Standards Commissioner Website

Skip to content
Please Contact us

Cymraeg

Upholding reputations, safeguarding standards, addressing concerns

Standards Commissioner Website > Privacy Notice

Privacy Notice

This Privacy Notice sets out how the Senedd Commissioner for Standards will collect, store and process your personal data.

About us

The Senedd Commissioner for Standards (‘the Commissioner’) or any Acting Senedd Commissioner for Standards, is supported by staff. References in this Privacy Notice to ‘us’, ‘our’ or ‘we’ are to the Commissioner and such staff.

The Commissioner is appointed under section 1 of the National Assembly for Wales Commissioner for Standards Measure 2009 (‘the Measure’) and is independent of the Senedd.

The Commissioner is the Controller of personal data processed as described in this Privacy Notice (‘Notice’).

This Notice was drafted with brevity and clarity in mind and explains what you should expect when we process your personal data. It is not intended to provide exhaustive detail about all aspects of how the Commissioner may collect and use personal information. Where requested, we will try to provide any additional information or explanation needed. Requests should be sent to the address provided at the end of this Notice.

Collection of your personal data

When you contact us, visit us, access or use our services either online, by post, in person or by other means, or otherwise engage with our work, we may collect, store and use your personal data. We may also receive personal data about you from other people or from publicly available sources.

The personal data we collect and process may include:

  • name, address, phone number, email address, other personal contact details;
  • proof of identity;
  • data that you (and others) share when engaging with us by letter, email, phone or other means;
  • records of interviews and witness statements made in relation to a complaint. For example, you may provide us with a personal recollection of events as part of our investigation into a complaint. These documents may contain personal views and opinions;
  • photographs, video or audio recordings and images, including CCTV footage;
  • data that staff share with us as part of their role;
  • legal advice – we may hold personal data as a result of obtaining legal advice;
  • details of website usage and other technical data such as details of your visits to our website or information collected through cookies and other tracking technologies;
  • special category data including data on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, health data; and sex life or sexual orientation; and
  • information relating to criminal convictions and offences.

Use of your personal data

We process your personal data so we can exercise our purpose and functions which include:

  • promoting, encouraging and safeguarding high standards of conduct of Members of the Senedd;
  • investigating complaints about the conduct of Members of the Senedd;
  • raising awareness of our work;
  • making sure our office functions properly; and
  • supporting and managing our staff.

The reason we collect personal data, also known as the lawful basis, defines the purpose for processing information. These bases include:

  • where it is necessary for the performance of our public task or is in the public interest (UK GDPR Article 6(1)(e) read with section 8(c) Data Protection Act 2018);
  • where necessary to fulfil a legal obligation (UK GDPR Article 6(1)(c)), such as the submission of reports of investigations into the conduct of Members of the Senedd;
  • where we have your consent to do so (UK GDPR Article 6(1)(a), for example when you agree to the use of analytical cookies; and
  • for staff, where it is necessary for the performance of an employment contract.

Where we process special category data, the lawful basis is that it is necessary for reasons of substantial public interest in accordance with Article 9(2)(g) UK GDPR and section 10(3) of, and paragraph 6 of Schedule 1 to, the Data Protection Act 2018. Fulfilling our functions is in the substantial public interest.

Where we process personal data about criminal offences or convictions, the lawful basis is that it is authorised by law in accordance with Article 10 UK GDPR and section 10(5) of, and paragraph 36 of Schedule 1 to, the Data Protection Act 2018. Fulfilling our functions is in the substantial public interest.

Where special category or criminal offences data of staff is processed, the lawful bases may, in the alternative, be where it is necessary to do so for employment law in accordance with Article 9(2)(b) or 10 UK GDPR and paragraph 1 of Schedule 1 to the Data Protection Act 2018.

Sharing your personal data

We may share personal data with:

  • the Committee on Standards of Conduct and its staff at the point when a formal investigation report is submitted to the Committee;
  • a Member of the Senedd who is the subject of a complaint (so they know the complaint and any evidence against them and can respond appropriately);
  • the person who made a complaint under investigation;
  • a witness or potential witness in an investigation;
  • external specialist advisers, including those within the Senedd Commission, for the purpose of obtaining confidential advice in connection with our functions or purpose;
  • the Senedd Commission where, for example:
    • it is relevant to a suspected breach of a relevant provision as defined in section 6(3) of the Measure;
    • it is necessary to facilitate the administration or maintenance of the Commissioner’s information technology account which forms part of the Senedd Commission’s ICT network;
  • the police or other law enforcement agency where it appears that the law may have been broken;
  • the Director of Public Prosecutions in certain instances where a criminal offence is suspected in relation to Standing Order 2;
  • other persons when it is considered lawful to do so or when required by law (for example, in response to a court order);
  • other bodies and organisations, for example, local authorities and regulatory bodies (for example the Public Services Ombudsman for Wales) in the event that information is relevant to the discharge of our function.

The Senedd Commission’s ICT department act as the ICT provider to the Commissioner.

In addition, where users consent to it, we use a third party service, Google Analytics, to supply statistics on the overall number of visits to our site and the pages visited (as described below).

How we collect your data

Personal information we process is provided to us by you when corresponding or otherwise engaging with us, for example, when making or responding to a complaint.

We may also receive personal data about you from other people, such as from (potential) witnesses or the Senedd Commission when we carry out investigations.

We may also obtain information from publicly available sources, such as websites or social media.

Storage and security of your personal data

We have put in place appropriate security measures to prevent your personal data from being accidently lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we limit access to your personal data to those who have a business need to know.

Information will be stored on the Senedd Commission’s ICT network (which includes third party cloud services provided by Microsoft).  Any international transfer of data by Microsoft  is covered by contractual clauses under which Microsoft ensure that personal data is treated in line with data protection legislation.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of any breach where we are legally required to do so.

In relation to the investigation of complaints, we will retain your personal data for a period of six years from the date of completion of an admissible complaint and two years in the event of an inadmissible complaint  Thereafter it will be disposed of in a secure manner.

Our website

We use essential cookies to make our website work, or work more efficiently. These do not collect any personal information. Please see our cookies policy for further details.

Log files allow us to record visitors’ use of our website.  Log files do not contain any personal information or information about which other sites you have visited.

We use a third party service, Google Analytics, to help us understand how visitors use our website. The data gives us insight into the number of users using our websites and how they arrived there. This information is collected only if visitors opt in. The information collected is classed as personal data because Google assigns a unique identifier to each visitor. We do not make any attempt to find out the identities of those visiting our website. For details of how Google Analytics uses your information, please see its privacy policy [insert link].

We may use the information to see how visitors use the website and to make improvements to our service. No personal identifiable information is stored or accessible to us through the service provided by Google Analytics.

We have measures to protect the information collected, which include restricting access to our Google Analytics data and regularly reviewing our use of analytics.

Other websites linked from this site are not covered by this privacy policy. Our website, which is hosted on Welsh Parliament-managed infrastructure, contains links to other websites.  You should always be aware when you are moving to another site and we would encourage you to read the privacy policies of the other websites that you visit.

Your rights

You have certain rights over the information we hold. In summary, these include:

  • your right to be informed about how your personal information is used;
  • your right of access to copies of your personal information;
  • your right to rectification if your information is inaccurate;
  • your right to erasure of your personal information;
  • your right to restrict our use of your personal information;
  • your right to data portability;
  • your right to object to the use of your personal information; and
  • your right to complain.

If you would like to engage any of these rights, please contact me using the contact details given in this notice.  You have also the right to complain to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.  Their website is www.ico.org.uk/  .

Our contact details

Email: Standards.commissioner@senedd.wales

Post: Office of the Senedd Commissioner for Standards, Welsh Parliament, Ty Hywel, Cardiff  CF99 1SN

Telephone: 0300 200 6542

Standards Commissioner © 2024