Conwy and Denbighshire Public Services Board

Building better communities

Conwy & Denbighshire Public Services Board

Privacy

Data Protection Act 1998 – Fair Processing Notice.

The use and disclosure of personal data is governed in the UK by the Data Protection Act 1998.

Denbighshire County Council is a ‘data controller’ for the purposes of the Data Protection Act 1998 and is notified with the Information Commissioner. Our notification number is Z573781X. As a data controller, the Council will make every reasonable effort to ensure that we or any third party who may process data on our behalf, complies with the principles of the Data Protection Act when processing personal data.

The 8 Data Protection principles can be found below:

1. Personal data shall be processed fairly and lawfully.

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

This notice is known as a ‘fair processing’ notice for the purposes of the Data Protection Act 1998 and intends to inform you of the types of personal data Denbighshire County Council may hold and what it may do with it.

What types of information will Denbighshire County Council be holding about me?

We may be holding such information as your name, address, date of birth or bank account details, but we could also be holding more sensitive types of information about you for example, information about your health, religion, sexual orientation or any criminal offences you may have committed. The type of information we hold will depend upon the service being delivered.

Personal data could be information which is held on a computer, in a paper record i.e. a file, but it can also include other types of electronically held information i.e. CCTV images.

The information we hold about you may be collected from a variety of sources for example, from you, your legal representative, partners and relatives or from other agencies.

What will Denbighshire County Council do with my information?

Denbighshire County Council collects and holds personal information about members of the public, staff and those people that it carries out business with or provides services to. Denbighshire County Council will only use the information that it holds to comply with its statutory duties for example, the collection of council tax or to provide you with a service that you have requested or need.

In certain circumstances you may have consented to us collecting and holding your information for example, by signing up to a marketing list for a certain type of public event.

How will my personal data be protected?

Denbighshire County Council will make every effort to keep your information secure and will endeavour to comply with all relevant legislation including the Data Protection Act 1998 and applicable standards, for example the ISO27001 Information Security Standard. This means that we have to put measures in place to ensure that our computers and files are secure and that the information you give to us will be kept confidential.

Who will Denbighshire County Council disclose my information to?

From time to time Denbighshire County Council is obliged by law to disclose personal information that it holds, for example to the Revenue and Customs, the Police, the Health Service or other agencies. Any disclosures made will only be done in accordance with the law.

What can I do if I want to find out what information Denbighshire County Council holds on me?

A person is entitled, in accordance with the provisions of the Data Protection Act 1998, to ask for a copy of the information that a ‘data controller’ holds. This is known as a ‘Subject Access’ request. Denbighshire County Council has procedures in place so that people can make a subject access request.

What can I do if I think the information held on me is incorrect, or misleading?

Denbighshire County Council will ensure that it will keep its information as up to date as possible however, please tell us if you think that the information held about you is incorrect in any way. This will not only help us to keep you informed about vital services you may be entitled to, but will also ensure that we comply with our legal requirements.

The Data Protection Act 1998 gives you the right to have information blocked, rectified, erased, amended or deleted. However, in some circumstances we may be required by law to keep your information for a certain period of time so it may not always be possible to do so. Where this is the case we will tell you.

If you wish to tell us that the information held about you is incorrect, please contact us.

If you want to find out more about the Data Protection Act, please contact the Information Commissioner.

National Fraud Initiative

In order to prevent and detect fraud, we are required by law to protect the public funds we administer and may share information with other bodies responsible for auditing or administering public funds.

The Auditor General for Wales appoints an auditor to audit our accounts. He or she is also responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body. This is usually personal information. Data matching allows fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The Auditor General requires us to provide information data matching to assist in the prevention and detection of fraud. We are required to provide particular sets of data for matching for each exercise, and these are set out in the Wales Audit Office’s guidance, which can be found at http://www.wao.gov.uk/about-us/national-fraud-initiative.

Details are set out in the Auditor General’s handbooks, which can be found at www.wao.gov.uk.

The use of data by the Auditor General in a data matching exercise is carried out with statutory authority under its powers in Part 3A of the Public Audit (Wales) Act 1998. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

Data matching by the Auditor General is subject to a Code of Practice. This may be found at www.wao.gov.uk.

For further information on the Auditor General’s legal powers and the reasons why he matches particular information, see www.wao.gov.uk or contact: NFI Co-ordinator, Wales Audit Office, 24 Cathedral Road, Cardiff CF11 9LJ, 029 2032 0616 or email nfi@wao.gov.uk.

Deddf Gwarchod Data 1998 – Hysbysiad Prosesu Teg

Caiff defnydd a datgeliad data personol ei reoli yn y DU gan Ddeddf Gwarchod Data 1998.

Mae Cyngor Sir Ddinbych yn rheoli data i bwrpas Deddf Gwarchod Data 1998 hefo’r Comisiynydd Gwybodaeth. Ein rhif rhybudd yw Z573781X . Fel rheolwr data bydd y Cyngor yn gwneud pob ymdrech resymol i sicrhau ein bod ni neu drydydd parti yn gallu prosesu data ar ein rhan ac yn cadw at egwyddorion y Ddeddf Gwarchod Data wrth brosesu data personol.

Gwelir yr 8 egwyddor Gwarchod Data isod:

1. Dylid prosesu data personol yn deg ac yn gyfreithlon.

2. Dylid casglu data personol er gyfer un neu fwy o ddibenion cyfreithlon yn unig, ac nid ydynt i’w prosesu ymhellach mewn unrhyw ffordd sy’n anghydnaws â’r diben neu’r dibenion hynny.

3. Bydd data personol yn ddigonol, yn berthnasol ond nid yn ormodol mewn perthynas â diben neu ddibenion eu prosesu.

4. Bydd data personol yn fanwl gywir a, lle bo hynny’n angenrheidiol, yn cael eu cadw’n gyfamserol.

5. Ni fydd data personol brosesir ar gyfer unrhyw ddiben neu ddibenion yn cael eu cadw’n hirach nag sydd angen ar gyfer y diben neu’r dibenion hynny.

6. Prosesir data personol yn unol â hawliau deiliaid data dan y Ddeddf yma.

7. Dylid cymryd camau technegol a threfniadol priodol yn erbyn prosesu data personol anawdurdodedig neu anghyfreithlon ac yn erbyn colled ddamweiniol neu ddistryw, neu niwed i ddata personol.

8. Ni ddylid trosglwyddo data personol i wlad neu diriogaeth y tu allan i’r Gymuned Economaidd Ewropeaidd oni bai bod y wlad neu’r diriogaeth honno yn sicrhau lefel diogelwch digonol i hawliau a rhyddid deiliaid data o safbwynt prosesu data personol.

Adnabyddir yr hysbysiad hwn fel hysbysiad ‘prosesu teg’ at ddiben Deddf Gwarchod Data 1998 a’r bwriad yw i’ch hysbysu o’r mathau o ddata personol y gallai Cyngor Sir Ddinbych eu cadw a beth ellir ei wneud ag o.

Pa fath o wybodaeth fydd Cyngor Sir Ddinbych yn ei gadw amdanaf i?

Fe allwn fod yn cadw gwybodaeth fel eich enw, cyfeiriad, dyddiad geni neu fanylion cyfrif banc, ond fe allwn hefyd fod yn cadw gwybodaeth mwy sensitif amdanoch er enghraifft, gwybodaeth am eich iechyd, crefydd, tueddfryd rhywiol neu unrhyw droseddau torcyfraith. Bydd y wybodaeth sydd gennym ni yn dibynnu ar y gwasanaeth drosglwyddir i ni.

Gallai data personol fod yn wybodaeth gedwir ar gyfrifiadur, mewn cofnod papur h.y. ar ffeil, ond gall hefyd gynnwys mathau eraill o wybodaeth gedwir yn electronig h.y. lluniau CCTV.

Gall y wybodaeth sydd gennym ni amdanoch chi fod wedi ei gasglu o nifer o ffynonellau amrywiol er enghraifft, gennych chi, eich cynrychiolydd cyfreithiol, partner a theulu neu gan asiantau eraill.

Beth fydd Cyngor Sir Ddinbych yn ei wneud â’r wybodaeth amdanaf i?

Mae Cyngor Sir Ddinbych yn casglu a chadw gwybodaeth bersonol am aelodau o’r cyhoedd, staff a’r bobl hynny y mae’n ganddo gysylltiadau busnes â nhw neu bobl y mae’n darparu gwasanaeth ar eu cyfer nhw. Ni ddefnyddir y wybodaeth yma gan Gyngor Sir Ddinbych ond i gydymffurfio â dyletswyddau statudol er enghraifft, casglu treth cyngor neu i ddarparu gwasanaeth y gwnaethoch chi gais amdano neu sydd ei angen arnoch chi.

Mewn rhai amgylchiadau fe allech fod wedi cytuno i ni gasglu a chadw’r wybodaeth er enghraifft, drwy arwyddo rhestr farchnata ar gyfer math arbennig o ddigwyddiad cyhoeddus.

Sut y caiff fy nata personol i ei ddiogelu?

Fe wnaiff Cyngor Sir Ddinbych bob ymdrech i gadw’r wybodaeth amdanoch chi yn ddiogel ac fe wnaiff bob ymdrech i gydymffurfio â phob deddfwriaeth berthnasol gan gynnwys Deddf Gwarchod Data 1998 a phob safon perthnasol, er enghraifft ISO27001 Safon Diogelwch Gwybodaeth. Mae hyn yn golygu ein bod wedi cymryd camau i sicrhau fod ein cyfrifiaduron a’n ffeiliau yn ddiogel ac y bydd y wybodaeth rowch chi i ni yn cael ei gadw’n gyfrinachol.

I bwy y bydd Cyngor Sir Ddinbych yn datgelu’r wybodaeth amdanaf i?

O bryd i’w gilydd mae rheidrwydd cyfreithiol ar Gyngor Sir Ddinbych i ddatgelu gwybodaeth bersonol gedwir ganddo, er enghraifft i Gyllid a Thollau, yr Heddlu, y Gwasanaeth Iechyd neu asiantau eraill. Bydd unrhyw ddatgeliad a wneir yn unol â’r gyfraith.

Beth allwn i ei wneud i ddarganfod pa wybodaeth sydd gan Gyngor Sir Ddinbych amdanaf i?

Mae gan berson hawl, yn unol â darpariaeth Deddf Gwarchod Data 1998, i ofyn am gopi o’r wybodaeth sy’n cael ei dal gan y ‘rheolwr data’. Gelwir hyn yn gais ‘Hawl Gweld Deiliad’.

Beth allwn i ei wneud os tybiwn i fod y wybodaeth amdanaf i yn anghywir neu’n gamarweiniol?

Bydd Cyngor Sir Ddinbych yn sicrhau fod y wybodaeth gedwir mor gyfamserol ag sydd bosib ond cofiwch roi gwybod os y credwch fod y wybodaeth amdanoch chi yn anghywir mewn unrhyw ffordd. Bydd hyn nid yn unig yn gymorth i ni ddarparu gwybodaeth i chi am wasanaethau hanfodol yr ydych yn gymwys i’w derbyn, ond hefyd bydd yn sicrhau ein bod yn cydymffurfio â’n gofynion deddfwriaethol.

Mae Deddf Gwarchod Data 1998 yn rhoi’r hawl i chi flocio, cywiro, dileu neu ddiwygio gwybodaeth. Ond, mewn rhai amgylchiadau, efallai y bydd yn rhaid i ni drwy gyfraith i gadw’r wybodaeth am gyfnod arbennig felly efallai na fydd hi’n bosib i wneud hynny bob tro. Os felly fe rown wybod i chi.

Os hoffech chi wybod mwy am y Ddeddf Gwarchod Data, cysylltwch â’r Comisiynydd Gwybodaeth.

Menter Twyll Genedlaethol

Er mwyn atal a chanfod twyll, mae’n ofynnol i ni yn ôl y gyfraith, ddiogelu’r arian rydyn ni’n ei weinyddu a rhannu gwybodaeth gyda chyrff eraill sy’n gyfrifol am archwilio neu weinyddu cyllid cyhoeddus.
Bydd Archwilydd Cyffredinol Cymru’n penodi archwilydd i archwilio ein cyfrifon. Mae hefyd yn gyfrifol am gynnal ymarferion paru data.
Mae paru data’n cynnwys cymharu cofnodion cyfrifiadurol a ddelir gan un corff yn erbyn cofnodion cyfrifiadurol eraill a ddelir gan yr un corff neu gorff arall. Gwybodaeth bersonol ydy’r data hwn fel arfer. Mae paru data’n ei gwneud yn bosibl adnabod ceisiadau a thaliadau twyllodrus. Pan ddeuir o hyd i bâr mae’n dynodi fod yna anghysondeb ac felly mae angen ymchwilio iddo ymhellach. Ni ellir tybio fod yna achos o dwyll, gwall neu esboniad arall nes y cynhelir ymchwiliad.

Mae’r Archwilydd Cyffredinol yn gofyn i ni ddarparu gwybodaeth paru data er mwyn cynorthwyo i atal a chanfod twyll. Mae’n rhaid i ni ddarparu setiau penodol o ddata i’w paru ar gyfer pob ymarfer, ac mae’r rhain wedi eu nodi yng nghanllawiau Swyddfa Archwilio Cymru, ac mae dod o hyd iddynt yn http://www.wao.gov.uk/cy/amdanom-ni/menter-twyll-genedlaethol

Mae’r manylion yn llawlyfrau’r Archwilydd Cyffredinol sydd i’w cael ar www.wao.gov.uk. Defnyddir data gan yr Archwilydd Cyffredinol mewn ymarfer paru data gydag awdurdod statudol fel rhan o’i bwerau yn Rhan 3A o Ddeddf Archwilio Cyhoeddus (Cymru) 1998. Nid oes angen caniatâd yr unigolion perthnasol o dan Ddeddf Diogelu Data 1998.

Mae paru data gan yr Archwilydd Cyffredinol yn destun Cod Ymarfer. Mae hwn i’w gael ar www.wao.gov.uk.

I gael rhagor o wybodaeth am bwerau cyfreithiol yr Archwilydd Cyffredinol a’r rhesymau pam ei fod yn paru gwybodaeth benodol, ewch i www.wao.gov.uk neu cysylltwch â: Cydgysylltydd y Fenter Twyll Genedlaethol, Swyddfa Archwilio Cymru, 24 Heol y Gadeirlan, Caerdydd CF11 9LJ, 029 2032 0616 neu anfonwch e-bost at nfi@wao.gov.uk

 

Conwy & Denbighshire PSB