1. How we use your personal data

We are committed to protecting your own personal data.

We collect data about you when you sign up to receive information or services from us, through face-to-face interviews, phone calls and various forms. We also collect information when you attend events or voluntarily complete our surveys / evaluations.

We will use your insensitive personal data to

  1. sign you up as a new client
  2. payment management
  3. collecting and recovering money owed to us
  4. managing our relationship with you
  5. send details of our goods and services to you

Our legal grounds for processing your data in relation to points (i) to (iv) above for entering into an agreement with you and in respect of (iii) and (v) above, are necessary for our legitimate interest to develop our products/services and grow our business and to recover outstanding funds.

Any sensitive personal data we collect from you will be for the purpose of providing our services to you or if we need to comply with a legal commitment. Our legal basis for processing the data is your express consent.

We will not share your details with third parties for marketing purposes, except with your express permission.

2. Disclose your personal data

We may be required to share our personal data with

  1. service providers providing Information Technology support and administrative systems
  2. professional advisers including lawyers, bankers, auditors and insurers
  3. HMRC and other regulatory authorities
  4. Recognising Excellence manages the Advice Quality Service programme
  5. third parties with which we sell, transfer or merge parts of our business or assets
  6. Doctors, Department for Work and Pensions, Local Authorities, charities and landlords
  7. any other officers /professional bodies for the purpose of our service to you

In certain circumstances you may ask us to delete your data. Check out the section titled ‘Your rights’ below for more information. The third parties we transfer your data to are required to respect the security of your personal data and treat it in accordance with the law. They are allowed to process your personal data at our instruction only.

3. Data Security

We have introduced safeguards to prevent your personal data being accidentally lost, used or viewed in an unauthorised manner, modified or disclosed. We restrict access to your personal data to the employees, agents, contractors and other third parties with a business need to obtain such data. They will process your personal data only in accordance with our instructions and are subject to a duty of confidentiality. We have introduced procedures to deal with any suspected breaches of personal data management, and will notify you and any relevant regulator where we are legally required to do so.

In certain circumstances you may ask us to delete your data. Check out the section titled ‘Your rights’ below for more information. We could anonymise your personal data (so that you are no longer identifiable from such data) for research or statistical purposes, and in that case we could use this information indefinitely without further notification.

4. Data Retention

We will retain your personal data as long as necessary to achieve the purposes for which the data was collected. We could keep your data to meet any legal, accounting or reporting requirements so, for example, we have to keep certain information about you for six years after you finish being a client for tax purposes. You have the right to ask us to delete the personal data we have about you in certain circumstances. Check out section 6 below.

5. Your rights

We are able to implement certain rights in relation to your personal data that we process. These are set out in more detail in

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

In relation to a subject request for information, you may request that we inform you about the data we hold about you and how we process it. We will not charge a fee for responding to this request unless it is clear that your request is unfounded, or that they are repeated or excessive requests, in which case we could charge a reasonable fee or refuse to respond.

In most cases we will reply within a month of the date of the application, unless your application is complex or you have made a large number of requests. In that case we will notify you of any delay and, in any case, we will reply within three months.

If you wish to submit a subject request for information, please send the request to the attention of the Data Protection Officer –

Canllaw (Eryri) Cyf
Uned 8/9
Llys y Fedwen
Parc Menai
Bangor
Gwynedd
LL57 4BL

Or send an email to gofalathrwsio@gofalathrwsio.org addressed to the attention of the Data Protection Officer

6. Keep your data up to date

We have a duty to keep your personal data up to date and accurate, so from time to time we will contact you to ask you to confirm that your personal data remains current and accurate.

If there are any changes to your personal data (such as a change of address), please let us know as soon as possible by writing to us or emailing the addresses set out in section 6 above.

7. Complaints

We are committed to protecting your personal data but, if you are not happy with any aspect of how we collect and use your data for any reason, you have the right to complain to the Information Commissioner’s Office, the data protection matters oversight authority in the United Kingdomwww.ico.org.uk).

It would be appreciated if you would contact us first if you have a complaint so we can try to resolve your complaint.