Privacy & Cookies
How we use and store your information
When you supply any personal information to the National Park Authority we have some legal obligations in the way we deal with it.
We must collect the information fairly – for example, we must explain how we will use it, and we have to tell you if we want to pass the information on to anyone else. As long as we hold your information we will treat it in accordance with this statement and data protection law.
Why we collect and use your information
Broadly speaking, we hold individuals’ contact and other information in order to help us to achieve our key purposes of conservation and enhancement, as well as our socio-economic duty. There are also more specific reasons why we need to use your information, and these vary depending on the service or project in question.
We collect information from individuals in these categories, among others:
- Users of the planning service
- People who complain about enforcement matters, and people who own the relevant sites
- Other users of particular services, such as people interested in the work of the New Forest Land Advice Service, people complaining or asking for information, and those who subscribe to newsletters
- People who use our website (see ‘cookies’ section)
- Parish Councillors
- Job applicants, employees and Members
- People who work for other stakeholders in the New Forest who contact us, such as employees of the Forestry Commission or New Forest District Council
- People who use and respond to our social media pages and posts
- People we meet at our outreach events, including the work we do with schools, at the New Forest Show or in connection with particular projects
- People who fill in surveys and consultations.
You will see from this list that in some cases we need your contact information so that we can provide you with services or information that you have requested, such as planning applications or information requests. In some cases we might need some information that goes beyond your contact details – for example, if you are making a planning application we might need some information on how you use or intend to use your home. There may also be times we ask for this sort of information in a formal capacity – for example, during an enforcement investigation we might issue a Planning Contravention Notice. Where we need to use your information for reasons of this type (so that you can access a service or so that you can respond to an investigation), we will not ask you for consent to collect and use your information. This is because we have to use it in our capacity as the local planning authority or because we have another good reason why we need to use your information.
There may also be times that we do not actually need your contact information but we would like to use it in order to keep you informed about and/or invite you to participate in events and services that might interest you. Occasionally we would also like to collect information from you that goes beyond just your contact details – for example, your volunteering interests or your availability. In all these circumstances we will let you know that that is how your information will be used when we collect it from you, and we will usually ask you for your consent for this although there will be times when the law allows us to use your information without consent.
In both cases outlined above, you can ask us to stop holding and using your information and we will consider your request carefully and let you know what we decide. Unless there is a good reason why we need to continue using your information (for example, that you have recently made or responded to a planning application) we will immediately delete it from our database. You can ask us to amend or delete your information by contacting our Information and Data Protection Officer, Mrs Jo Murphy:
Information and Data Protection Officer
New Forest National Park Authority
Lymington Town Hall
T: 01590 646653
E: firstname.lastname@example.org or email@example.com
You also have the right to request a copy of the personal information that we hold about you, to ask us to amend it, or to ask us to restrict the ways in which we process it. If you have given your consent to our use of your information you can withdraw this at any time you like. If you would like to do so, or you require further guidance or information on any of your data protection rights, please contact the Information and Data Protection Officer.
You can find further information about some of your rights visit the Information Information Commissioner’s Office.
How we collect and hold your information
Information can be collected by way of the website, social media, through specific forms, at our offices, by phone or email, or at events.
We take your privacy very seriously. Your information will never be supplied to anyone outside the NPA without first obtaining your consent or letting you know as appropriate, unless we are obliged by law to disclose it, or it would otherwise be fair to do so and we are permitted by law to use it in this way. An example of when we might be legally obliged to disclose your data would be if the police ask to see some information to help them to solve a crime or to protect someone. An example of where it might otherwise be lawful for us to disclose your data would be if someone made a request for information under the Freedom of Information Act. In these circumstances we would carefully consider whether it would be appropriate and fair to disclose your data, including factors such as what we think you might expect us to do with your data and whether you have consented to its release.
If we would like to share your information with third parties for reasons such as that it would be useful to us or them – for example, sharing with other stakeholders on a joint project, or with planning consultants, or with bodies to which we might outsource types of administration such as payroll – we will always let you know, and we will usually ask you for your consent.
We are especially keen to ensure that children’s information, and the information of anyone with special circumstances, is processed safely. If you are aged 16 or under, please get your parent or guardian’s permission before you provide personal information to us. If for some reason you need to supply us with sensitive types of information – for example, relating to health, disability or politics – please clearly label your correspondence so that we can make sure we look after it properly.
Whatever your circumstances we will hold any personal information securely. We use Microsoft Office 365 servers which are in the Republic of Ireland. This means that your information is held outside the UK, but it is not accessible to anyone other than to our staff and Microsoft. For more information about cookies, which are processed by Google Analytics in the USA, please see the cookies section at the end of this policy.
We also share some information with our service providers, which includes other local authorities with which we have Service Level Agreements and other service providers, such as Campaign Monitor for our e-newsletter, but we will always let you know before we do this and obtain your consent if necessary.
We will hold your personal information on our systems for as long as you use the service you have requested or until any consents expire, as applicable, and we will remove it in the event that the purpose for collecting it has been met, unless we are required by law to retain it for a longer period. We regularly review the information we hold to make sure that it is still relevant, to ensure that we have a genuine reason to process it, and to review the impact on you of our use of your information. We have a records retention schedule and this also specifies how long certain types of personal information are generally kept.
We will not use your information for electronic marketing except in compliance with data protection law and the laws on electronic marketing. We will never sell your personal information to anyone. We don’t use automated decision making to determine whether or not to supply services or information to you. If we have collected and use your information for one particular purpose and later we would like to use it for a different one we will let you know, and we will ask you for your consent.
For more details on how we collect and hold your information, please contact the Information and Data Protection Officer.
The technical bit, and how to raise concerns
The EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 govern how we hold your information. Other relevant laws include the Freedom of Information Act, the Environmental Information Regulations and the laws on electronic marketing, all as updated from time to time. You can find out more about the legal basis we rely on to process your information (Article 6 of the GPDR) from the Information and Data Protection Officer.
The way that all organisations comply with these laws is overseen in the UK by the Information Commissioner’s Office (ICO). If you have any concerns about how we handle your information you can contact the ICO at: First Contact Team, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. You can also find further guidance on their website here: www.ico.org.uk.
Changes in the law mean that from 26 May 2011 we need your permission to save cookies on your machine.
Cookies are small files which are sent to your browser (for example Internet Explorer or Netscape) and stored on your computer’s hard disk. They only identify your computer and not you personally.
We are using Google Analytics to monitor our website and as a consequence information from cookies will be stored by Google on their systems in the USA.
Google Analytics web analytics cookies: These cookies are used to help record your use of this website. They are used to collect statistics about site usage such as when you last visited the site. This information is then used to improve the user experience on our website. The Google Analytics cookies contain randomly generated IDs used to recognise your browser when you read a page. The cookies contain no personal information and are used only for web analytics. The Google Analytics cookies are called _utma, _utmb, _umtc and _utmz. They will appear in the list of cookies under newforestnpa.gov.uk. _utma tracks whether you have visited the website before. It is set to expire 2 years after your last visit. _utmb establishes a ‘user session’ and tracks which pages you look at on this visit to the website. It is set to expire 30 minutes after your last visit. _utmc is connected with _utmb and expires when you closed your browser, rather than just visit another website. _utmz tracks whether you have come to the website from a search engine, another website or have typed the web address directly into your browser. It is set to expire six months after it was last set.
We are also using cookies on our interactive maps pages (such as my property and New Forest walks and cycle rides). These are used to store your postcode in order to provide more relevant information to you.
To delete cookies or reject cookies
If you do not want to receive cookies from this website, select cookie settings under the privacy settings in your browser options, then add our domain to the list of websites you do not want to accept cookies from. Under settings you can also delete individual cookies or any cookies that your browser has stored.
National Park Authority events booked through Eventbrite
This notice explains how we use any personal information we collect about you when you register to attend an event using Eventbrite.
Collection of information
We collect information about you when you register with Eventbrite to attend a National Park Authority (NPA) event. We will collect the minimum amount of information needed to administer your booking, which will typically include:
- Your name
- Contact details
- Accessibility information
How we will use your information
The data controller of the personal information you submit will be the NPA.
The information you provide will be used to process your booking. We will also use it to contact you via Eventbrite regarding your booking. We may also contact you to undertake post-event evaluation.
The lawful basis for our use of this information under the GDPR is Article 6(1)(f) where processing is necessary for the legitimate interests pursued by the controller, in this case the NPA’s legitimate interest in administering the event in a proper manner. If you are paying for an event, then processing your personal information is necessary for the performance of a contract to which you, the data subject, are party (Article 6(1)(b).
If the event is run by a third party, we may provide them with your booking details to enable them to lead the event. Your information will be held securely and will not be used for any other purposes. In the event of a serious incident we will if necessary pass your information to the emergency services and potentially to other bodies such as the Health and Safety Executive or our insurers.
Personal information provided for the purposes of booking to attend an event will be deleted within three months of the event.
We will seek your consent to provide you with further information about events and other services offered by the NPA.
Alternative booking process
If you wish to attend one of our events but do not wish to use Eventbrite to book a place, please contact the event organiser. Contact details for each event are provided on the event booking page.
Should you require further information about how your details will be used or stored and/or would like to access any information we hold about you, please contact our Information & Data Protection Officer.