PN148 - UK Shared Prosperity Fund Privacy Notice

Torfaen County Borough Council is committed to protecting your privacy when you use our services. This Privacy Notice is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards in place to protect it.

TCBC Service Area: Economy & Environment
Work area: European Policy & External Funding
Contact Details:
Privacy Notice Name: UK Shared Prosperity Fund

Data Controller: Torfaen County Borough Council, c/o Civic Centre, Pontypool, NP4 6YB

If you wish to raise a concern about the handling of your personal data, please contact the Data Protection Officer on 01495 762200 or email

This privacy notice is intended to provide information about how Torfaen County Borough Council (referred to as ‘TCBC’, ‘Council’, ‘Local Authority’, ‘we’) will use (or ‘process’) personal data about individuals for the purpose of being the SPF Programme Lead for the local Authority allocation of the UK Shared Prosperity Fund (UKSPF).

Whilst we have tried to make this privacy notice as clear and concise as possible, the categories of personal data we process may vary depending on monitoring guidance from UK Government.

This notice should be read in conjunction with:

  • The Council’s corporate privacy notice
  • UK Shared Prosperity Fund (

Who provides your data to the Council?

The personal information we process is provided to us directly by you as an essential part of the UK Shared Prosperity Funds project delivery, so that we can contact you regarding your project and for monitoring purposes. We may also use it to contact you about matters specific to the Fund.

How does the Council collect this information?

  • By telephone call
  • By email
  • By letter
  • By personal visit to the Civic Centre
  • By social media
  • By electronic application forms

What information does the Council collect about you?

We may process personal data relating to the following as the Torfaen CBC Programme Lead body for the Torfaen Local Investment Plan under the UKSPF

a. Beneficiaries of the Shared Prosperity funds. (Individual/Business/Staff)

We may process the following categories of personal data:


b. Contact information, including name, address, telephone numbers and email address

c. Identifying details, including date of birth, national insurance number and payroll number

d. Payroll financial data

e. Individual personal circumstances including employment experience and educational attainment.


f. Companies House registration number

g. Employees Name, telephone number and email address

h. Payroll Financial Data i. Bank account details

Why does the Council process your personal data?

Under Article 6 of the UK General Data Protection Regulation (GDPR), the lawful basis we rely on for processing this information is:

(e) We need it to perform a public task.

Special categories of personal data

We collect the following special category data:

  • personal data revealing racial or ethnic origin
  • data concerning health

We collect this under Article 9 of the UK GDPR.

Where we collect criminal data, this is processed within the Council under Article 10 of the UK GDPR.

Who has access to your data?

Your data is shared internally only with the appropriate staff where it is necessary for the performance of their roles.

We may share the personal data with the following key organisations to fulfil the Councils obligations as lead authority for the UKSPF.

When sharing the personal data, we only share the minimum amount necessary in relation to the purpose.

Who has access to your data?

Lead Authority - Rhondda Cynon Taf County Borough Council

Monitoring and Evaluation purposes

UK Government - Department for Levelling Up, Housing and Communities

Monitoring and Evaluation purposes

Other Council departments - Finance

To issue UKSPF grant payments

Apart from where previously stated, we do not pass your details to third parties unless we are lawfully required do so.

Is the Data transferred out of the UK?


How does the Council keep your data secure?

The Council has internal policies in place to ensure the data it processes is not lost, accidentally destroyed, misused or disclosed. Access to this data is restricted in accordance with the Council’s internal policies and in compliance with the UK GDPR.

  • Your personal data will be stored on a secure IT system.

Where the Council engages third parties to process personal data on its behalf, they do so on the basis of written instructions. These third parties are also under a duty of confidentiality and are obliged to implement appropriate measures to ensure the security of data.

How long does the Council keep your data?

The Council will hold your personal data only for the period that is necessary and will follow organisational and Local Authority standards in this area. At the end of the retention period the Council will securely destroy or dispose of the data in line with retention schedules.

We retain the personal data contained within UKSPF Investment Plan records for:

  • Up to 7 years from the point Investment Plans are approved. This is anticipated to be January 2030

Reason - Requirement set out by the Department for Levelling Up, Housing and Communities. 

In keeping with the General Data Protection Regulation storage limitation principle, records are periodically reviewed. Not all personal data is retained. Only personal data that is relevant to the record is retained for the entire retention period. Information that has no long term or evidential value is routinely destroyed in the normal course of business. 

Are we making automated decisions/profiling with your data?


Your rights

You have a number of Rights you can exercise:

  • Access - to obtain a copy of your data on request
  • Rectification – to require the Council to change incorrect or incomplete data
  • Object, Restrict or Delete - under certain circumstances you can require the Council to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
  • Data portability – to receive and/or transmit data provided to the Council to other organisations (this applies in limited circumstances)
  • Withdraw your consent at any time (where consent has been given)
  • To know the consequences of failing to provide data to the Council
  • To know the existence of any Automated Decision-making, including profiling, and the consequences of this for you.
  • To lodge a complaint with a supervisory authority (Information Commissioners Office)

If you would like to exercise any of these rights, please contact: Rob Wellington, Head of European Policy & External Funding on

The Information Commissioner can be contacted at: The Information Commissioner’s Office (Wales), 2nd Floor, Churchill House, Churchill Way, Cardiff, CF10 2HH. Telephone 0330 414 6421 or e-mail

Last Modified: 17/07/2023 Back to top