This privacy notice aims to give you information on how the Council collects and processes your personal data, including any data you may provide through this website for example when completing an online form.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. Many of the Council's departments have separate privacy notices which relate to the particular services they provide and their specific use of your data. These privacy notices are set out in the links below. This privacy notice supplements the other notices and is not intended to override them.
New Forest District Council is the data controller and responsible for your personal data collectively referred to as "the Council", "we", "us" or "our" in this privacy notice).
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
New Forest District Council
Email address: email@example.com
Appletree Court. Beaulieu Road, Lyndhurst, Hampshire, SO43 7PA
For more information on Data Protection in general, or if you wish to make a complaint relating to how your personal data has been used, please contact the Information Commissioner Office:
0303 123 1113
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
This website may include links to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Cookies are small files that websites save to your computer. They are used to make the site work better for you, and to help the website owner understand how people use the website. These cookies aren't used to identify you personally but they can remember activities and preferences chosen by you and your browser. You can manage cookies by controlling which cookies are saved or by deleting them, if you wish (please see 'Managing your cookies' at the bottom of this page).
We have links to social networking websites (eg Facebook and Twitter). These websites may place cookies on your computer.
For more information please see Bookmark and Share Toolbar Privacy and Data Practices .
To find out how to allow, block, delete and manage cookies, follow the link below and select the browser you are using. You can also read your browser's built-in or online help for more information.
You can delete your cookies at any time, but please be aware that some parts of our website may not work properly and your preferences may be lost.
You can read more about which cookies we use here.
External Links -Please note that this policy does not cover links to other websites
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
We may also collect Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We may also process information about criminal convictions and offences.
Where we need to collect personal data by law, based on public interest or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to help you further.
We will often need your personal information to:-
Each of the privacy notices from the links below explain for each department which legal reason is being used.
Generally the legal basis for processing your information is where: -
Please note where we are relying on consent to process your personal data, you have the right to withdraw this consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We may need to share your information within the Council between departments and with external agencies such as other public bodies and companies that carry out activities on the Councils behalf. Each of the privacy notices from the links below explain for each department who your information may be shared with and the reasons why.
We may also share your personal information when we feel there's a good reason that's more important than protecting your privacy.
In order to find and stop crime and fraud; or if there are serious risks to the public, our staff or to
For all of these reasons the risk must be serious before we can override your right to privacy.
If we're worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we'll discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away. If this is the case, we'll make sure that we record what information we share and our reasons for doing so. We'll let you know what we've done and why if we think it is safe to do so.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
This authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.
The Cabinet Office is responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
We participate in the Cabinet Office's National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned.
Data matching by the Cabinet Office is subject to a Code of Practice.
View further information on the Cabinet Office's legal powers and the reasons why it matches particular information.
Where personal data is to be transferred to a country or territory outside the European Economic Area, measures will be taken to ensure that an adequate level of protection for the rights and freedoms of data subjects is in place in relation to the processing of personal data.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
The Council will hold your personal data based on the following criteria.
Where your personal data is included within Council, Cabinet or Committee documentation this will be retained in perpetuity.
Each of the privacy notices from the links below explain for each department the relevant retention period that is used.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the following rights:
If you wish to exercise any of the rights set out above, please contact the DPO at firstname.lastname@example.org.
For more information regarding the rights set out above, please refer to the Council's Information Rights Policy http://www.newforest.gov.uk/article/18215/GDPR.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may refuse to comply with your request if your request is clearly unfounded, repetitive or excessive.
Purpose and legal basis for processing
Our purpose is to investigate and take regulatory action in line with our statutory duties.
We rely on Schedule 8 1(a) and (b) of the Data Protection Act 2018 to process your personal data. This relates to processing 'necessary for the exercise of a function conferred on a person by an enactment or rule of law, and is necessary for reasons of substantial public interest'. This is part of our regulatory function.
What we need
When we investigate an alleged criminal offence, we'll compile information and evidence about it.
Why we need it
In our role as a local authority, we need to establish whether the legislation we oversee has been breached, so that we can take legal action if appropriate. So we'll gather relevant information about you to do this.
What we do with it
We will only use your personal information to see whether the legislation has been breached, and for prosecution purposes if we have evidence of a breach.
In some circumstances we may share your personal information with law enforcement and other agencies during an investigation.
If we proceed to take legal action, we'll share this information with our legal counsel, the courts and any co-defendants and their legal representatives.
When we take enforcement action against someone, we may publish the defendant's identity in the media. Usually we do not identify any complainants unless the details have already been made public.
How long we keep it
We will normally keep your data for 6 years.
What are your rights?
Personal data about criminal convictions and offences falls under Part 3 of the Data Protection Act 2018 for 'law enforcement purposes'. There are specific rights for this type of personal data.
The law enforcement purposes are stated in the legislation as 'the purposes for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.'
You have a right to access your personal data held by or for us. You also have a right to get inaccurate data rectified and incomplete data completed, and for your personal data to be erased in certain circumstances.
Do we use any data processors?
Yes - we may use external legal counsel for court proceedings