Who we are
The Celtic Freeport is a strategic partnership covering key sites in South West Wales, centred around the ports of Port Talbot and Pembrokeshire. It brings together a range of public and private sector organisations working collaboratively to deliver clean energy, green innovation, skills development, and economic growth.
The Celtic Freeport is overseen by the Celtic Freeport Company Limited, which currently includes representatives from Associated British Ports, the Port of Milford Haven, Neath Port Talbot Council, and Pembrokeshire County Council.
We are a statutory body, and you can contact us as follows:
Celtic Freeport Company Limited
Port of Milford Haven
Gorsewood Drive
Hakin
Milford Haven
SA73 3EP
UK
Port Talbot
Puckey House
Port Talbot Harbour
Port Talbot
SA13 1RB
UK
Email: enquiry@celticfreeport.wales
Data Protection Officer: luciana.ciubotariu@celticfreeport.wales
If you wish to complain about the use of your personal data, you can contact the Information Commissioner’s Office at the below address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
www.ico.org.uk
Introduction
This Policy outlines the Celtic Freeport’s Privacy, Cookies and Fair Processing Policy. It sets out our commitment to using personal data both fairly and in full accordance with Data Protection principles.
This Policy applies to personal data you provide to us, or which we collect about you, including data collected via the official Celtic Freeport website:
The Celtic Freeport is delivered through a partnership between Associated British Ports, the Port of Milford Haven, Neath Port Talbot Council, and Pembrokeshire County Council. For the purposes of Data Protection law, each partner may act as a Data Controller depending on the circumstances in which your data is processed.
The Celtic Freeport and its partners are committed to ensuring that all personal data is processed fairly, lawfully, and transparently in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
How we collect different types of information
The personal information we collect is that which individuals provide to the Celtic Freeport through direct engagement. This includes, but is not limited to, information provided via:
- Consultation responses
- Information provided by attendees at events, workshops, or engagement sessions
- Information provided when subscribing to mailing lists or newsletters
- Complaints, enquiries, and feedback
- Survey responses
- Job applications and employee information (including recruitment processes)
- Photographs and video recordings taken at events or meetings
- Information required to arrange meetings, circulate agendas and minutes, or manage working groups
- Information provided in relation to procurement, tenders, and contracts for goods and services
- Other contractual information provided by suppliers, partners, or delivery organisations
Other sources of personal data processed by the Celtic Freeport may be covered by separate fair processing notices specific to particular activities or programmes. These notices should be read in conjunction with, and as an addition to, this overarching Privacy Policy.
Who the information relates to
The information we collect, as described above, is from a variety of different sources. This personal data relates to the following categories of data subject:
- Mailing lists / contact lists
- Suppliers and contractors*
- Employees and secondees**
- Other people and organisations we work with
- Members, officers, or representatives of partner organisations and stakeholders
Supplier information
If you are one of our suppliers or contractors, we will use the information we hold on you to manage the contract between us and to support the effective delivery of services. The information we hold may also include details about your performance in providing goods or services to us, our partners, or our stakeholders.
Employee and secondee information
If you are an employee or secondee of the Celtic Freeport, we will handle your personal data in accordance with our employee-specific privacy notice, which you will have received as part of your welcome information and which is also available on request from our Data Protection Officer at: luciana.ciubotariu@celticfreeport.wales Cookies Information
Cookies
How we process personal information
Purpose
Personal information is processed for the following specified purposes:
- Processing your requests and delivering services you request from us
- Sending you information you have requested
- Auditing and analysing usage of our website
- Monitoring website usage to enable us to update and tailor our website to meet the needs of users
- Preparing information for decision-making by the Celtic Freeport Company Limited, its Boards, Committees, and Working Groups
- Sending marketing or promotional information, but only where you have specifically consented to receive this
- Running procurement processes, awarding contracts, and monitoring contractual performance and delivery
- Managing consultations, events, and engagement activities with stakeholders and communities
- To comply with our legal obligations, including fraud protection, safeguarding, and crime prevention
Fair Processing
The Celtic Freeport Company Limited is committed to the highest standards in relation to all aspects of fair processing. This includes the collection, storage, security, use, release, and destruction of personal data.
Fair Processing Notices
Our commitment to transparency and accountability in how we handle personal information is central to building trust with our stakeholders. We aim to ensure individuals are fully aware of how we collect, use, and protect their data.
From time to time, individual fair processing notices may be provided to data subjects or published on our website for specific activities or types of data collection. These notices are supplementary to, and do not override, this overarching Privacy Policy. Each should be read alongside this Policy.
How we keep information safe
Only employees of the Celtic Freeport Company Limited, or those specifically authorised to act on our behalf, will have access to your personal information.
We keep this information secure by implementing appropriate technical and organisational measures to protect it against unauthorised or unlawful processing, as well as accidental loss, destruction, or damage.
We recognise that the transmission of information via the internet is not completely secure. While we cannot guarantee the absolute security of data transmitted to our website, once we receive your information, we apply strict procedures and security processes to prevent loss, misuse, or unauthorised access. Our policy is that personal data should only be accessed by those who need it in order to carry out their role.
In the event of a security breach involving your personal information that we believe poses a risk to you, we will act without undue delay to mitigate those risks. Where required, we will notify you and/or the Information Commissioner’s Office (ICO) in line with applicable data protection laws.
How we share information
There are occasions where we need to share information with organisations within the Celtic Freeport Company Limited or with trusted suppliers who provide services on our behalf.
These providers are contractually obliged to keep your details secure and to use them only for the purposes we specify. If we wish to pass your sensitive or confidential information onto a third party, we will only do so once we have obtained your consent, unless we are legally required to share it.
We may disclose information to other partners or authorities without consent where it is necessary to comply with a legal obligation, or where permitted under Data Protection laws. For example, this may include disclosure necessary for the prevention or detection of crime, or to perform our contractual obligations.
We have information sharing agreements and protocols in place with those who provide us with professional services (e.g. internal auditors, external auditors, or contracted processors). These set out the responsibilities of the Celtic Freeport Company Limited (as the controller) and the service provider (as the processor), ensuring compliance with our privacy principles.
We also take responsibility for information shared with us by other organisations where the Celtic Freeport acts as a processor. In these circumstances, we process data strictly in line with the instructions and privacy notices of the relevant organisation, while maintaining the same commitment to security and confidentiality.
At no time will your personal information be passed to organisations outside the Celtic Freeport Company Limited for marketing, sales, or commercial purposes without your prior, explicit consent.
Lawful Grounds for Processing
We have set out below, in a table format, a description of the ways we plan to use your personal data and the legal bases on which we rely. Where applicable, we also identify our legitimate interests.
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose. If you need details about which legal basis applies to your data for a specific purpose, please contact us.
| Purpose / Activity | Type of Data | Lawful Basis for Processing |
| To respond to enquiries submitted by you via our website or other contact points | (a) Identity (b) Contact | (a) Performance or preparation to perform a contract with you and/or (b) Necessary for our legitimate interests and/or performance of a public task and/or (c) Your consent |
| To manage our relationship with you, including: • Notifying you about changes to our terms or privacy policy • Requesting additional information for enquiries or applications • Creating and organising committees or working groups • Recording declarations of interest from committee members | (a) Identity (b) Contact (c) Profile (d) Marketing and communications (e) List of financial or other interests | (a) Performance of a contract with you and/or (b) Necessary to comply with a legal obligation and/or (c) Necessary for our legitimate interests (to keep records updated and manage relationships) or performance of a public task and/or (d) Your consent |
| To administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, IT support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical | (a) Necessary for our legitimate interests (running our website and organisation, administration, IT services, network security, fraud prevention, business continuity) (b) Necessary to comply with a legal obligation |
| To deliver relevant website content, events, or information to you and measure or understand the effectiveness of communications | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and communications (f) Technical | Necessary for our legitimate interests or performance of a public task (to study how users interact with our services, to develop them, to grow Celtic Freeport’s impact locally, and to inform our communications strategy) |
| To use data analytics to improve our website, services, communications, and engagement | (a) Technical (b) Usage | Necessary for our legitimate interests (to understand user behaviour, maintain an up-to-date website, develop services, and inform our engagement strategy) |
| To make suggestions and recommendations to you about events, committees, consultations, or services that may be of interest | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and communications | Necessary for our legitimate interests (to develop our services, grow engagement, and improve stakeholder experience) or, where applicable, performance of a public task |
Disclosure of Data
We will only disclose your personal information to third parties in the following circumstances:
- Required by funders or government authorities – For example, we may share information with UK Government departments, Welsh Government, or other relevant bodies in relation to funding, reporting, or compliance for the Celtic Freeport.
- Business or operational needs – Where it is necessary to use third parties to process data on our behalf or to deliver projects in partnership with other organisations. In such cases, we will inform you and seek your consent where appropriate. If we anticipate such sharing, we will notify you at the point we collect your information.
- Legal obligations or protection of rights – Where we are under a duty to disclose personal data in order to comply with a legal obligation or to protect the rights, property, or safety of others. This may include exchanging information with other organisations for the purposes of fraud prevention, crime detection, or safeguarding.
In the event that we need to transfer personal information outside of the United Kingdom or European Economic Area (EEA), we will take all reasonable steps to ensure that appropriate safeguards are in place and that your information is processed securely in line with UK data protection law.
Data Retention
We will retain your personal information in line with the period specified at the time the data is collected and only for as long as it is necessary to fulfil the purposes for which it was collected. All data will be handled in accordance with the Celtic Freeport’s Data Retention and Destruction Policy, ensuring that information is securely deleted or anonymised when no longer required.
Marketing
The Celtic Freeport will only send you marketing emails if you have given your consent to sign up to a mailing list, newsletter, or distribution list.
We ensure that our marketing practices comply with data protection principles, and we will always ask you to provide a positive opt-in to receive marketing communications. This is entirely your choice.
The Celtic Freeport will only use your consented information for the specific purpose you signed up for, such as:
- Subscribing to a newsletter or specific updates
- Participating in a consultation or engagement exercise
- Signing up for a forum or event
- Receiving information regarding Committee or Partnership meetings
As part of our internal procedures to ensure information is current, we will regularly review our e-marketing mailing lists to confirm that you still wish to receive information from us. You may withdraw your consent at any time. Every marketing communication we send will include a clear and visible option to opt-out of our mailing lists.
If we make a mistake or your information changes
We aim to ensure that the personal information we hold is accurate and up to date. If any of your information is inaccurate, incomplete, or if we have made an error, it is important that you notify us.
Similarly, it is your responsibility to inform us of any changes to your personal information. Please do so at any time during your engagement with the Celtic Freeport by emailing our Data Protection Officer at: luciana.ciubotariu@celticfreeport.wales .
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information we hold about you. This enables you to have any incomplete or inaccurate information corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no lawful reason for us to continue processing it. You also have the right to request erasure where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example while we verify its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you wish to review, verify, correct, request erasure of your personal information, object to the processing of your data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer at: luciana.ciubotariu@celticfreeport.wales
No fee usually required
You will not have to pay a fee to access your personal information or to exercise any of your other data protection rights. However, we may charge a reasonable fee if your request for access is clearly unfounded, excessive, or repetitive. In such cases, we may alternatively refuse to comply with the request.
What we may need from you
To help us confirm your identity and ensure your right to access the information (or exercise any other rights), we may need to request specific information from you. This is a necessary security measure to ensure that personal information is not disclosed to anyone who does not have the right to receive it.
Right to withdraw consent
In the limited circumstances where you have provided your consent for the collection, processing, or sharing of your personal information for a specific purpose, you have the right to withdraw that consent at any time.
To withdraw your consent, please contact our Data Protection Officer at: luciana.ciubotariu@celticfreeport.wales
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we have another lawful basis for doing so under data protection law.
Other Information Rights
The Right to Complain
You have the right to lodge a complaint with the Supervisory Authority at any time if you believe the Celtic Freeport has not handled your personal information in accordance with data protection law.
You can make a complaint to the Information Commissioner’s Office (ICO) here: https://ico.org.uk/make-a-complaint/
Data Protection Officer
If you have any questions or concerns about this Privacy Policy or how your personal data is handled, please contact our Data Protection Officer at: luciana.ciubotariu@celticfreeport.wales
Changes to our Privacy Policy
We will review this Privacy Policy regularly to ensure that it remains up to date and relevant. Any changes will be posted on our website, and where appropriate, we will notify you by email or post.
Further Information
For further guidance, the Information Commissioner’s Office website provides more details regarding data protection principles and responsibilities: https://ico.org.uk
