Diverse Cymru Welsh Government Culture Grant Scheme

How we will handle any personal data you provide in relation to your grant application or request for grant funding.

Diverse Cymru is administering the Culture Grant Scheme for Grassroot Organisations for Welsh Government. The Scheme will award revenue and capital funding to Black, Asian and minority ethnic organisations and groups and organisations whose clientele are primarily Black, Asian or Ethnic Minority people in the financial years 2023/24 and 2023/25.

Before we provide grant funding to you and during the term of the grant award, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. ‘You’ are an individual or an organisation. If you are an organisation, reference to ‘you’ or ‘your’ includes your officers.

Lawful processing

Diverse Cymru will be the data controller for any personal data you provide in relation to your grant application or request for grant funding. We will process it in line with the administration of the Scheme to issue grant funding and prevent fraud and money laundering, and to verify identities. Such processing is also a requirement of the grant funding you have requested and will help us assess your eligibility to receive the grant funding.

What we process and share

The data you provide, or we collect from publicly available sources may be shared with fraud prevention agencies if we suspect or detect fraud. The data may include but is not limited to your:

• name
• date of birth
• residential address and address history
• contact details such as email address and telephone numbers
• financial information
• employment details, including your National Insurance number
• device identification including your IP address
• diversity data of your project beneficiaries

We, and fraud prevention agencies, may use this information, including any personal data, to prevent fraud and money laundering, and to verify your identity. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

Fraud prevention agencies can hold your personal data for different periods of time, depending on how that data is being used. Please contact us for more information. If you are considered to pose a fraud or money laundering risk, your data can be held by fraud prevention agencies for up to 6 years from its receipt.

Diverse Cymru will share information collected from you and your organisation provided by your or gathered by Diverse Cymru, during the application period and ongoing project monitoring information, with Welsh Government for the purposes of communicating the impact of the Scheme.

Diverse Cymru or any third party acting on behalf of Diverse Cymru may contact you for the purpose of research and evaluation to give feedback on your experience of the project. All this information will be analysed and presented anonymously.

Consequences of processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the grant funding you have requested, and we may stop providing existing grant funding to you. If you would like to know more, please contact us for more information using the details provided below.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing, or employment to you. If you have any questions about this, please contact us for more information using the details provided below.

Data transfers

Some fraud prevention agencies may transfer your personal data outside of the European Economic Area. Where they do, they impose contractual obligations on the recipients of that data. Those obligations require the recipient to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

We will keep personal information in accordance with our retention policy. If your application is successful your personal data can be kept for up to 10 years after the date when you, as grant recipient, are free from all conditions relating to the grant awarded and all payments have been made.

If you are unsuccessful your details will be kept for one year after the date you provided them.

Your rights

Under the data protection legislation, you have the right:

• to access the personal data that Diverse Cymru holds on you
• require us to rectify inaccuracies in that data
• to (in certain circumstances) object to or restrict processing
• for (in certain circumstances) your data to be ‘erased’
• to lodge a complaint with the Information Commissioner’s Office (ICO) who is the independent regulator for data protection.

If you want to exercise any of these rights, please contact us using the details provided below.

For further details about the information Diverse Cymru holds and its use, or if you want to exercise your rights under the data protection legislation, please see contact details below:

Data Protection Officer:
Diverse Cymru
96-98 Neville Street,
Cardiff
CF11 6LS

Telephone: 029 2036 8888
Email: info@diverse.cymru

The contact details for the Information Commissioner’s Office are:

2nd Floor, Churchill House
Churchill Way
Cardiff
CF10 2HH

Telephone: 0330 414 6421
Website: ico.org.uk