Privacy policies

This privacy notice aims to give you information on how the Council collects and processes your personal data, including any data you may provide through this website for example when completing an online form.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. Many of the Council's departments have separate privacy notices which relate to the particular services they provide and their specific use of your data. These privacy notices are set out in the links below. This privacy notice supplements the other notices and is not intended to override them.


New Forest District Council is the data controller and responsible for your personal data collectively referred to as "the Council", "we", "us" or "our" in this privacy notice).

We have appointed a data protection officer (DPO)  who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO  using the details set out below.

Contact details

New Forest District Council

Email address:

Appletree Court. Beaulieu Road, Lyndhurst, Hampshire, SO43 7PA

For more information on Data Protection in general, or if you wish to make a complaint relating to how your personal data has been used, please contact the Information Commissioner Office:

0303 123 1113

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.


Cookies are small files that websites save to your computer. They are used to make the site work better for you, and to help the website owner understand how people use the website. These cookies aren't used to identify you personally but they can remember activities and preferences chosen by you and your browser. You can manage cookies by controlling which cookies are saved or by deleting them, if you wish (please see 'Managing your cookies' at the bottom of this page).

New Forest District Council has links to third party software providers that uses cookies to improve services for you through, for example enabling a service to recognise your device so you are not offered the same service more than intended, measuring how many people are using services, to improve service delivery, or analysing data to help understand how our online services are used so we can improve them.

We have links to social networking websites (eg Facebook and Twitter). These websites may place cookies on your computer.

For more information please see Bookmark and Share Toolbar Privacy and Data Practices .

To find out how to allow, block, delete and manage cookies, follow the link below and select the browser you are using. You can also read your browser's built-in or online help for more information.

How to control cookies

From time to time we may use third parties to survey our website to obtain feedback. It is possible that those third parties may use cookies.

You can delete your cookies at any time, but please be aware that some parts of our website may not work properly and your preferences may be lost.

You can read more about which cookies we use here.

External Links -Please note that this policy does not cover links to other websites


What kind of personal data do we process:

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you .
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version,.
  • Profile Data includes, your interests, preferences, feedback and survey responses. 
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We may also collect Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We may also process  information about criminal convictions and offences.

If you fail to provide personal data

Where we need to collect personal data by law, based on public interest or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to  help you further. 

How we use your data

We will often need your personal information to:-

  • comply with legal obligations which the Council is subject to;
  • deliver services and support to you;
  • respond to requests from you;
  • manage those services we provide to you;
  • train and manage the employment of our workers who deliver those services;
  • help investigate any worries or complaints you have about your services;
  • keep track of spending on services;
  • check the quality of services; and
  • to help with research and planning of new services.

Legal basis for using your personal data

Each of the privacy notices from the links below explain for each department which legal reason is being used.

Generally the legal basis for processing your information is where: -

  • you, have given consent
  • you have entered into a contract with us
  • it is necessary to perform our statutory duties
  • it is necessary to protect someone in an emergency
  • it is required by law
  • it is necessary for employment purposes
  • it is necessary for the establishment, exercise, or defence of legal claims
  • you have made your information publicly available
  • it is to the benefit of society as a whole
  • it is necessary to protect public health
  • it is necessary for archiving, research, or statistical purposes
  • it is in the public interest to do so
  • legitimate purpose
  • It amounts to a substantial public interest
  • It concerns social security law or employment law

Please note where we are relying on consent to process your personal data, you have the right to withdraw this consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

How we store your data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

When and why we share your information

We may need to share your information within the Council between departments and with external agencies such as other public bodies and companies that carry out activities on the Councils behalf. Each of the privacy notices from the links below explain for each department who your information may be shared with and the reasons why. 

We may also share your personal information when we feel there's a good reason that's more important than protecting your privacy.

In order to find and stop crime and fraud; or if there are serious risks to the public, our staff or to

  • other professionals;
  • to protect a child; or
  • to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them.

For all of these reasons the risk must be serious before we can override your right to privacy.

If we're worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we'll discuss this with you and, if possible, get your permission to tell others about your situation before doing so.

We may still share your information if we believe the risk to others is serious enough to do so. 

There may also be rare occasions when the risk to others is so great that we need to share information straight away. If this is the case, we'll make sure that we record what information we share and our reasons for doing so. We'll let you know what we've done and why if we think it is safe to do so.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

This authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office's National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned.

Data matching by the Cabinet Office is subject to a Code of Practice.

View further information on the Cabinet Office's legal powers and the reasons why it matches particular information.

International transfers

Where personal data is to be transferred to a country or territory outside the European Economic Area, measures will be taken to ensure that an adequate level of protection for the rights and freedoms of data subjects is in place in relation to the processing of personal data.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

The Council will hold your personal data based on the following criteria.

  • For as long as we have reasonable business needs;
  • For as long as we provide goods and /or services to you and then for as long as someone could bring a legal claim against the Council;
  • Retention periods in line with legal and regulatory requirements or guidance

Where your personal data is included within Council, Cabinet or Committee documentation this will be retained in perpetuity.  

Each of the privacy notices from the links below explain for each department the relevant retention period that is used.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the following rights:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact the DPO at

For more information regarding the rights set out above, please refer to the Council's Information Rights Policy

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may refuse to comply with your request if your request is clearly unfounded, repetitive or excessive.

Law Enforcement Privacy Notice


  • Purpose and legal basis for processing
  • What we need
  • Why we need it
  • What we do with it
  • How long we keep it
  • What are your rights?
  • Do we use any data processors?

Purpose and legal basis for processing

Our purpose is to investigate and take regulatory action in line with our statutory duties.

We rely on Schedule 8 1(a) and (b) of the Data Protection Act 2018 to process your personal data.  This relates to processing 'necessary for the exercise of a function conferred on a person by an enactment or rule of law, and is necessary for reasons of substantial public interest'. This is part of our regulatory function.

What we need

When we investigate an alleged criminal offence, we'll compile information and evidence about it.

Why we need it

In our role as a local authority, we need to establish whether the legislation we oversee has been breached, so that we can take legal action if appropriate. So we'll gather relevant information about you to do this.

What we do with it

We will only use your personal information to see whether the legislation has been breached, and for prosecution purposes if we have evidence of a breach.

In some circumstances we may share your personal information with law enforcement and other agencies during an investigation.

If we proceed to take legal action, we'll share this information with our legal counsel, the courts and any co-defendants and their legal representatives.

When we take enforcement action against someone, we may publish the defendant's identity in the media. Usually we do not identify any complainants unless the details have already been made public.

How long we keep it

We will normally keep your data for 6 years.

What are your rights?

Personal data about criminal convictions and offences falls under Part 3 of the Data Protection Act 2018 for 'law enforcement purposes'. There are specific rights for this type of personal data.

The law enforcement purposes are stated in the legislation as 'the purposes for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.'

You have a right to access your personal data held by or for us. You also have a right to get inaccurate data rectified and incomplete data completed, and for your personal data to be erased in certain circumstances.

Do we use any data processors?

Yes - we may use external legal counsel for court proceedings

Share this page

Share on Facebook Share on Twitter Share by email


Print this page