Skip to content

Public Rights of Way Commons Act 2006 Applications privacy notice

We keep this privacy notice under regular review and it was last updated on 12 September 2024.

This notice explains what personal data (information) we hold about you, how we collect, how we use and may share information about you. We are required to give you this information under data protection law.

Who we are

Kent County Council (KCC) collects, uses and is responsible for certain personal information about you. Where we do so, we are regulated by the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as the ‘controller’ of that personal information for the purposes of that legislation.

The personal information we collect and use

Information collected by us

In the course of you making an application under the Commons Act 2006, we collect the following personal information is collected from you:

  • Name
  • Contact details
  • Other information relating to the application (including relevant dates (of birth or house moves), previous addresses and patterns of usage).

How we use your personal information

We use your personal information to process your application in accordance with the Commons Act 2006 and the Commons Registration (England) Regulations 2014.

How long your personal data will be kept

Personal information in respect of successful applications will be retained permanently.

In respect of unsuccessful applications, these will be securely destroyed after three months from the date of determination of the application. Where we are not able to consider the application as a result of some administrative defect or legal impediment, these will also be securely destroyed after three months from the date of notification to the applicant.

Reasons we can collect and use your personal information

The lawful basis on which we collect and use your personal data is that processing is necessary for the compliance of legal obligation, namely in KCC’s capacity as the ‘Commons Registration Authority’ for the purposes of the Commons Act 2006.

The provision of personal data is required from you to enable us to process an application that has been made under the Commons Act 2006, and as we have a statutory basis for collecting your personal data. If you do not provide it, we may be unable to process your application.

Who we share your personal information with

Applications and any representations made cannot be treated as confidential. To determine the application, it will be necessary for Kent County Council as the ‘Commons Registration Authority’ to disclose information received from you to others, including other organisations and members of the public. The 2014 Regulations require inclusion of the applicant’s name in the public notice advertising the application, and it may be necessary to make the complete application publicly available.

We will share personal information with law enforcement or other authorities if required by applicable law.

Your rights

Under the GDPR you have rights which you can exercise free of charge that allow you to:

  • know what we are doing with your information and why we are doing it
  • ask to see what information we hold about you
  • ask us to correct any mistakes in the information we hold about you
  • object to direct marketing
  • make a complaint to the Information Commissioners Office.

Depending on our reason for using your information you may also be entitled to:

  • ask us to delete information we hold about you
  • have your information transferred electronically to yourself or to another organisation
  • object to decisions being made that significantly affect you
  • object to how we are using your information
  • stop us using your information in certain ways.

We will always seek to comply with your request, however we may be required to hold or use your information to comply with legal duties. Please note: your request may delay or prevent us delivering a service to you.

For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under the General Data Protection Regulation.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Who to contact

UK GDPR also gives you right to lodge a complaint with Information Commissioner, who may be contacted via the Information Commissioner's website or call 03031 231113.

For further information visit about the website privacy statement