Northumberland National Park Authority is committed to ensuring the privacy of and respecting the rights of individuals. We are registered as a ‘Data Controller’ and our registration number is Z8771132. We collect, hold and use personal information about you so that we can provide a range of services to you.
This notice explains why we collect your personal information and how it is used. It also provides details of your rights as individuals. The privacy notice describes our processing activities. Please read this notice carefully as by using our services you are accepting and consenting to the practices detailed in this policy.
Why we collect information from you
Information about you is collected in order to:
- Understand the needs of park residents, businesses and visitors to help deliver or improve our services to you
- Contact you by email, post or telephone
- Allow us to carry out our statutory functions effectively including those relating to diversity and equality
- Keep you informed about activities and events taking place in the national park. If we don’t collect this information and have your permission to use it we may not be able to provide you with the advice or service you requested.
What information do we collect from you
We may collect and process the following information about you:
- Personal details including your name, email address and telephone number
- Family details
- Employment, education and training information
- Financial details
- Licenses or permit details
- Membership details
- Visual images or sound recordings
- Other uncategorised information
- CCTV images
Special protection is given to certain kinds of personal information which is particularly sensitive. This information includes health details, medical details, racial or ethnic origin, political views, trade union membership, religious or similar beliefs, sexual orientation, and information about criminal convictions or allegations.
How we use your information
We will only use information about you for the purposes for which we collected it. Your information is retained securely and not shared without your consent. Your information will be used to:
- Allow us to communicate relevant information to you from time to time
- Meet any legal obligations and statutory functions we may have
- Process financial transactions
- Provide any services that we deliver or that you have requested
We will not keep information about you longer than is necessary and will delete it in line with our data retention policy. Some information including financial records and personnel information will be kept in line with legal requirements.
How we communicate with you
We use different methods of communication to keep in touch with you. This includes email, telephone and post. Depending on the purpose of the communication we may ask you to choose your preferences for the communications method.
To maintain up to date records we may occasionally contact you by email, telephone or post to check that our records are up to date or to update your consent.
Lawful basis for processing
The authority will adhere to certain bases for processing your personal information. A lot of our data is collected for our public task, for example, making decisions on planning applications. The information provided in relation to a contract enables us to enter into a contract with you and in the fulfilment of that contract. Other information we collect, for example information for promotional purposes, is collected on the basis of consent. We may also collect information for processing on the basis of legitimate interest. This will usually be in relation to ensuring we provide information to stakeholders and residents within the National Park and to manage employee and financial contractual obligations. Further information about the lawful bases is detailed in our data protection policy. A copy of the Planning privacy notice is also available on the website.
Information we hold about you
We will keep records of your consent and maintain details you provide, usually your name, email address, telephone number and home/business address. We will retain copies of emails and may retain voicemails when required, for example when dealing with an investigation. We will not keep them for longer than necessary and will delete emails and voicemails in line with our data retention policy.
Some of our premises have CCTV installed. These are for the purpose of public safety and prevention of crime. Where CCTV is in operation, notices are posted to this effect. Images collected by CCTV are only shared with third parties for the purpose of crime prevention or detection. Recordings will not be kept for longer than necessary unless they are required for criminal investigations. A separate CCTV policy is available.
We may share personal information internally across teams and with Members where we need to do that to provide you with services, carry out our statutory functions or where it is fair and reasonable to do so. We may need to share information with third parties and will only do this with your consent, unless there is a legal requirement to do so, for example in relation to our statutory functions. We will not share your information with any third parties for marketing purposes without your consent.
Northumberland National Park Authority is the information controller for the information we collect about you. We will only provide information to a third party for the purposes set out above or in order to prevent risk or harm to an individual or in relation to a crime, including fraud, if required to do so by law.
We may at times transfer personal data for storage purposes to other countries outside the European Economic Area, for example images from mobile phones are stored in Google Images. Where this occurs we will ensure that your information is stored securely and that such organisations are compliant with the General Data Protection Regulations. We will specifically advise if this occurs and ensure you have given consent for this.
Access to our website is not restricted to the UK, so some information, such a planning application details may be accessed from overseas.
Detect and prevent fraud or crime
We are required by law to protect the public funds that we administer. We may use the information you provide to us for the detection and prevention of fraud. We may also share this information with other bodies that are responsible for auditing or administering public funds. In limited situations we may monitor and record electronic transactions (website, email and telephone conversations). This will only be used to detect or prevent a crime, or investigate or detect the unauthorised use of the telecommunications system and only as permitted by the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000.
Website and social media information
Our websites: www.northumberlandnationalpark.org.uk and www.thesill.org.uk do not collect or store information about you when you access them. The forms you fill in online are secure and your details will only be retained for the purposes you have consented to.
When you access and ‘like’ or ‘follow’ our Facebook pages, https://www.facebook.com/NlandNP/ , Facebook will process information relating to your use of our pages and we are able to access analytical data relating to this. Similarly, our Twitter account, @NlandNP, also analyses data from users who access the services, for example by following @NlandNP. You are able to vary the way Facebook and Twitter use your data by modifying your social media account settings.
How we protect your information
We will not ask you for information beyond what is needed to provide you with the service or advice you have requested or consented to. We will not allow access to, disclose or otherwise share information about you other than for the purposes you have consented to, unless required for legal purposes, for example a criminal investigation.
We have developed a framework of policy documents to ensure that your personal information is protected. These documents include a data protection policy, data breach policy, data retention policy as well as staff training and awareness of their obligations relating to the security of personal information.