Skip to main content

We use JavaScript to set most of our cookies. Unfortunately JavaScript is not running on your browser, so you cannot change your settings using this page. To control your cookie settings using this page try turning on JavaScript in your browser.

About cookies

We've saved some files called cookies on your device. These cookies are:

  • essential for the site work
  • to help improve our website by collecting and reporting information on how you use it

We would also like to save some cookies to help:

  • improve our website by measuring website usage
  • remember your settings
Change cookie settings

You've accepted all cookies for this website. You can change your cookie preferences at any time.

Privacy Notice (complaints advocacy clients)

The Citizen Voice Body for health and social care (referred to in this notice as “Llais” “we”, “us” or “our”) treat privacy and confidentiality very seriously. We comply with all aspects of the UK’s data protection legislative framework, which includes the UK General Data Protection Regulation and the Data Protection Act 2018.


This is a summary privacy notice that gives you key information about how we use your personal information. For more information, please refer to our primary privacy notice or request a copy from our Data Protection Officer (DPO). 

This summary privacy notice applies to complaints advocacy clients, and the people that represent or accompany them, where data is held and processed by Llais for certain purposes in connection with providing a complaints advocacy service.

Data Controller and Data Protection Officer

Your information will be held by Llais as Data Controller.

Why do we collect and use your personal information

The primary reason that Llais collects and uses your personal data is in connection with the provision of advocacy services to you. 

Specifically, our statutory functions/tasks include public engagement, representation and complaints advocacy. We also have legislative duties relevant to the conduct of these functions/tasks, including promoting Llais activities, etc) and we may process your information in the course of exercising these tasks/functions. 

We may also process your information in the course of putting you in touch with the appropriate person for advice, or in the course of dealing with any complaints you may have about the advocacy service provided by us. It is lawful for us to do this because it is necessary to collect and use your personal data in order to fulfil a public task/function. For more information about specific lawful basis for collecting and using your personal data please refer to our primary privacy notice.

In the course of carrying out our functions, we are likely to learn information about you. You may tell us most of this yourself, but we will also generate some of it and we will receive information about you from others involved in your matter. We may also supplement the information we have from publicly available sources. It is possible that this will involve personal information that falls into one of the special categories recognised in the data protection legislation. It is lawful for us to do this where it is necessary, for example, for reasons of substantial public interest, health, social care or public health reasons or, the establishment, exercise or defence of a legal claim or you consent by giving us the information voluntarily. For more information about the sources of information please see our primary privacy policy

Sharing your personal data

We share your personal data with third parties in order to carry out the public tasks/ functions listed above. In particular we may share your information with the Public Services Ombudsman for Wales. We may also share your information with Local Health Boards, Local Authorities, NHS Trusts, general practitioners or other healthcare or social care providers who provided treatment to you, but only to the extent that this is necessary for the provision of the complaints advocacy service to you.

Your personal data may also be shared with other third parties such as:

  • Welsh Government 
  • our insurers 
  • professional advisers 
  • third parties who supply goods and services to us, in order to allow us comply with our reporting and legal requirements and to enable us to run our organisation effectively
  • third parties engaged in the course of services we provide to advocacy clients such as social services or the police

We do not sell, rent or otherwise make personal information commercially available to any third party.

Personal information you share with us

The law allows us to collect and use personal information about others in the course of providing you with advocacy services. If you wish to give us personal information about another person, please speak to us to ensure that you are legally entitled to give us the information and for advice on whether you need to inform that person. 

For more details on the categories of personal information that we hold, please see our primary privacy notice

How long do we keep personal information

Our policy is to not hold personal information for longer than is necessary. We have established data retention timelines for all of the personal information that we hold based on why we need the information and captured this in our Data Retention Policy. This policy is available on our website – delete or destroy personal information securely in accordance with the Data Retention Policy.

On the completion of your case, we will generally keep the personal information relevant to it for a period of six years from closure, although there may be a different retention period for some of your information and if so, this will be specified in our Data Retention Policy.


We are strongly committed to information security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us including the use of encryption. We have Cyber Essentials Plus certification.

If you wish to discuss the security of your information please contact us

Privacy Rights

Individuals have a number of rights under the data protection legislation. Our full Privacy Notice contains full details of all of the rights, although please be aware that not all of the rights will apply to you.

To find out more about your individual rights please see our primary privacy notice

How to Complain 

Please let us know if you are unhappy with how we have used your personal information. 

To notify us of a concern please contact our DPO, the Strategic Director of Operations and Corporate Services. You can do this by letter, telephone or email using the contact details listed below: 

Postal address: 33-35 Cathedral Road Cardiff CF11 9HB 
Telephone: 02920 235558 
Email: [email protected] 

You also have the right to complain to the Information Commissioner’s Office. Find out on their website ( how to report a concern. The contact details are: 

Postal address: Information Commissioner’s Office – Wales, 2nd floor, Churchill House, Churchill Way, Cardiff, CF10 2HH. 
Telephone: 0330 414 6421.
Email: [email protected]

Privacy Notice (complaints advocacy clients)

PDF 136.99 KB
This file may not be accessible. Request a different format