Accessibility links

Listen with Browsealoud
Language selection

Data protection

Personal data is information relating to an identifiable living individual. Whenever personal data is processed, collected, recorded, stored or disposed of it must be done within the terms of the Data Protection Act (DPA). The DPA contains a set of data protection principles which the council must follow and these are set out below:

  • Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –
    (a) at least one of the conditions in Schedule 2 is met, and
    (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
  • Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  • Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  • Personal data shall be accurate and, where necessary, kept up to date.
  • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  • Personal data shall be processed in accordance with the rights of data subjects under this Act.
  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  • Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Your rights under the act

Your rights under the act are:

  • to be informed by the council whether your data is being processed
  • to make a subject access request
  • to ask for incorrect data to be corrected
  • to ask the council not to use your information for direct marketing or to make decisions about you based on the automatic processing of the data
  • to ask the council not to use your data if it is likely to cause you damage or distress
  • to seek compensation for damage or distress by the council’s failure to comply with certain requirements of the Act

Why we keep personal information

The council offers a wide range of services to our customers and clients. We need to obtain and use personal information so that we can deliver and record the services people need.

Consent to use your personal information

We will not usually give out personal data without your permission.  However, sometimes we may have to, if, for example:

  • we are required to provide or publish the information by law or the order of a court
  • the information is needed to prevent or detect crime
  • it is in the vital interests of the person concerned
  • it is necessary to safeguard public interests

Depending on why we originally obtained it and how we use it, personal information may be shared with other departments within the council and other organisations and public bodies. We will only share the minimum amount of information that is needed.

Asking to see your information

To see the information please fill in the subject access request form and send it to:

Legal and Regulatory Services
Address: Civic Offices, Angel Street, Bridgend, CF31 4WB.

A reply to a subject access request is normally made within 40 calendar days. We may need proof of ID and further information. There is a £10 fee for subject access requests.

If your data is incorrect

You should write to the information officer and tell us what data is incorrect. We must respond to you within 21 days.

How long we keep personal data

The length of time that we keep personal information depends on why we have it. We will not keep your data for longer than we need to.

Further information about the Data Protection Act can be found on the Information Commissioner’s Office website.


We try to meet high standards when collecting and using personal information and we take any complaints we receive about this very seriously.
If you are not happy with the way your data has been handled, please contact our information officer at the council. You may also contact the Information Commissioner’s Office.


Legal and Regulatory Services

Address: Civic Offices, Angel Street, Bridgend, CF31 4WB.

Bridgend County Borough Council Data Protection Policy

A to Z Search