we receive a number of requests from you. 

Please contact us if you wish to make a request.

Your right to make a data protection complaint

You have the right to complain to the SEWCJC if you believe we have not handled your personal data responsibly and in line with good practice.

If you have a concern, we encourage you to contact the Data Protection Lead in the first instance. Most concerns can be resolved relatively quickly through a simple phone call or email.

Should you wish to make a formal complaint please refer to the Complaints Policy on our website or contact Feedback@cardiffcapitalregion.gov.uk

You can also complain to the ICO if you are unhappy with how we have used your data, but we encourage you to contact us first. The ICO’s contact information is:

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk

Skip to content