Privacy Notice: How We Deal with your Personal Information
The North York Moors National Park Authority is a ‘Data Controller’ as defined by Article 4(7) of the General Data Protection Regulations (GDPR). This means that the Authority has a duty of care towards the personal data that it collects and uses.
Personal information, or personal data, is defined as any information relating to a living individual who can be identified from that data or from that data in conjunction with other data held by the Authority.
In the course of our work we may hold personal information about individuals – this could include general details of name and address, or may be more detailed and in some instances “sensitive/special” eg financial or health status, racial origin etc.
The “lawful basis” for the North York Moors National Park Authority processing personal information is in the provision of services and functions in the public interest or in the exercise of official authority; or in the performance of a contract; or for compliance with a legal obligation.
We process personal information in the course of carrying out our core functions to conserve and enhance the natural beauty, wildlife and cultural heritage of the North York Moors, and to promote the opportunities for the understanding and enjoyment of the area by the public.
We also process personal data to enable us to promote our services, to maintain our accounts and records, to support and manage our staff. We also carry out some “discretionary” activities for which we might ask for personal details, for example marketing, retail, surveys for which consent will be sought before storing personal details.
Under the requirements of current data protection legislation (GDPR) we will ensure that personal data is processed fairly and lawfully, and only used for the purposes for which it was obtained; and that the rights of data subjects are properly respected.
When collecting personal information from you, we will tell you how this information is to be used, and will not use your details for other purposes without your consent.
We will ensure that the information is processed and filed in a secure way and that access to the information is restricted to those who need to use it for the purposes for which it was collected.
We will keep the information up to date and will not keep it for longer than necessary.
To ensure that we provide you with an efficient and effective service we will sometimes need to share your information with our partner organisations that support the delivery of the service you may receive. We may also need to supply your information to organisations we have contracted to provide a service to you.
We will only ever share your information if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do, and, where appropriate, Information Sharing Agreements are completed showing the rules to be adopted by the various organisations involved in the sharing exercise.
We will never share or sell your information for marketing purposes.
These principles and requirements should be seen in the context of other relevant legislation including the Human Rights Act 1998 and the Freedom of Information Act 2000.
The GDPR provides the following rights for individuals:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.
If you would like to submit a Data Subject Access Request (DSAR) then this can be done by email or post, with a subject line of “Subject Access Request” to the below:-
North York Moors National Park Authority
The Old Vicarage
You will also need to validate your identity (so that we can be certain that only you have access to your personal data). You can do this either by attending the Authority office in person or by providing us with copies of your ID.
Need further information?
If you would like to discuss anything further, or would like to see the Authority’s Data Protection Policy, please contact the Authority by email on email@example.com or by telephone 01439 772700.
The Authority has appointed Ian Nicholls as Data Protection Officer, contact details are: Telephone No: (01439) 772700 E-mail address: firstname.lastname@example.org
You may also want to complain to the Information Commissioner’s Office (the Data Protection regulator) about the way in which the Authority has handled your personal data. You can do so by contacting:
First Contact Team
Information Commissioner’s Office
Tel: 03031 23 1113
Further information is also available from the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; tel 01625 545 745; or visit the website www.ico.gov.uk