Skip to main content

How we handle personal data you provide us for transaction monitoring purposes, at the Welsh Revenue Authority (WRA).

To protect your data and our services, we operate transaction monitoring capabilities. This records how you connect to our systems, and what you do whilst you’re on them.

We only monitor you when you’re signed into our services.

You should read our privacy policy alongside this privacy notice.

Why we process your data

The WRA processes your data for transaction monitoring purposes to:

  • keep your data safe, private and secure
  • protect your data from people looking to use it for fraudulent and criminal purposes
  • prevent fraud
  • prevent, detect, investigate and prosecute civil and criminal activity

Data we collect

Transaction monitoring records information about you when you’re signed into our services.

We collect personal data about:

  • the computers, phones or devices you use
  • the internet connections you use
  • what you do when you are on our services
  • what you tell us

Transaction monitoring may collect your data even if you do not directly use our systems. For example, when an authorised tax agent or representative contacts us on your behalf.

How we process your data

When you sign in to one of our services, we create unique identifiers in the browser, application or device you’re using. We also give you a transaction monitoring cookie which we use to help recognise you and link you to your account.

The information we collect includes:

  • unique identifiers
  • browser type and settings
  • device type
  • operating system
  • application version number

We also collect information about the interaction of your apps, software, browsers and devices with our services. This includes:

  • your IP address
  • date and time
  • referrer URL of your request

We collect information about what you do in our services, such as:

  • pages you access
  • information you give us

We may also collect data about you from trusted security partners who provide us with information to protect against abuse.

We use this information to help improve the safety and security of our services. This includes detecting, preventing and responding to:

  • fraud,
  • abuse
  • security risks
  • technical issues that could harm the WRA or our customers

Lawful basis for processing data

We collect and process your data as needed to carry out our official function as a government department. Also, to do so in the public interest, such as to prevent and detect crime and fraud.

As the WRA is permitted to carry out transaction monitoring without your consent under General Data Protection Regulation (GDPR) Article 6(1)(e), you cannot withdraw your consent.

When we may share your data with third parties

We will, in some circumstances and where the law allows, share your personal information with third parties.

When we detect crime, we may share information with:

  • other law enforcement agencies
  • government departments
  • credit reference agencies
  • anti-fraud groups

How long we keep your data

We keep transaction monitoring records for 7 years, in line with our Retention and Disposal Schedule.

Where you've held an account longer than the standard retention period, we may hold some account information which is older but still up to date.

Your rights

GDPR lists certain rights that apply to you when your personal data is stored and used as described. These rights relate to the legal basis for processing the data and the purposes to which the data are put.

For this purpose, your rights are limited to the right to be informed, which this notice covers. Other rights may apply in some circumstances.

Contacts

For any questions about this notice or your rights, please contact our Data Protection Officer.

Data Protection Officer

Welsh Revenue Authority
PO Box 110
Pontypridd
CF37 9EH

We're currently unable to access our post, so there’ll be a delay processing any request you send us by post. To avoid this delay, we recommend you email instead. Contact us if you're unable to do so.

Send complaints to this contact in the first instance. You can also complain directly to the Information Commissioner’s Office (ICO). The ICO is the UK supervisory authority for data protection issues

Information Commissioner’s Office Wales

Churchill House
17 Churchill Way
Cardiff
CF10 2HH

Telephone: 029 2067 8400 / 0303 123 1113

Changes to this privacy notice

Any changes to this privacy notice will be updated on this page, for example, any new uses of personal data.

From time to time, we may also contact you through other means about the processing of your personal data.

Share this page