This page outlines the General Data Protection Regulation (GDPR) statement for Newport City Council. For further information about how we collect and process personal data, please read our GDPR privacy notice.

Data Protection Act 2018

Newport City Council collects some personal data to work as a local authority. Details about how we carry out processing of personal data is available within individual service privacy notices, found within their respective sections.

Sometimes we obtain your personal data from other sources. If we do this, we will tell you where we have got your information from and what was collected. For example, your name, address and date of birth.

Your data and how it's processed

Newport City Council is the data controller.

The data protection officer is the council's digital services manager. Other data controllers may also be responsible for your information. 

When we process your personal information, we will tell you: 

  • the main users of your information
  • if we share your information and who it is shared with (internal and external)
  • data processors and who they are (companies who process your data on our behalf)
  • details of any international transfer of your personal data

Any information we hold can be subject to requests under the Data Protection Act (2018).

If you would like to request information, please ask for our personal information request form.

We ask for necessary information and will tell you why we need personal information.

We may ask you to sign a contract to deliver a service, this will require personal information.

Sometimes, we use technology to make decisions about our services, we will let you know what system we have used.

You have the right to remove consent at any time. 

If you choose not to provide the information, we will explain what this means for you.

This data is given more protection under the Data Protection Act 2018.

The data might include:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • the processing of genetic or biometric data for the purposes of identification
  • health data and sexual orientation

We keep your information in line with our information retention and disposal policy.

We keep information for as long as it is needed, after which it will be deleted or destroyed.

We protect personal data by taking steps to ensure it's security. 

This includes protection against:

  • unauthorized or unlawful use 
  • accidental loss, destruction, or damage

Under the Data Protection Act 2018 you have the right to request to: 

  • have your data changed if it is wrong or incomplete
  • have your data erased
  • restrict the use of your data
  • exercise your right to data portability

You can object to the use of your data for:

  • direct marketing
  • profiling 
  • automated decision-making

Complaints procedure

If you are unhappy with the way the council is using your data, you can complain to us.

You can also complain online to the Information Commissioners Office, or by telephone on 0303 123 1113.

Alternatively, you can contact the Information Commissioner by post at: 

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.