Planning Policy - Privacy Notice

Our Planning Strategy Team is committed to protecting your privacy when you use our services.

This Privacy Notice explains how we use information about you and how we protect your privacy.

Who we are and contact details

We are Hertsmere Borough Council, the second-tier authority for the area of Hertsmere in Hertfordshire.

Our main address is Civic Office, Elstree Way, Borehamwood, WD6 1WA and our telephone number is 020 8207 2277.

For the purposes of this notice, our contact details are our Data Protection Officer who can be contacted at dpo@hertsmere.gov.uk.

Collection of personal information or data

This privacy notice applies to the Broads Authority’s function as a local planning authority and the personal information (or “data”) which we obtain and process as part of this work.

For information about the council’s general data security policies see the Access to Information (opens in new tab) page which contains a link to the Council’s general Data Protection Policy.

The work we carry out includes:

• Developing planning policies, which includes the consultation process on draft policies;
• Working with neighbouring authorities on strategic policies;
• Working with parish councils and other bodies on neighbourhood plans;
• Providing advice on development proposals;
• Maintaining the Self-Build Register and Brownfield Register; and
• Monitoring development.

We obtain personal information in the following ways:

• From receiving comments, representations and questions via email, letter and through our online platforms;
• From landowners and site promoters through the call for sites process;
• From in-person events;
• From telephone calls.

Lawful basis for processing data

We need to have a lawful basis upon which to process your personal information. That basis is that we carry out tasks in the public interest or on the basis of power vested in us as a local planning authority (“public task” basis).

What information do we receive and process?

We receive information from members of the public in response to consultations on planning policy. This information might be submitted as part of a proposal to identify land for development, or in response to such proposals.

We also receive information when people request to be placed on the Self-build Register and the Brownfield Register.

We use the information provided to make decisions about the use of land in the public interest. This is known as a “public task” and is why we do not need you to “opt in” or give specific consent to allow your information to be used.

Some information provided to us relating to representations on local plans we are obliged under planning law to make available to a planning inspector as part of an Examination in Public.

We would strongly recommend that you do not send us personal data, for example about your medical history or family circumstances, unless it is essential that we know this in order to consider your representations or requests. This data is usually considered as ‘Special Category Data’ under the GDPR and we are not allowed to publish it.

The Extent of Personal Data Collected

The types of personal information we collect may include:

• basic personal information including name, address and contact details, including e-mail;
• information relating to expressed opinions or intentions in respect of a planning related issue;
• any other information you provide to us during a consultation process;
• in relation to the Self Build Register we collect additional required personal information, including date of birth, nationality and other information relating to the type of plot being sought. The self-build register may include information relating to housing needs. This is collected under the provisions of the Self Build and Custom Housing Building Act (2015).

Plan-making and related reasons for retaining data

The Council needs to meet the provisions of various planning acts, regulations and guidance including:

• The Localism Act (2011)
• The Planning and Compulsory Purchase Act (2004)
• The Levelling UP and Regeneration Act (2023)
• The National Planning Policy Framework and associated regulations

In the preparation of local plans there is a requirement to engage with various consultation bodies and members of the public.

The local planning authority is required under planning regulations to publish a detailed statement on representations received after each consultation stage. The name and postcode/location of individuals and organisations may be published within these reports for reasons of transparency. These reports are required to be submitted to the Secretary of State as part of the plan Examination process.

Land information databases

The information supplied by you or on your behalf in relation to housing or employment sites forms part of our land information database for the purpose of producing the Housing and Employment Land Availability Assessment (HELAA).

Should you decide not to provide any of the information we request from you we cannot include the site you have put forward in the database.

Similarly, information supplied by you or on your behalf in relation to the brownfield land forms part of the Brownfield Land Register.

How the law allows the council to use your information

Data protection law permits the council to collect and use the information you provide us when:

• You, or your legal representative, have given us consent
• You have entered into a contract with us
• It is necessary to perform our public functions and statutory duties
• It is necessary to protect you or someone in an emergency
• It is required by law
• It is necessary for employment purposes
• It is necessary to provide health or social care services
• You have made your information publicly available
• It is necessary for legal cases or to defend legal claims
• It is to the benefit of society as a whole
• It is necessary to protect public health
• It is necessary for archiving, research, or statistical purposes.

In any event, we will only ever ask for information that is necessary for our purposes and does not constitute an invasion of your privacy.

If we have consent to use your personal information, you have the right to remove it at any time. If you want to remove your consent, please contact local.plan@hertsmere.gov.uk (opens in new tab) .

Data protection laws and rules

The Planning Policy Team uses your personal information within the rules set out in data protection laws, for the following reasons:

• Where we are legally obliged to process your information e.g. as part of the preparation of a local plan.
• To inform you about strategic planning proposals and obtain your opinions about them.
• To help investigate your concerns and respond to requests.
• Monitor the council’s performance in responding to your queries or complaints to ensure we meet legal requirements.

Sharing information within the council

The information you provide to the Planning Strategy Team is kept in a standalone database and is not shared with other council departments. We do not procure personal information from other council departments for the purposes of consultation on the Local Plan.

What not to include in the main body of comments on local plans and related documents?

When making a comment, please do not include:

• signatures
• contact number
• any personal information for example about your health.

Who has access to the information about you?

In addition to the Inspector appointed by the Planning Inspectorate, the Programme Officer appointed by Hertsmere, members of the planning policy team and any wider planning department officers who may be involved in data processing. If you take part in the Local Plan Examination, this may be live streamed and recorded, so anyone who chooses to watch the live stream or recording of the Borough Local Plan Examination Hearings will be able to see your participation in the hearings, including your name, image and voice.

Sharing with third parties

We will only share your personal data with third parties where required by law.

We will share your data with the Planning Inspector appointed by the Secretary of State, the Programme Officer appointed by Hertsmere, and within the planning policy team.

Your name and organisation (if applicable) will be published on our website along with representations upon submission. Demographic data will be processed anonymously to assess the effectiveness of our consultation.

All of the council’s third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies.

We do not allow our third-party service providers to use your personal information for their own purposes and they may only process your personal information for specified purposes and in accordance with our instructions.

The names of those invited to and participating in public meetings will be viewable by others taking part in the meeting. The data is also shared with any member of the public that listens to or views the live stream.

Third party service providers

Our current third-party service providers involved in the Local plan process are set out below.

The following third-party service providers are involved in sending email correspondence and collecting survey data:

The following third-party service providers are involved in processing local plan representations:

Location of your information

We will not normally transfer any of your information outside of the European Union. We have additional protections to protect your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with that particular third party.

We’ll take all practical steps to make sure your personal information is not sent to a country that is not seen as ‘safe’ either by the UK or EU Governments.

Our planning policy consultation portal was previously run by Objective, a company who use Amazon Web Services (AWS) to store their data. Our consultation database is still held on this system. Both Objective and Amazon hold up to date certification to data standard 27001, 27017 and 27018 which are renewed annually.

Redaction (blanking things out)

We operate a policy where we routinely redact the following information:

• Personal contact details such as telephone numbers and e-mail addresses (but not property address)
• Signatures
• Special Category Data e.g. supporting statements that include specific information about health conditions or ethnic origin.
• Information which you indicate is confidential and where we have agreed this to be the case.

Sometimes we might decide it is necessary, justified and lawful to disclose data that appears in the list above. In these circumstances we will let you know of our intention before we publish anything. We may sometimes take the view that very generalised information is not specific enough to fall within the description of Special Category Data e.g a delayed letter explained by a statement of the writer having been unwell.

If you are submitting supporting information which you would like to be treated confidentially or wish to be specifically withheld from the public register, please let us know as soon as you can.

How long we keep your information

The council will process the information you provide in a manner that is compatible with the Data Protection Act. We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances the law sets the length of time information has to be kept, but in most cases the council will use its discretion to ensure that we do not keep records outside of our normal business requirements - i.e. providing a service to you.

We will normally retain your details throughout the process of producing a Local Plan, which can take several years. Once a new Local Plan has been adopted we will consider the need to retain your information, and may contact you to check the details we hold are up to date.

Retention periods:

• Land databases - on-going
• Registers – self build register entries subject to three year review
• Plan-making - 7 years after adoption of documents

Only using what we need

Where we can, we’ll only collect and use personal information if we need it to deliver a service or meet a requirement.

If we don’t need your personal information we’ll either keep you anonymous, if we already have it for something else, or we won’t ask you for it. For example in a questionnaire or feedback survey we may not always need your contact details and will only collect your survey responses.

If we use your personal information for research and analysis purposes, we’ll always keep you anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.

We may publish your name alongside your responses, and may publish the area of the borough in which you live or your postcode. We will not publish other personal details such as full home address, email address and telephone number.

We do not sell your personal information to anyone else.

Your Rights

The law gives you a number of rights to control what personal information is used by us and how it is used by us. You are legally entitled to request access to any of your information that is held by us, or to ask us to limit or stop the processing of your personal information in relation to any council service. Further details about your rights are provided below, however in summary:

You also have the right to:

• Object to processing of personal data that is likely to cause, or is causing you damage or distress
• Prevent the processing of your information for the purposes of direct marketing
• Object to decisions being taken by computers
• In certain circumstances, have inaccurate personal information amended, blocked, erased or destroyed; and
• Claim compensation for damages caused by serious breaches of data protection rules

We will seek to comply with your request but there may be some situations where we will not be able to do this in full for example;

• Where there is a legal requirement or where information held was given in confidence;
• Information a professional thinks will cause serious harm to you or someone else’s physical or mental wellbeing; or
• If we think that giving you the information may stop us from preventing or detecting a crime

This applies to personal information that is in both paper and electronic records. If you ask us, we’ll also let others see your record (except if one of the points above applies).

If you can’t ask for your records in writing, we’ll make sure there are other ways that you can. If you have any queries about access to your information please contact foi@hertsmere.gov.uk (opens in new tab) or telephone 020 8207 2277.

Delivering your information (right to be "forgotten")

In some circumstances you can ask for your personal information to be deleted, for example:

• Where your personal information is no longer needed for the reason it was collected in the first place
• Where you have removed your consent for us to use your information (where there is no other legal reason us to use it)
• Where there is no legal reason for the use of your information
• Where deleting the information is a legal requirement

Where your personal information has been shared with others, we’ll do all we can to make sure those using your personal information also comply with your request for erasure.

Please note that we can’t delete information where:

• We’re required to retain it by law (for example where you have commented on a Local Plan and the comments form part of the examination material for that Plan).

Limiting what we use your personal data for

You have the right to ask us to restrict what we use your personal information for where:

• You have identified inaccurate information, and have told us of it
• Where we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether

When information is restricted it cannot be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interest reasons.

Where restriction of use has been granted, we’ll inform you before we carry on using your personal information.

If you want the Planning Strategy Team to stop using your information please contact GDPR.localplan@hertsmere.gov.uk (opens in new tab) .

You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may result in delays or prevent us delivering a service.

Where possible we’ll seek to comply with your request, but we may need to hold or use information due to legal obligations.

You will need to contact the Data Protection Officer for requests relating to other council services at foi@hertsmere.gov.uk (opens in new tab) or telephone us on 020 8207 2277.

How do we protect your information?

We’ll take all possible steps to protect the information we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include:

• Secure emails: Use of secure email networks to ensure that sensitive information is safely shared.
• Controlling access to systems and networks: Allows us to prevent people not permitted to view your personal information from gaining access to it.
• Staff Training: Allows us to make all our staff aware of how to handle information and how to report incidents or issues regarding the use of information
• Regular testing of our IT systems: And ways of working including keeping up to date on the latest security updates and training all our staff on protecting and using information securely.

Further information

Data Controller

Under Data Protection laws, the council is the data controller for the information you provide to us and is registered with the Information Commissioner’s Office (ICO) with registration number Z6581644.

You can refer any concerns to the Information Commissioner's Office’s website (opens in new tab) or write to:

Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Making a complaint about how we are collecting or using your information

We will always try to help you with queries and respond appropriately to all requests regarding the processing of your information.

If you have a concern about the way we are collecting or using your personal data or are not satisfied with the way we handle your requests please raise your concern with us in the first instance to allow us to investigate.

We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact our Data Protection Officer at foi@hertsmere.gov.uk (opens in new tab) or by calling 020 8207 2277 and asking to speak to the Data Protection Officer.

If you are still not satisfied with the council’s internal review procedure, you can refer your concerns to the Information Commissioner's Office’s website (opens in new tab) or write to:

Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

To request access to your personal information, or to report inaccuracies, or raise a complaint please email us at foi@hertsmere.gov.uk (opens in new tab) or telephone us on 020 8207 2277.

Legislation

EU General Data Protection Regulations (GDPR)

This new data protection law comes into force on 25 May 2018, and provides additional rights for all citizens within the European Union regarding the way organisations, like the council handle your personal information.

Data Protection Act 2018

Currently this new data protection law (opens in new tab) received Royal Assent of 23 May 2018, and came into force on 25 May 2018. It replaces the Data Protection Act (1998) (opens in new tab) . This new law brings the requirements of the GDPR into UK legislation, ensuring that UK data protection rules are in line with EU law.

For further details about the GDPR please visit the Information Commissioner's Office’s website (opens in new tab) .