Select your language

Education Workforce Council privacy information

Tel: 029 2046 0099 | Email: information@ewc.wales

The Corporate Services team are responsible for employee administrative support and general enquires from the public. We are responsible for facilitating arrangements for visitors to the EWC office and ensuring relevant information is sent to contractors and others who are carrying out work on behalf of the EWC, for example Council members. We hold the names and contact details of individuals acting in their capacity as representatives of their organisations, across the business.

We have Wi-Fi on site for the use of visitors. We’ll provide you with the address and password on request.

Any CCTV used in our head office is not operated by us, so we are not the controller. It will be under the control of the relevant building landlord.

We need enough information from you to answer your enquiry. If you call, we won’t make an audio recording of it and we won’t usually need to take any personal information from you. But in certain circumstances we may make notes to provide you with a further service as required.

If you contact us via email or post, we’ll need a return address for response.

Where we obtain your information

We obtain personal data in different ways, including through:

  • Direct contact – individuals may give us their personal information by corresponding with us by post, email or telephone or otherwise.
  • Third parties or publicly available sources – we may receive personal information of individuals from third parties
  • We may also receive information from publicly available sources and internally from our data team

What personal information we collect

We collect the following information from visitors and contractors: name, company, contact details.

When using wifi at the EWC office, we record the device address and will automatically allocate visitors an IP address whilst on site. We also log traffic information in the form of sites visited, duration and date sent/received.

The type of personal data held for Council members can include:

  • Name
  • Home address
  • workplace address
  • email addresses
  • telephone numbers
  • Members' register of interests
  • Pen picture
  • Short biography
  • Dietary requirements
  • Accessibility requirements

How we use your information

If your visit is planned, the Corporate Services team will be aware of your name and visit information so they can expect your arrival. Visitors will need to sign the guest book on arrival for security and fire safety reasons, in the event of a fire the guest book will be used for roll call following evacuation.

We don’t ask you to agree to terms when using wifi at EWC offices, just to the fact that we have no responsibility or control over your use of the internet while you are on site, and we don’t ask you to provide any of your information to get this service.

The personal data collected from Council members used to facilitate meetings and meet corporate governance standards.

Contact details are held to ensure Stakeholders are sent meeting details or applicable circulations, any relevant papers and for operational and business continuity reasons.

The Council will hold the contact details for as long as is needed provide you with a service or conduct our business in accordance with our functions and our records management policy. We will keep it in line with our retention schedule, legislative requirements and best practice guidance until the data is no longer needed for the purpose it was collected. Following this the information will be destroyed and disposed of in a secure manner.

How long we keep it

Emails - The retention period of an e-mail is determined by the importance of its contents. Most emails do not need to be kept beyond the timeframe of the task to which they refer. If an email is sufficiently valuable as to be kept as a permanent record then for business continuity purposes, and also to enable the Council to meet its freedom of information and data protection obligations, important emails and attachments will be stored. Emails which have not been saved will be automatically deleted after 1 year.

Contact details for general correspondence, emails, meetings and conference calls will be held for as long as it is needed to conduct our business in accordance with our functions and records management policy. We will keep it in line with our retention schedule, legislative requirements and best practice guidance until the data is no longer needed for the purpose it was collected.

General minutes, agendas and papers of meetings are generally held for 6 years plus the current financial year and will then be reviewed.
For information about how long we hold personal data, see our retention schedule.

 Why our use of your personal data is lawful

The purpose for processing this information is for security and safety reasons. The legal basis we rely on to process your personal data is article 6(1)(f) of the UK GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

The purpose for processing this information is to provide you with access to the internet whilst visiting our site. The legal basis we rely on to process your personal data is article 6(1)(f) of the UK GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

Communicate with us as a business

If this relates to interactions regarding our regulatory functions, the legal basis is article 6(1)(e) of the UK GDPR. If the interactions relate to suppliers, contracts, buildings management, IT services etc., the legal basis is article 6(1)(c) of the UK GDPR for any legal obligation or article 6(1)(f) because the processing is within our legitimate interests as a business.


What is the legal basis?

The legal basis for this is article 6(1)(C) of the UK GDPR, which relates to processing necessary to comply with a legal obligation to which we are subject.

For any special category data that is provided, such as health, religious or ethnic information the legal basis we rely on to process it is article 9(2)(g) of the UK GDPR, which also relates to our public task and the safeguarding of your fundamental rights. And Schedule 1 part 2(6) of the DPA2018 which relates to statutory and government purposes.