PN015 - Event Safety Advisory Group Privacy Notice

Torfaen County Borough Council is committed to protecting your privacy when you use our services. This Privacy Notice is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards in place to protect it.

TCBC Service Area: Public Services Support Unit (PSSU)
Work area: Civil Contingencies
Contact Details:,
Privacy Notice Name: Event Safety Advisory Group

Data Controller: Torfaen County Borough Council, c/o Civic Centre, Pontypool, NP4 6YB

If you wish to raise a concern about the handling of your personal data, please contact the Data Protection Officer on 01495 762200 or email

This Privacy Notice sets out how information is collected, processed and shared by the Torfaen Event Safety Advisory Group (ESAG)

Who provides your data to the Council?

The personal information we process is provided to us directly by you for the purposes of the Event Safety Advisory Group (ESAG) being able to provide you with event safety advice and guidance. 


We receive personal information indirectly from other Council Service Areas (Streetscene, Asset Management, Highways, H&S, Licensing, Public Protection). This is collected to ensure that Torfaen ESAG can engage with & provide appropriate event safety advice and guidance to the event organiser. 

Information may also be passed on indirectly by Multi-Agency Partners when they are made aware of events taking place. 

How does the Council collect this information?

  • Receipt of ESAG Event Notification form (E-Form or Manually completed and sent to
  • Initial event enquiries received from the event organiser by email or telephone
  • Event documentation supplied with the Event Notification form or emailed directly to
  • Information supplied by other Service Area or ESAG Partner Organisation

What information does the Council collect about you?

The Torfaen Event Safety Advisory Group Chair/Co-ordinator collects:

  • Event Organiser contact details such as name, address, telephone number, and email addresses
  • Event documentation including event safety plans, contacts, risk assessments, site information, safety & insurance certificates, and licensing information   
  • Previous involvement with running events including any feedback provided following previous events.  

Why does the Council process your personal data?

Under Article 6 of the UK General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

(e) We need it to perform a public task.

Special categories of personal data

We do not collect any special category or criminal data.

Who has access to your data?

Your data is shared internally only with the appropriate staff where it is necessary for the performance of their roles.

Your data may also be shared externally with organisations to ensure that partners are aware and have access to event documentation for upcoming events and they can provide you with any specific event safety advice & guidance.  These may include, but not be limited to:

  • Heddlu Gwent Police
  • South Wales Fire & Rescue Service
  • Welsh Ambulance NHS Trust

Apart from where previously stated, we do not pass your details to third parties unless we are lawfully required do so.

Is the Data transferred out of the UK?


How does the Council keep your data secure?

The Council has internal policies in place to ensure the data it processes is not lost, accidentally destroyed, misused or disclosed. Access to this data is restricted in accordance with the Council’s internal policies and in compliance with the UK GDPR.

Data will be stored securely in:

  • Database of upcoming events on secure network drive
  • Resilience Direct Portal
  • Microsoft Outlook

How long does the Council keep your data?

The Council will hold your personal data only for the period that is necessary and will follow organisational and Local Authority standards in this area. At the end of the retention period the Council will securely destroy or dispose of the data in line with retention schedules.

  • This will be 3 years for most activities but event feedback, for example, may be kept longer

Are we making automated decisions/profiling with your data?


Your rights

You have a number of Rights you can exercise:

  • Access - to obtain a copy of your data on request
  • Rectification – to require the Council to change incorrect or incomplete data
  • Object, Restrict or Delete - under certain circumstances you can require the Council to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
  • Data portability – to receive and/or transmit data provided to the Council to other organisations (this applies in limited circumstances)
  • Withdraw your consent at any time (where consent has been given)
  • To know the consequences of failing to provide data to the Council
  • To know the existence of any Automated Decision-making, including profiling, and the consequences of this for you.
  • To lodge a complaint with a supervisory authority (Information Commissioners Office)

If you would like to exercise any of these rights, please contact: Torfaen Event Safety Advisory Group, Civic Centre, Pontypool, NP4 6YB -

The Information Commissioner can be contacted at: The Information Commissioner’s Office (Wales), 2nd Floor, Churchill House, Churchill Way, Cardiff, CF10 2HH. Telephone 0330 414 6421 or e-mail

Last Modified: 17/07/2023 Back to top