Privacy notice relating to the processing of personal data by Rhondda Cynon Taf County Borough Council for the purpose of Cwm Taf Morgannwg (CTM) Public Health Support Service (CTMPHSS)
This privacy notice is intended to provide information about how Rhondda Cynon Taf County Borough Council (referred to as ‘RCTCBC’, ‘Council’, ‘Local Authority’, ‘we’) will use (or ‘process’) personal data about individuals for the purpose of regional support for public health services.
This notice should be read in conjunction with;
- The Council’s corporate privacy notice
The Data Controller
The Council is the data controller for the personal data processed for the purposes of the CTM Public Health Suppprt Service.
The Council is registered with the Information Commissioner’s Office (ICO) as a controller under reference Z4870100.
Queries relating to this privacy notice
If you have any questions or queries relating to this privacy notice please contact the CTM Public Health Suport Service:
By email : ContacttracingserviceCTM.email@example.com
In writing : Ty Elai, Dinas Isaf East, Willamstown, Tonypandy, CF40 1NY
Who we are what we do
The Contact Tracing Service has reduced dramatically since the end of the Covid 19 pandemic leaving behind a team operating across the CTM Health Board region, rebranded as the CTM Public Health Support Service (CTM PHSS).
The Service is funded by Welsh Gov and will remain for this transitional year working closely with CTM University Health Board (CTMUHB) and representatives from Public Health Wales (PHW) Health Protection Teams for any emerging health protection threats
The processing may include but is not limited to the following activities;
- Support high risk closed settings such as Care Homes with acute respiratory infections such as Covid-19
- Support Health Board with ANY emerging health protection threats
Whose personal data we process
We may process personal data relating to the following individuals to;
- Manage positive cases of residents/staff of care homes and high risk closed settings where there is an out break of Covid-19
- Manage positive cases of residents of Bridgend County Borough Council (BCBC), Merthyr Tydfil County Borough Council (MTCBC), Rhondda Cynon Taf County Borough Council (RCTCBC) and Cwm Taf Morgannwg University Health Board (CTMUHB)
The categories of personal data we process
We may process the following categories of personal data to manage positive cases;
- Name, date of birth, address and contact details (including staff of high risk closed settings)
- Contact details of next of kin and parent/carers/guardians (of children)
Why we process the personal data
We process the personal data to manage positive cases. This may include but is not limited to the following activities;
- Receiving notifications of positive case(s) from Public Health Wales
- Liaise with Care Home Manager and/or high risk closed settings regarding individual cases and transmission within setting
- Providing infection, prevention and control measures to reduce the spread of infection
- Liaising with other Council departments regarding cases
- Updating relevant systems
Reporting to Public Health Wales and Welsh Government
Our lawful basis for processing the personal data
Under the General Data Protection Regulation (GDPR), our lawful basis for processing the personal data to is;
- Legal Obligation (c) – processing is necessary for compliance with a legal obligation to which the controller is subject.
- Public Task - Article 6 (e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Substantial public interest - Article 9 (2) (g) - processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;
Schedule 1, Part 2, 6 Statutory etc and government purposes
The primary legislation, regulations and guidance that supports this includes, but is not limited to;
- Public Health (Control of Diseases) Act 1984
- The Health Protection (Wales) Regulations 2010
- The Health Protection (Notifications)(Wales) Regulations 2010
- The Health Protection (Local Authority Powers) (Wales) Regulations 2010
- The Coronavirus Act 2020
Who or where we get the personal data from
We may receive the personal data from the following categories of individuals or organisations;
- Public Health Wales – when they inform the Council of an incident
- Care Home who may notify us directly of an outbreak of Covid-19
- Directly form yourself if there is a requirement to speak to you about your whereabouts and symptoms to aid investigation.
Who we share personal data with
We may share the personal data with the following key organisations to manage and support incidents;
When sharing the personal data, we only share the minimum amount necessary in relation to the purpose.
Internal Council departments such as;
Regarding any concerns about the handling of outbreaks and practices that may impact on residents/service users
Partner Local Authorites;
To support the management of outbreaks
Notification of cases
Cwm Taf Morgannwwg University Health Board
Support management of outbreaks and testing
Public Health Wales/Welsh Government
Updating of case details and for reporting purposes
A data processor is a company or organisation that processes personal data on our behalf. Our data processors act only upon our instruction. They cannot do anything with the personal data unless we instruct them to do so. They will not share the personal data with any organisation apart from us or use it for their own purposes. They will hold it securely and retain it for the period we instruct.
The categories of data processors we use are;
- IT system suppliers etc
How long we retain the personal data
We retain the personal data contained within our case management systems for:
Length of time
7 years (as set by Public Health Wales)
Record of positive case
In keeping with the General Data Protection Regulation storage limitation principle, records are periodically reviewed. Not all personal data is retained. Only personal data that is relevant to the record is retained for the entire retention period. Information that has no long term or evidential value is routinely destroyed in the normal course of business.
Your data protection rights
The General Data Protection Regulation (GDPR) gives individuals important rights, including the right of access to the personal data that the Council holds about you.
Click here for further information on your information rights and how to exercise them.
Your right to make a data protection complaint to the Council
You have the right to complain to the Council if you believe we have not handled your personal data responsibly and in line with good practice.
You can do this by contacting the Cwm Taf Public Health Support Serivce directly via one of the following communication methods. Most concerns can be resolved relatively quickly through a simple phone call or email;
Alternatively, you can raise a formal complaint via the Council’s Customer Feedback Scheme using the following link (Make a comment, compliment or complaint online) or you can contact the Council’s Data Protection Officer at Information.firstname.lastname@example.org.
Your right to make a data protection complaint to the ICO
You also have the right to complain to the ICO if you are unhappy with how we have used your data. However, we encourage you to contact us first and provide us with an opportunity to look into your concern and put things right.
The ICO can be contacted:
- Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Helpline number: 0303 123 1113
- Website: https://www.ico.org.uk