Data protection

Mae’r dudalen yma ar gael yn Gymraeg.

We are committed to protecting personal data and respecting the rights of individuals. To that end, it is our policy to fully comply with the Data Protection Act 1998 and any related legislation. In addition we have mechanisms in place to meet our obligations according to our policy and complying with the Act.

Our Data Protection Policy may be accessed below. In addition to particular rights for individuals, it includes Eight Data Protection Principles that specifically ensure we:

  1. process personal data fairly and lawfully and, in particular will not process personal data unless specific conditions are met
  2. obtain personal data for one or more specified and lawful purpose and will not further process the data in any manner incompatible with the original purpose
  3. only collect data that is adequate, relevant and not excessive in relation to the purpose for which it is processed
  4. keep personal data accurate and, where necessary, up-to-date
  5. retain personal data for no longer than is necessary
  6. process personal data in accordance with the rights of individuals under the Data Protection Act
  7. put in place appropriate technical and organisational measures to prevent any unauthorised or unlawful processing, accidental loss, destruction of, or damage to, personal data
  8. do not transfer personal data outside the European Economic Area (EEA) without an adequate level of protection for the rights and freedoms of individuals in relation to the processing.

Publications and updates

  • Published: 4th Jul 2009
  • Guidance
  • 1 Associated documents