Skip to main content

How we will handle any personal data you provide in relation to your grant application or request for grant funding.

This privacy notice applies to Welsh Government grants awarded after July 2021.

For grants awarded before July 2021 visit the UK Web Archive.

The Welsh Government provides a wide range of grant schemes to help deliver our policies and create a fairer, more prosperous Wales.

Before we provide grant funding to you and during the term of the grant award, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. ‘You’ are an individual or an organisation. If you are an organisation, reference to ‘you’ or ‘your’ includes your officers.

Lawful processing

The Welsh Government will be the data controller for any personal data you provide in relation to your grant application or request for grant funding. We will process it in line with our public task and the official authority vested in us to prevent fraud and money laundering, and to verify identities. Such processing is also a requirement of the grant funding you have requested and will help us assess your eligibility to receive the grant funding.

What we process and share

The data you provide or we collect from publicly available sources may be shared with fraud prevention agencies if we suspect or detect fraud. The data may include but is not limited to your:

  • name
  • date of birth
  • residential address and address history
  • contact details such as email address and telephone numbers 
  • financial information
  • employment details, including your National Insurance number
  • device identification including your IP address

We, and fraud prevention agencies, may use this information, including any personal data, to prevent fraud and money laundering, and to verify your identity. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

Fraud prevention agencies can hold your personal data for different periods of time, depending on how that data is being used. Please contact us for more information. If you are considered to pose a fraud or money laundering risk, your data can be held by fraud prevention agencies for up to 6 years from its receipt.

Consequences of processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the grant funding you have requested, and we may stop providing existing grant funding to you. If you would like to know more, please contact us for more information using the details provided below.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us for more information using the details provided below.

Data transfers

Some fraud prevention agencies may transfer your personal data outside of the European Economic Area. Where they do, they impose contractual obligations on the recipients of that data. Those obligations require the recipient to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

We will keep personal information in accordance with our retention policy. If your application is successful your personal data can be kept for up to 10 years after the date when you, as grant recipient, are free from all conditions relating to the grant awarded and all payments have been made.

If you are unsuccessful your details will be kept for one year after the date you provided them.

Your rights

Under the data protection legislation, you have the right:

  • to access the personal data the Welsh Government holds on you
  • require us to rectify inaccuracies in that data
  • to (in certain circumstances) object to or restrict processing
  • for (in certain circumstances) your data to be ‘erased’
  • to lodge a complaint with the Information Commissioner’s Office (ICO) who is the independent regulator for data protection.

If you want to exercise any of these rights, please contact us using the details provided below.

For further details about the information the Welsh Government holds and its use, or if you want to exercise your rights under the data protection legislation, please see contact details below:

Data Protection Officer:

Welsh Government
Cathays Park
CARDIFF
CF10 3NQ
Email: dataprotectionofficer@gov.wales

The contact details for the Information Commissioner’s Office are:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 01625 545 745 or 0303 123 1113
Website: ico.org.uk