Are you OK with cookies?

We use small files called ‘cookies’ on Some are essential to make the site work, some help us to understand how we can improve your experience, and some are set by third parties. You can choose to turn off the non-essential cookies. Which cookies are you happy for us to use?

Skip to content

Privacy Notice

The Independent Monitoring Authority (“IMA”, “we”, “us”, “our”) of 3rd Floor Civic Centre, Oystermouth Road, Swansea, SA1 3SN are committed to protecting and respecting your privacy. We are committed to the protection of the personal data we process in line with the data protection principles set out in the UK General Data Protection Regulation, EU General Data Protection Regulation and Gibraltar General Data Protection Regulation (collectively the “GDPR”) and the Data Protection Act 2018 (“DPA18”).

This privacy notice (“this Notice”) explains what personal data we collect from individuals who visit our website, contact us using our web forms, by email, phone or through one of our social channels; or other marketing communications (“you”, “your”). It also explains what information we collect automatically when you visit our website and the information we collect when you register to use our services.

The Independent Monitoring Authority is the data controller for the purposes of the GDPR, registered in the UK with the Information Commissioner’s Office, registration number ZA804857.

As an information-led business, we place great importance on ensuring the quality, confidentiality, integrity and availability of the data we hold and in meeting our data protection obligations when processing personal data. We are committed to protecting the security of your personal data. We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use or disclosure.

We update this Notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to the products and services we offer. When changes are made, we will update the date at the top of this document. Please review this Notice periodically to check for updates.

What information do we process?

Information you provide to us

We process all information you give us, either through our website (“our site”) or by corresponding with us by telephone, email or otherwise. This includes information you provide when you use our site, register for our service, search for a product or service, or other social media functions linked to our site, or when you report a problem with our site.

Information processed following an enquiry

We may process the following information:

  • Name
  • Address
  • Email address
  • Telephone number(s)
  • Any information you share through our social media channels
  • Device information
  • Location data

We use your name, address, email address and telephone number to contact you about your complaint, enquiry or our investigation.

Information processed when registering a complaint with the IMA

The list of information processed may include, but is not limited to:

  • Name
  • Address
  • Email address
  • Telephone number(s)
  • Business name (if applicable)
  • Date of Birth
  • National Insurance Number
  • Photographs
  • Medical / Health data or reports. This information is strictly protected, only accessible by colleagues that need access.
  • Residential status
  • Portal log-in data
  • Portal usage data
  • Location data
  • Identification documents (e.g., copy of passport, other identity card)
  • Information required for legal and regulatory compliance

Cookies and Web Beacons

Our website uses cookies to better the users experience while visiting. Our website uses a cookie control system which allows the user, on their first visit to the website, to allow or disallow the use of cookies on their computer / device (click the cookie icon at the bottom right hand corner of the screen).

Cookies are small text files saved to the user’s computer which track, save and store information about the user’s interactions and usage of our website. This allows our website to provide users with a tailored experience. Users are advised that if they wish to deny the use and saving of cookies from our website on to their computer or device, they should take necessary steps within their web browsers security settings to block all cookies from our website.

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Our website uses tracking software to monitor our visitors, to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer or device in order to track and monitor your engagement and usage of our website, but will not store, save or collect personal information. You can read Google’s privacy policy here for further information.

Other cookies may be stored on your computer by external vendors if we use referral programs, sponsored links or advertisements. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal data is stored, saved or collected. 

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. To install all other types of cookies, we need your consent.

Purpose and bases for processing your data

We may use your data for the following purposes and on the following lawful bases:


Responding to correspondence from you.

Lawful Bases for Processing

It is in our legitimate interest to respond to enquiries made via our website, by email, through our social channels or any other means.

Registering a complaint with the IMA.

When you register a complaint with us, we process your data with your consent. This consent may be withdrawn at any time by emailing When processing your special category data, we do so with your explicit consent. This consent may be withdrawn at any time by emailing

Investigating a complaint/inquiry.

When we investigate a complaint/carry out an inquiry, we may be required to share your data with selected Government departments. We will do this with your consent. This consent may be withdrawn at any time by emailing When processing your special category data, we do so with your explicit consent. This consent may be withdrawn at any time by emailing

Business management, forecasting and statistical purposes.

It is our legitimate interest to identify areas for managing current business relationships, develop our services and for managing our business.

Improving our website and the overall website visitor and user experience.

It is our legitimate interest to allow analytics and search engine providers to help improve and optimise our website.

Improving our website and the overall website visitor and user experience.

We use cookies on our website with your consent.

Prevention and detection of crime including money laundering, fraud or other crimes. 

We have a legal obligation to report any such activity to the relevant authorities and regulators.

Providing you with updates about your complaint or our investigation and the stage of the investigation process.

It is our legitimate interest to provide updates regarding your complaint or our investigation.

Improving our website and the overall website visitor experience.

It is our legitimate interest to provide accurate and up-to-date information to users of our website and to increase features in order to continually improve and expand the services we provide.

Analyse and track use of our website for reporting and analytical purposes

It is our legitimate interest to monitor our website usage in order to continually improve the user experience. It is our legitimate interest to allow analytics and search engine providers to help improve and optimise our website

Sharing your information

We will rarely share your personal data outside the United Kingdom (“UK”) or the European Economic Area (“EEA”). If this becomes necessary for the purposes of providing our services to you, we will only share it where appropriate safeguards are in place, such as Standard Contractual Clauses (“SCCs”) with supplementary measures recognised by the EU Commission and the UK ICO, to ensure your personal data is protected to the same standard expected within the UK and EEA.

As stated in section 3 above, to assist with our investigations, we may need to share your personal data with selected Government agencies. We will do this with your consent, which may be withdrawn at any time by emailing Should you withdraw your consent, we will cease sharing your personal data immediately. We may continue to use your details in order to complete our investigations, but all personal data by which you can be identified will be removed so that you remain anonymous. This is to ensure that the issues that you have highlighted can still be fully investigated.

As a public authority, we may also process your personal data if we are carrying out a task in the public interest. You may object to this processing by emailing

Our website includes links to other third-party websites and social media platforms (Facebook, Instagram, Twitter). The sites may collect your IP address and may set a cookie on your device. When you use one of these links, you are sharing information to another website or service and this Notice will no longer apply. Please read the privacy notices provided by the particular service website you are directed to before posting any personal information using these links.

Your rights

The GDPR provides you with certain rights in relation to the processing of your personal data, including to:

  • Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, and to check that we are processing it lawfully
  • Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request personal data provided by you to be transferred in machine-readable format (“data portability”).
  • Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g., if you want us to establish its accuracy or the reason for processing it).
  • Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on the legitimate interests of the IMA.

Some of these rights are not absolute and are subject to various conditions under applicable data protection and privacy legislation, laws, and regulations to which we are subject. If at any time you decide that you no longer wish to be contacted for marketing purposes, or if you would like to exercise any of your rights as set out above, you can contact us at You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

In addition to the above, please note that you have the right to make a complaint at any time to the Information Commissioner’s Office, or another relevant supervisory authority if you are concerned about the way in which we are handling your personal data.

Data retention period

We will retain your personal data for as long as is necessary to provide you with our products and ongoing services and for a reasonable period thereafter, to enable us to meet our legal obligations and to deal with complaints and claims.

At the end of the retention period, which should be no longer than 7 years, your personal data will be securely deleted in accordance with the IMA Personal Data Retention and Destruction Policy.


You can contact the IMA in relation to data protection and this privacy notice by emailing