On the very same day that I received the letter, banning me from the Entire estate, I immediately wrote to the Gwrych castle preservation trust asking them to provide me with all the information they held about me (a subject access request). I had a legal right to obtain such information under the GDPR, they had a legal obligation to provide all the information that they held, that identifies me as a living person, The letter I had received written on behalf of the trust implied this organisation had quite a bit of information about me. When a person submits a subject access request, the information commissioner’s states that a response should be received without undue delay.
A quick recap, Nicola writes on behalf of the trust. and the trust has made allegations against me such as stating that I had verbally abused multiple staff. I’m assured that the site employs the use of CCTV, and any allegations of mistreatment could be backed up with physical evidence rather than unfounded accusations.
My subject access request to the trust
14.07.20
“Thanks for your response to my enquires, I will consider today to be, day one for the purposes of this subject access request. I am formally requesting that you supply me all details that you hold regarding me, including, notes, comments about me that you have recorded, video footage, audio footage, comments made about me by other members of staff that you have recorded. Comments that you have made to others and recorded, witness statements. I look forward to receiving all this information within the 30 day timescale. I will respond to your email wholly in time. I will be making checks with the ICO to ensure you have followed all the pertenant laws etc. Please let me know the locations of your signage that tells me that you are recording. Please supply me with the name of your data protection officer also the name of your camera operator and the relevant SIA licence no. I want to see all your policies relating to information retention. Do the people who operate the CCTV understand the retention policy and do they have literature available for viewing.
Please do not try to pass this request off, you have to follow the law even as a charity when data protection and GDPR are involved
You are making false accusations about me and I will not stand by while my name is tarnished for the simple asking of questions. I believe is in the public interest.
I feel insulted that you have taken this approach, and have seen your organisation in another light to the high esteem with which I held it earlier. I am particularly aggrieved at the continued reference to the use of the police a public service for all. For your information, all alleged trespass would be a civil matter. Regards Michael”
Understanding that the trust should respond without undue delay I was expecting to hear from the trust sooner than I did. At this time the organisation should have been registered with the information commissioner’s office, unfortunately not. (Let that sink in, they were not even registered with the ICO) The trust decided to respond 28 Days later, It was quite a stressful time waiting for the trust to respond, I was sure there was a mistake, I wanted to understand where the allegations had come from, and to have a opportunity to view the recordings and any other information held about me.
The responce to my subject access requet
10.08.2020
Mr O’Hanlon
In response to your Subject Access Request made on the 17th July 2020, we have reviewed its contents with the Information Commissioner’s Office.
They advise that most of the information requested can be found in the privacy policy on our website: https://www.gwrychcastle.co.uk/privacy-policy/
The outstanding items for the SAR are as follows:
What personal information the organisation holds about you;
Name: Mike O’Hanlon
Email: mikexxxxxxxxxxxxxxg.co.uk
Where they got your data from:
Name and email address upon receipt of your email to the Trust via our website (www.gwrychcastle.co.uk)
Regards
Nicola
Resilient Heritage Project Manager
Gwrych Castle Preservation Trust
So it seems this organisation has no evidence of mistreatment yet is happy to make accusations, happy to record personal data of thousands of people without registering with the ICO, as they should have. The same organisation that tells us there are no public rights of way through the grounds, whilst still unable to provide a map
One of the GDPR breaches
Then I received the phone call from a police officer, I understand the officer wanted to let me know that if a complaint was made about me being on the site, there maybe a public order offence to answer to. I explained to the police officer that evidence of such offence would be required. The officer was able to let me know that Nichola had said she would respond to my letter. The officer was able to tell me all about the processes of the modification order. Was I being warned not to attend the site by a police officer?
I was not happy with the response I’d received from the trust I wrote to the trust again.
“The context of this email is time sensitive I suggest someone else responds if Nicola is not available.
Nicola, Thank you for responding to the SAR, sent to you on 14.07.20, just to clarify, in your reply you suggested that you are responding to a request sent on the 17th of July. That is incorrect. I’m disappointed that it has taken this long to receive your response, especially as you claim to have very little (in terms of my personal data), waiting has caused me quite a bit of distress, do you have an explanation as to why I have had to wait 28 days for you to provide my name and email address. Whilst I understand from your response to the SAR, you feel that you have supplied all the data you hold, you mention reviewing my SAR with the ICO, this may suggest to me that you are compliant. When in fact you’re probably not and have never been. I do not feel that you have responded adequately to my subject access request. I am not satisfied with your response, I will embolden to make it easy for you.
I am formally requesting that you supply me all details that you hold regarding me,
This will include emails, to and from, everything that you have that identity’s me as a living person.
I do have a right to know the name of the data controller/officer for your organisation, I would like this please. I will presume that you are the data controller unless you tell me otherwise.
Comments that you have made to others and recorded.
I have reason to believe that you recently shared the context of the above mentioned email with PC XXXX from North Wales Police. I believe this to be in breach of the DPA, also, the HRA. Article 8 of the Convention, which gives everyone the right to respect for his private and family life, his home and his correspondence.
Can you please explain what arrangement you had with North Wales Police when you disclosed my personal details.
The discussion, about myself, you had with PC XXXX will have been recorded and documented as per the DPA, I would like to know the lawful reason for sharing my personal data, I would like a copy of both records please.
Including, notes, comments about me that you have recorded,comments made about me by other members of staff that you have recorded.
There must be some records as to what had been said and the reason for the 12 month ban, am I to understand that you have no record of the ban or of the decision made to ban me. You have mentioned multiple members of staff, these would be comments about me made by others. I do understand though, that you do not need a reason to ban me from the site according to PC XXXX. This is your prerogative. However I will not have my name besmirched by any person or organisation, I will not let this go.
In your email of 14.07.20 I understand you were writing on behalf of the Gwrych Castle Preservation Trust , it implied that you had evidence of mistreatment by myself.
Whilst I appreciate that you do not disclose your surname in correspondence, I now understand you to be Nicola Borzykowski, author of the emails to me, banning me, the disappointing response to my SAR, also the author of the defamatory comments made on a public forum, such as the implication that I have caused criminal damage, the comments that imply that I’m a scammer. And also the speaker of the comments made to a NWP officer.
So far as an organisation you have demonstrated appalling unprofessionalism. I understand that it is your choice to continue in this vain, I do not expect any better now.
I would like an adequate response to this email by this Wednesday at 5pm. Although I do not expect a response from you, notwithstanding the fact you told PC XXXX you would respond to my correspondence. And therefore you leave me with little choice
I give you notice that I will be pursuing a complaint directly with the ICO, making them fully aware of your non compliance prior to my initial request (when you registered your organisation with the ICO) and with particular attention to your organisation’s repeated obstructive behaviour in withholding information held about me. The sharing of my personal data with NWP, if you choose not to explain the circumstances , again, that’s fine I will ask the same questions directly to NWP.
I understand Mark is a member of Conwy Council, Speaking for heritage. (always cc in my correspondence to you, gwrych@gmail.com) as per my email of the 13.7 forwarded to Mark from ATC. “Mark told the employee to call the police, I wasn’t being rude or aggressive. (Mark seemed very keen for the employee to call the police)” I consider this to be an abuse of his position.Is this how I should expect a county councillor to behave.
I will presume that the trust does not have a code of conduct, that’s quite interesting, I’ve been having a look at the ccbc constitution and in particularly the model code of conduct for council members.
I intend to write to my council representative about my treatment in this matter, the apparent abuse of position within ccbc. It may arrive on Mark’s desk. I expect to receive a professional response.
I will be writing letters to a number of other organisations, explaining my position and my treatment for daring to question one of your policies, also, thinking about the funding for the administrator and the lack of compliance.
I look forward to hearing back from you soon.
Michael O’Hanlon
This was the time that the ITV investment was announced and after careful consideration I stepped back a little from the argument, and unfortunately this would be my last correspondence with the trust, they refused to respond or even acknowledge the letter I chased this up with a phone call explaining they should be compliant with GDPR and register with the ICO, and requested that they send the information I asked for.
The next I hear of this matter is on social media where people such as Bev Baker, Tracy Brennan (A local councillor) and Gaz g clubman, among some other fake profiles, they make reference to a female staff member having asked me to refrain from attending the site. How strange, there is no reference to this on my subject access request, but people associated with the trust are spreading these malicious rumours. This has caused me to publish everything for transparency.
Unfortunately, this is simply a civil dispute regarding access to the woodlands, (the woodlands not the castle) a civil dispute that shouldn’t be occurring with a charitable trust that has been able to purchase the castle and grounds on behalf of the nation, The utter rubbish they have come out with for the last 12 months regarding reasons for closing the paths, its unacceptable to any reasonable person.
Part Three coming soon, containing the offending social media posts, and more.
I am very sorry to hear of your experiences. That a charitable organisation should behave this way is disgraceful. Their response to a request for information or the resolution of any disputes is consistently threatening. You are not alone others suffer the same experiences.
These disputes could be resolved amicably with engagement and discussion with the local community. The charitable trust seem hell bent on causing conflict and division.