Privacy

Introduction

Northumberland National Park Authority is committed to ensuring the privacy of and respecting the rights of individuals. We are registered as a ‘Data Controller’ and our registration number is Z8771132.  We collect, hold and use personal information about you so that we can provide a range of services to you.

This notice explains why we collect your personal information and how it is used. It also provides details of your rights as individuals. The privacy notice describes all our processing activities. Please read this notice carefully as by using our services you are accepting and consenting to the practices detailed in this policy.

Why we collect information from you

Information about you is collected in order to:

  • Understand the needs of park residents, businesses and visitors to help deliver or improve our services to you
  • Contact you by email, post or telephone
  • Allow us to carry out our statutory functions effectively including those relating to diversity and equality
  • Keep you informed about activities and events taking place in the national park

If we don’t collect this information and have your permission to use it we may not be able to provide you with the advice or service you requested.

What information do we collect from you

We may collect and process the following information about you:

  • Personal details including your name, email address and telephone number
  • Family details
  • Employment, education and training information
  • Financial details
  • Licenses or permit details
  • Membership details
  • Visual images or sound recordings
  • Other uncategorised information
  • CCTV images

We may also process sensitive information about you, which could include:

  • Physical or mental health details
  • Trade union membership or political affiliation
  • Political opinions
  • Information about criminal offences
  • Medical details
  • Immigration information
  • Lifestyle information
  • Religion or other belief information

How we use your information

We will only use information about you for the purposes for which we collected it. Your information is retained securely and not shared without your consent. Your information will be used to:

  • Allow us to communicate relevant information to you from time to time
  • Meet any legal obligations and statutory functions we may have
  • Process financial transactions
  • Provide any services that we deliver or that you have requested

We will not keep information about you longer than is necessary and will delete it in line with our data retention policy. Some information including financial records and personnel information will be kept in line with legal requirements.

How we communicate with you

We use different methods of communication to keep in touch with you. This includes email, telephone and post. Depending on the purpose of the communication we may ask you to choose your preferences for the communications method.

To maintain up to date records we may occasionally contact you by email, telephone or post to check that our records are up to date or to update your consent.

Lawful basis for processing

The authority will adhere to certain bases for processing your personal information. For planning information the authority uses the public task basis for processing as it has a requirement to process information to fulfil statutory obligations. Other information we collect, for example information for promotional purposes, is collected on the basis of consent. Finally we may collect information for processing on the basis of legitimate interest or contracts. This will usually be in relation to ensuring we provide information to stakeholders and residents within the national park authority and to manager employee and financial contractual obligations. Further information about the lawful bases is detailed in our data protection policy. A copy of the development management privacy notice is available on the website (info governance section?).

Information we hold about you

We will keep records of your consent and maintain details you provide, usually your name, email address, telephone number and home/business address. We will retain copies of emails and may retain voicemails when required, for example when dealing with an investigation. We will not keep them for longer than necessary and will delete emails and voicemails in line with our data retention policy.

Some of our premises have CCTV installed. These are for the purpose of public safety and prevention of crime. Where CCTV is in operation, notices are posted to this effect. Images collected by CCTV are only shared with third parties for the purpose of crime prevention or detection.  Recordings will not be kept for longer than necessary unless they are required for criminal investigations.  You have the right to view any CCTV images collected however they may be withheld if they also identify third parties.

Information sharing

We may need to share information with third parties and will only do this with your consent, unless there is a legal requirement to do so, for example in relation to our statutory functions. We will not share your information with any third parties for marketing purposes without your consent.

Northumberland National Park Authority is the information controller for the information we collect about you. We will only provide information to a third party for the purposes set out above or in order to prevent risk or harm to an individual or in relation to a crime, including fraud, if required to do so by law.

We may at times transfer personal data for storage purposes to other countries outside the European Economic Area, for example images from mobile phones are stored in Google Images. Where this occurs we will ensure that your information is stored securely and that such organisations are compliant with the General Data Protection Regulations. We will specifically advise if this occurs and ensure you have given consent for this.

Detect and prevent fraud or crime

We are required by law to protect the public funds that we administer. We may use the information you provide to us for the detection and prevention of fraud. We may also share this information with other bodies that are responsible for auditing or administering public funds including the Audit Commission, the Home Office, the Department for Work and Pensions, other local authorities, HM Revenue and Customs, and the Police. In addition to undertaking our own data matching to identify errors and potential fraud we are required to take part in national data matching exercises undertaken by the Audit Commission. The use of data by the Audit Commission in a data matching exercise is carried out under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned. In limited situations we may monitor and record electronic transactions (website, email and telephone conversations). This will only be used to detect or prevent a crime, or investigate or detect the unauthorised use of the telecommunications system and only as permitted by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000.

Website and social media information

Our websites: www.northumberlandnationalpark.org.uk and www.thesill.org.uk do not collect or store information about you when you access them. The forms you fill in online are secure and your details will only be retained for the purposes you have consented to.

Our websites use cookies to enable a better user experience. Cookies are a string of information sent by a website and stored on your computer or in your device’s memory. No personal information is collected this way.

When you access and ‘like’ or ‘follow’ our Facebook pages, https://www.facebook.com/NlandNP/ , Facebook will process information relating to your use of our pages and we are able to access analytical data relating to this. Similarly, our Twitter account, @NlandNP, also analyses data from users who access the services, for example by following @NlandNP. You are able to vary the way Facebook and Twitter use your data by modifying your social media account settings.

How we protect your information

We will not ask you for information beyond what is needed to provide you with the service or advice you have requested or consented to. We will not allow access to, disclose or otherwise share information about you other than for the purposes you have consented to, unless required for legal purposes, for example a criminal investigation.

We have developed a framework of policy documents to ensure that your personal information is protected. These documents include a data protection policy, data retention policy as well as staff training and awareness of their obligations relating to the security of personal information..

Your rights

The GDPR provides the following rights for individuals:

1.     The right to be informedTo be informed why, where and how we use your information
2.     The right of accessTo ask for access to your personal information
3.     The right to rectificationTo have any errors about your personal data amended
4.     The right to erasureAsking us to remove personal information about you
5.     The right to restrict processingTo ask us to stop processing or restrict use of your personal data
6.     The right to data portabilityAsking us to move, copy or transfer your personal information in a safe and secure way
7.     The right to objectBeing able to object about how your personal data is used
8.     Rights in relation to automated decision making and profiling.Being able to challenge decisions made by automated profiling (no human intervention)

 

You may also lodge a complaint with the Information Commissioner’s Office whose contact details are below.

Where your personal information is being processed with your explicit consent, you have the right to remove your consent.

If you ask us to stop processing your data, we will comply immediately, unless there is a legal requirement for us to continue to hold or process your data.

You have the right to make a Subject Access Request concerning the personal information we hold about you. This can be done by contacting the Data Protection Officer whose contact details are below.

If you would like to exercise any of the rights set out above please contact the Data Protection Officer at [email protected] or you can write to them at:

Data Protection Officer

Northumberland National Park

Eastburn

South Park

Hexham

NE46 1BX

There may be a fee to meet the cost of providing you with the information you request. We will inform you of this when you submit your request.

If you are unhappy with the way we use any of your information please contact the Data Protection Officer at the details shown above. Alternatively you can contact the Information Commissioner’s Office via their website: www.ico.org.uk or you can write to them at:

Information Commissioner’s Office

Wycliffe House

Water Lane Wilmslow

Cheshire

SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

Email: [email protected]

Changes to this policy

We will keep this policy under regular review and place updates on our websites: www.northumberlandnationalpark.org.uk and www.thesill.org.uk