PN073 - Economy and Digital Enterprise Privacy Notice

TCBC Service Area: Neighbourhoods, Planning and Public Protection
Work area: Economy and Digital Enterprise
Contact Details: Gaynor Wakeling
Privacy Notice Name: Tenants and past tenants at Springboard Business Innovation Centre

Data Controller: Torfaen County Borough Council, c/o Civic Centre, Pontypool, NP4 6YB

If you wish to raise a concern about the handling of your personal data, please contact the Data Protection Officer on 01495 762200 or email

Have we sourced your personal data, directly from you?


What information does the Council collect about you?

The Council collects and processes a range of information about you.

This includes

  • Name
  • Address
  • Email Address
  • Telephone Number
  • Financial Information (Company)

The Council may collect this information in a variety of ways:

  • Application forms
  • Business Plan

We will store your data:

  • In secure paper filing systems
  • Electronic Files

Why does the Council process your personal data?


This applies where you have asked to be on mailing or waiting list for availability of property or have made an enquiry pertaining to Council land and buildings.

To meet contractual obligations entered into by the data subject

This applies where we have entered into a legal agreement pertaining to a sale of land or buildings, and lease or licence for the occupation of land or buildings.

Special categories of personal data:


Who has access to your data?

Your information may be shared internally with:

  • TCBC Revenues and Benefits Service – for billing purposes and/or detection crime
  • TCBC Legal Department of the Council if instructed to act for the Council on property transaction
  • TCBC Internal audit – detection of crime
  • TCBC Property Services – name and contact information to arrange repairs

The Council shares your data with third parties because:

  • External solicitors if instructed to act for the Council on a property transaction;
  • Detection of crime

Is the Data transferred out of the EEA?


How does the Council protect data?

The Council has internal policies in place to ensure the security of the data it processes is not lost, accidentally destroyed, misused or disclosed. Furthermore data is not accessed by employees except in the performance of their duties.

Where the Council engages third parties to process personal data on its behalf, they do so on the basis of written instructions. These third parties are also under a duty of confidentiality and are obliged to implement appropriate measures to ensure the security of data.

How long does the Council keep your data?

The Council will hold your personal data only for the period that is necessary and will follow organisational and Local Authority standards in this area. We will keep your information in line with our Local Authority retention schedules.

Are we making automated decisions/profiling with your data?


Your rights

You have a number of rights you can exercise:

  • access and obtain a copy of your data on request
  • require the Council to change incorrect or incomplete data
  • under certain circumstances you can require the Council to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
  • to know the period of time that the data will be stored for
  • the right to data portability
  • the right to withdraw your consent at any time
  • the right to lodge a complaint with a supervisory authority (Information Commissioners Office)
  • the consequences of if you fail to provide data to the Council
  • the existence of and automated decision-making, including profiling and the consequences of this for you.

If you would like to exercise any of these rights, please contact

Last Modified: 17/07/2023 Back to top