Neath Port Talbot County Borough Council have a Data Protection regime in place to oversee the effective and secure processing of your personal data: in accordance with the requirements of the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018 (DPA).
In providing your personal information to the Council (including any personal information provided to us through the service applications in this website (www.npt.gov.uk)) you acknowledge that Neath Port Talbot County Borough Council (the Council) is the data controller for personal information provided to us.
Why we need it?
Your information will be used by the Council for one or more of the following purposes:-
- The processing is necessary for the performance of a contract with yourself or in order to take steps at your request prior to entering into such a contract;
- The processing is necessary for the Council to comply with a legal obligation to which it is subject;
- The processing is necessary for the performance of a task carried out in the public interest by the Council or in the exercise of official authority vested in the Council;
- The processing is necessary for the purposes of the legitimate interests pursued by the Council or by a third party.
The Council will not process your personal information for any other purposes, other than those set out above.
Please note that each of the service applications on this website is designed to collect personal data from you with the intention of providing you with a service (or services) or to enable the Council to carry out its legitimate public and/or business functions. Accordingly, each of the website applications provides details of the purpose (or purposes) that your information will be used for. Each service application also provides details of the relevant GDPR legal basis being relied upon by the Council (in order to lawfully process your personal data), in the form of a specific Privacy Notice for each particular application.
What we do with it?
All the personal data we process is processed by our staff in the United Kingdom. For the purposes of IT hosting and maintenance this information is located on servers within the European Union and it will not be transferred outside of the European Union.
The Council will not use your personal data for the purposes of automated decision making.
Your information may be shared within Council departments to the extent permitted by law and we will not share your data with third parties unless we are required or permitted to do so by law (e.g. under GDPR, DPA or any other legislation).
We will share your personal data securely with service providers who are exercising responsibilities on the part of the Council, but we will ensure that such information is protected by way of GDPR compliant Data Processing Agreements.
How long we keep it for?
The information will be held by the Council in accordance with requirements set out in legislation and generally (subject to any legal requirements to the contrary) for a minimum period of six years. Though where you have provided information for marketing purposes this will be kept by us, until you notify us that you no longer wish to receive this information.
For more information on our retention periods please refer to the specific Privacy Notice relating to the specific service application which you are using on our website.
What are your rights?
Under GDPR you are entitled to the following rights in respect of your personal data:
- A right of access to your personal data held by the Council;
- A right to have any inaccuracies in your personal data corrected;
- A right to have personal data held by the Council erased (in certain circumstances);
- A right to restrict the processing of your personal data (in certain circumstances);
- A right to object to the Council using your personal data for direct marketing purposes;
- A right to data portability (in certain circumstances).
Further information on the above rights may be obtained from the Information Commissioner’s Office; information is also available on the Information Commissioner’s website (www.ico.org.uk).
In the event that you wish to object to the Council’s use of this information or amend any information, you may notify the Council at any time who will consider any request - but please note that this may have an impact on the nature of the services that the Council will be able to provide to you.
Also please be aware that there is certain personal information which the Council must hold in respect of you by virtue of our legal requirements and any failure to give this information or to provide accurate information, could render you liable to legal proceedings.
If at any point you believe that the personal information we process about you is incorrect, you may request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
Our Data Protection Officer can be contacted at the Directorate of Finance & Corporate Services, Civic Centre, Port Talbot, SA13 1PJ
If having made a request and/or complaint to the Council, you are not satisfied with our response or believe that we are processing your personal data in a manner which is not in accordance with the law, you may complain directly to the Information Commissioner’s Office (ICO).
The ICO’s contact details may be found on the ICO’s website: (www.ico.org.uk).
A copy of this notice is available to download below