Skip to main content

How we will handle any personal data you provide in relation to your grant application or request for grant funding.

First published:
3 September 2024
Last updated:

Background

The Welsh Government provides a wide range of grant schemes to help deliver our policies and create a fairer, more prosperous Wales.

Before we provide grant funding to you and during the term of the grant award, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. ‘You’ are an individual or an organisation. If you are an organisation, reference to ‘you’ or ‘your’ includes your officers.

Lawful processing

The Welsh Government will be the data controller for any personal data you provide in relation to your grant application or request for grant funding. We will process it in line with our public task and the official authority vested in us to issues grant funding and prevent fraud and money laundering, and to verify identities. Such processing is also a requirement of the grant funding you have requested and will help us assess your eligibility to receive the grant funding.

What we process and share

The data you provide or we collect from publicly available sources may be shared with fraud prevention agencies if we suspect or detect fraud. The data may include but is not limited to your:

  • name
  • date of birth
  • residential address and address history
  • contact details such as email address and telephone numbers 
  • financial information
  • employment details, including your National Insurance number
  • device identification including your IP address

We, and fraud prevention agencies, may use this information, including any personal data, to prevent fraud and money laundering, and to verify your identity. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

Fraud prevention agencies can hold your personal data for different periods of time, depending on how that data is being used. Please contact us for more information. If you are considered to pose a fraud or money laundering risk, your data can be held by fraud prevention agencies for up to 6 years from its receipt.

The Welsh Government or any third party acting on behalf of the Welsh Government may contact you for the purpose of research and evaluation to give feedback on your experience of the project. All of this information will be analysed and presented anonymously.

Consequences of processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the grant funding you have requested, and we may stop providing existing grant funding to you. If you would like to know more, please contact us for more information using the details provided below.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us for more information using the details provided below.

Data transfers

Some fraud prevention agencies may transfer your personal data outside of the European Economic Area. Where they do, they impose contractual obligations on the recipients of that data. Those obligations require the recipient to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

We will keep personal information in accordance with our retention policy. If your application is successful your personal data can be kept for up to 10 years after the date when you, as grant recipient, are free from all conditions relating to the grant awarded and all payments have been made.

If you are unsuccessful your details will be kept for one year after the date you provided them.

Your rights

Under the data protection legislation, you have the right:

  • to access the personal data the Welsh Government holds on you
  • require us to rectify inaccuracies in that data
  • to (in certain circumstances) object to or restrict processing
  • for (in certain circumstances) your data to be ‘erased’
  • to lodge a complaint with the Information Commissioner’s Office (ICO) who is the independent regulator for data protection.

If you want to exercise any of these rights, please contact us using the details provided below.

For further details about the information the Welsh Government holds and its use, or if you want to exercise your rights under the data protection legislation, please see contact details below:

Data Protection Officer:

Welsh Government
Cathays Park
CARDIFF
CF10 3NQ
Email: dataprotectionofficer@gov.wales

The contact details for the Information Commissioner’s Office are:

2nd Floor, Churchill House
Churchill Way
Cardiff
CF10 2HH

Telephone: 0330 414 6421
Website: ico.org.uk

To contact the Culture Division with any questions email culture@gov.wales