Privacy notices
On this page:
About us
New Forest District Council respects your right to privacy.
This privacy notice explains who we are, how we collect, share and use your personal data, and how you can exercise your privacy rights. It applies to all individuals who access our website at www.nfdc.gov.uk ('our Website'), contact us, receive our services, or who participate in our recruitment activities.
This privacy notice is also supplemented by our departmental privacy notices which relate to the particular services they provide and their specific use of your personal data.
These privacy notices are included in the links along the right hand column of this page in alphabetical order.
We recommend that you read this privacy notice, as well as each relevant departmental privacy notice, to ensure you are fully informed.
Data Controller
New Forest District Council (collectively referred to as "the Council", "we", "us" or "our" in this privacy notice) is the data controller for the personal data we process, unless otherwise stated.
Data Protection Officer
The Council has appointed a Data Protection Officer.
Contact details
To contact the Council or the Data Protection Officer regarding the handling of your personal data, you can write to us by:
Post: New Forest District Council, Beaulieu Road, Lyndhurst, Hampshire SO43 7PA
Or
Email: data.protection@nfdc.gov.uk
You can also contact the Council using our other communication channels.
Personal data
What type of personal data do we process?
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store, share and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes address, email address and telephone numbers.
- Financial Data includes bank account and payment card details and benefit information.
- Transaction Data includes details about payments to and from you .
- Technical Data includes internet protocol (IP) address, browser type and version.
- Profile Data includes your preferences, feedback and survey responses.
- Usage Data includes information about how you use our website and services.
- Communications Data includes your communication preferences.
- Vulnerability data includes information about health, life events, resilience and capability that helps us identify if you might have additional support requirements in order that we can better meet your needs.
- Children's Data includes personal data collected about children in limited circumstances, for example if they are part of a homelessness applicant's or a tenant's household.
Sometimes we will request Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We may also process information about criminal convictions and offences.
Further specific information about the type of personal data each department processes can be found in the relevant departmental privacy notices.
Why do we process your personal data?
The Council, as a public authority, is under a legal duty to deliver certain services to its residents. It also has the power to deliver other services.
We will often need your personal data to:-
- comply with legal duties which the Council is subject to;
- deliver services and support to you;
- respond to requests from you;
- manage those services we provide to you;
- train and manage the employment of our staff who deliver those services;
- help investigate any worries or complaints you have;
- keep track of spending on services;
- check the quality of services; and
- to help with planning of service improvements.
Further specific information about how each department uses your personal data can be found in the relevant departmental privacy notices.
Where do we get your personal data from?
The personal data we process about you will often be submitted by you.
If you are under a legal or contractual obligation to provide us with your personal data we will let you know this, and what will happen if you do not provide us with your personal data.
There will be circumstances where we receive your personal data from third parties.
Further specific information about where each department obtains your personal data from can be found in the relevant departmental privacy notices.
What is the legal basis for using your personal data?
We are committed to collecting and using personal data in accordance with applicable data protection laws. By law, we must have a legal justification, known as a lawful basis, in order to use your personal data for the purposes described in this privacy notice and the supplementary departmental privacy notices. Depending upon the purpose, our lawful basis will be one of the following:
- Consent: You have given consent for us to process your personal data for a specific purpose.
- Contract: The processing of your personal data is necessary for a contract you have with the Council, or in preparation for entering into a contract with the Council.
- Legal Obligation: The processing is necessary for the Council to comply with a legal obligation.
- Vital Interests: The processing is necessary to protect someone's life.
- Public Task: The processing is necessary for the Council to perform a task in the public interest or for its official functions with a basis in law.
- Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests, although this lawful basis cannot apply to the Council's processing of personal data as part of its official tasks.
In addition, we can only collect and use Special Categories of Personal Data where we have an additional, specific lawful basis to process such information. Depending upon the purpose, our additional lawful basis will usually be one of the following:
- With your explicit consent.
- Necessary for employment, social security and social protection (if authorised by law).
- Necessary to protect your vital interests or those of another individual;
- Necessary to establish, exercise or defend a legal claim - including where we are faced with legal proceedings or we bring legal proceedings ourselves.
- Information has been clearly or obviously made public by you.
- Reasons of substantial public interest (with a basis in law).
- Necessary for health or social care (with a basis in law).
- Necessary to protect public health (with a basis in law).
Please note where we are relying on consent to process your personal data, you have the right to withdraw this consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
Further specific information about the lawful basis relied on by each department when processing your personal data can be found in the relevant departmental privacy notices.
Do we transfer your personal data outside of the UK?
Generally, the personal data that we hold is processed within the UK.
Sometimes we, or third parties acting on our behalf, may need to transfer personal data outside of the UK. We'll always take steps to ensure that any transfer of personal data outside the UK is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place. This might include transfers to countries that the UK considers will provide adequate levels of data protection for your personal data (such as countries in the European Economic Area) or putting contractual obligations in place with the party we are sending information to.
Retention
We keep your personal data for as long as is reasonably required for the purposes explained in this privacy notice and the supplementary departmental privacy notices. We also keep records, which may include your personal data, to meet legal, regulatory, audit, reporting, tax, accounting or reasonable business needs. For example, we are required to retain an accurate record of your dealings with us, so we can respond to any complaints or challenges you might raise later. We'll also retain files if we reasonably believe there is a prospect of litigation. The specific retention period for your personal data will depend on your relationship with us and the reasons we hold your personal data.
To support us in managing how long we hold your personal data and our record management, we maintain a Retention and Destruction Schedule which includes clear guidelines on data retention and deletion.
Where your personal data is included within Council, Cabinet, Committee or Panel documentation this will be retained in perpetuity.
If you would like more information about our Retention and Destruction Schedule, please contact us.
Joined-up services within the Council
We may share your personal data between departments and services within the Council so that we can keep our information up-to-date, provide cross departmental support, and to improve our services to you. A number of our departments including Customer Services, Finance, ICT, Legal, Information Governance and Complaints provide support and specialist services to the Council's front line services and may need access to your personal data to do so. Our staff can only see your personal data if they need it to do their job and are subject to an obligation of confidentiality.
Who do we share your personal data with?
We are allowed and may need to share your personal data with third parties. We will always make sure there is a legal basis which permits data sharing to take place before we share and we will keep records of when your data has been disclosed to another organisation.
Third party processors
In order to deliver the best possible service, there are occasions where we employ or contract third parties to assist. These third parties will sometimes need access to your personal data in order to complete their work. If we do use a third party, we will always have an agreement in place to ensure that the third party keeps your personal data secure. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Other organisations
Sometimes we may share your personal data with other organisations. This could be because of a legal requirement or because a court orders us to do so. For example, we may need to share information with the police or another law enforcement agency to help prevent or detect a crime. We may not have to tell you if we do share with other organisations in this way.
We will share information regarding payments made to us with the relevant banking and financial institutions as well as card processing organisations.
Further specific information about who each department may share your personal data with can be found in the relevant departmental privacy notices.
Audit
Our internal auditors, our Corporate Fraud and Compliance Officer, and external auditors may also have access to your personal data in order to complete their work.
National Fraud Initiative
We are required by law to protect the public funds we administer. We may share information provided to us with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.
The Cabinet Office is responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
We participate in the Cabinet Office's National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned.
Data matching by the Cabinet Office is subject to a Code of Practice.
View further information on the Cabinet Office's legal powers and the reasons why it matches particular information.
How do we protect your personal data?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This includes:
- Training for all staff and elected councillors on how to handle personal data;
- Policies and procedures;
- ICT security safeguards; and
- On-site security safeguards.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the Information Commissioner's Office ("the ICO"), who are the UK supervisory authority for all data protection matters, where we are legally required to do so.
Please tell us if anything changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
You can update your personal data for Council Tax purposes at the Report a Change section of our website.
If you fail to provide personal data
Where we are required to collect certain personal data by law, based on public interest or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to help you further.
Your data rights
You have legal rights under data protection laws in relation to your personal data.
You have the following rights relating to your personal data:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
For more information regarding these rights please see our Information Rights Policy.
If you would like to exercise any of these rights, please contact us.
We may ask you for proof of identity when you make a request to exercise any of these rights. We do this to ensure we only disclose information to the right individual.
We aim to respond to all valid requests within one month. It may take us longer if the request is particularly complicated or you have made several requests. We'll always let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked. This is because your rights will not always apply. We will explain to you how we are dealing with your request.
Your Right To Complain
We work to high standards when it comes to processing your personal data. If you have queries or concerns, please contact our Data Protection Officer at data.protection@nfdc.gov.uk.
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your personal data. If you feel we have not handled your query or concern to your satisfaction you can contact the ICO.
You can contact the ICO at:
Website: https://ico.org.uk/concerns
Telephone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Email: casework@ico.org.uk
This Website
Third-party links
This website may include links to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and this privacy notice does not cover third-party websites. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Cookies
Cookies are small files that websites save to your computer. They are used to make the site work better for you, and to help the website owner understand how people use the website. These cookies aren't used to identify you personally but they can remember activities and preferences chosen by you and your browser. You can manage cookies by controlling which cookies are saved or by deleting them.
We have links to third party software providers that use cookies to improve services for you through, for example enabling a service to recognise your device so you are not offered the same service more than intended, measuring how many people are using services, to improve service delivery, or analysing data to help understand how our online services are used so we can improve them.
From time to time we may use third parties to survey our website to obtain feedback. It is possible that those third parties may use cookies.
We have links to social networking websites (such as Facebook and Twitter). These websites may place cookies on your computer.
To find out how to allow, block, delete and manage cookies, follow the link below and select the browser you are using. You can also read your browser's built-in or online help for more information.
You can delete your cookies at any time, but please be aware that some parts of our website may not work properly and your preferences may be lost.
For further Information about cookies please see the page: Cookies - New Forest District Council.
Updates
This privacy notice and each departmental privacy notice is updated from time to time to take account of changes in our services, legal requirements and to make sure they are as transparent as possible, so please check back here for the current version. You can see when this privacy notice was last updated here: May 2023