EU Structural Funds 2014 to 2020 Programme: privacy notice

For the purposes of this privacy notice, ‘you’ are either:

• a beneficiary of a Structural Funds operation approved by the Welsh European Funding Office. This notice should be read alongside the Funding Agreement issued to you. 
• a member of a WEFO stakeholder/working group or committee.
• an attendee of an event organised by WEFO.

If you are an organisation, reference to ‘you’ or ‘your’ includes your officers. 

The Welsh European Funding Office is responsible for delivering the European Structural Fund Programmes in Wales. The administration and implementation of the programmes require the Welsh European Funding Office, which is part of the Welsh Government, to collect/ process personal data. This data is used to establish eligibility, assess the effectiveness and impact of the EU Programmes and to ensure equitable participation from all areas of society. Even though the UK has now formally left the European Union and the transition period has ended, these obligations will continue to apply until the Structural Fund Programmes have been formally closed. The ability to undertake this function is governed by the European Union (EU) General Data Protection Regulation (Regulation (EU) 2016/ 679) (the “EU GDPR”) and the retained EU law version of the General Data Protection Regulation ((EU) 2016/ 679) (the “UK GDPR”) and applies to the Structural Funds. 

Under the EU GDPR and UK GDPR, the Welsh Government will be the Data Controller and the lawful basis we rely upon for processing personal data is ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’. If the information you provide us contains special category data, such as data concerning health or ethnic origin, the lawful basis we rely on is ‘processing is necessary for reasons of substantial public interest’.

Before we provide EU funding to you and during the term of the EU funded operation, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

Any personal data we collect for the purposes of preventing fraud and money laundering will be managed in line with the Welsh Government grants privacy notice.

If you make a complaint or Freedom of Information request to us, this information will be managed in line with the Welsh Government Privacy Notice.

We will ask you to provide data for staff employed to deliver the EU funded activity. This data may include but is not limited to:

• name
• employment contact details such as email address and telephone numbers 
• employment details and payroll information, including National Insurance numbers

When required, we will also share this data with Welsh Government audit teams, Wales Audit Office, EU audit teams and independent external auditors.

The Structural Fund regulations require you to provide data in relation to your EU funded operation. This includes:

(a) Monitoring data which comprises individual ESF participant level data and ESF and ERDF Enterprise level data which contains contact details for a named individual in the enterprise and

(b) Information requirements under the Eligibility rules and conditions for EU funds support.

We will use monitoring data (including the individual participant records) to monitor and evaluate the EU funds in Wales. We use eligibility information to verify the eligibility of participants, activity and expenditure and process claims for financial support. In order to determine whether applicable regulations/rules are being complied with, the data will be shared with Welsh Government audit teams, Wales Audit Office, EU audit teams and independent external auditors where required.

We may also share the monitoring data (including the individual participant records) with commissioned research organisations interviewing participants so they can talk to them about their experiences. Not everyone who takes part in the programmes will be contacted. If a participant is contacted by researchers, the purpose of the research will be explained to the individual who will be given the option to not take part in the research. The research organisations will delete a participants contact details once the research is complete.

To support the research, we may link participant records from the monitoring data to other information about them held by the Welsh Government and UK Government departments. For example, this may include the Longitudinal Educational Outcomes dataset, Careers Wales data, the Lifelong Learning Wales Record, records held by HMRC and DWP, the Labour Force Survey, Annual Population Survey and ESF Participants Survey. This will be undertaken only for the purpose of (i) evaluating the impact EU funds support has had on the people who participated and (ii) research on related topics undertaken by the Welsh Government or approved social research organisations. We will never publish information which will identify any individuals.

Data will also be passed to Welsh Government support contractors for the purpose of resolving system problems. These contractors will not be permitted to make any other use of these data.

As part of our work to deliver EU Structural funds we have a number of various working groups and a Wales Programme Monitoring Committee (WPMC) which is responsible for monitoring the implementation of the EU funds in Wales. If you are asked to join a working group/ committee or put yourself forward, we will provide you with a description of the working group/ committee outlining:

• its purpose
• your role in the group/ committee
• how often they will meet
• if minutes and papers of the group/ committee will be published

Whilst you are a member of a group/ committee, we will contact you to arrange meetings, to send you papers or other information that is relevant to the purpose of the group/ committee. If we wish to use your personal data for any reason other than for the purpose of your membership of the group/ committee, we will contact you and provide a full explanation of why we wish to use the data.

If you no longer wish to be a member of a working group/ committee, you can contact the group/ committee secretariat to request to be removed.

To help publicise and promote the EU funds and provide an update to partners, WEFO organises a number of annual events.  We will request your personal data if you attend. This will include your name, contact details, the organisation you are from, dietary requirements and if the venue includes controlled access parking, then your car registration number will be required. We will use your contact details to send you information about attending the event and provide post event material too. Where you need to report to a reception at a venue, we will provide the venue with the names of all attendees and if relevant your car registration.

If we wish to use your personal data for any reason other than to organise the event then we will ask you about this as part of the booking process.

We will retain your details including your name and email address in order for you to receive the Horizon Europe e-News.

If you no longer wish to receive the e-News, you can contact the Horizon Europe Unit mailbox to unsubscribe and we will delete your personal information immediately. 

All data in relation to the 2014-2020 EU funds must be retained in line with the retention period set out in the Structural Fund regulations. We will therefore retain any personal information until at least 31 December 2027. This date may be extended where State Aid or other EU requirements apply. WEFO will confirm (i) where this applies and (ii) provide details of the applicable date.

Under the data protection legislation, you have the right:

• to be informed of the personal data the Welsh Government holds on you and access it
• to require us to rectify inaccuracies in that data
• to (in certain circumstances) object to or restrict processing
• for (in certain circumstances) your data to be ‘erased’
• to lodge a complaint with the Information Commissioner’s Office (ICO) who is the independent regulator for data protection.

If you want to exercise any of these rights, please contact us using the details provided below.

For further details about the information the Welsh Government holds and its use, or if you want to exercise your rights under the data protection legislation, please see contact details below:

Data Protection Officer:

Welsh Government
Cathays Park
CARDIFF
CF10 3NQ
Email: dataprotectionofficer@gov.wales

The contact details for the Information Commissioner’s Office are:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 01625 545 745 or 0303 123 1113
Website: ico.org.uk