Privacy Policy

At Exmoor National Park Authority, we are committed to protecting and respecting your privacy.

This Policy explains when and why we collect personal information about people who engage with us, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time so please check our website occasionally to ensure that you are happy with any changes. By using our website, you are agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent by email to or by writing to Exmoor National Park Authority, Exmoor House, Dulverton. Somerset. TA22 9HL. Alternatively, you can telephone 01398 323665.

Who are we?

Exmoor was designated as a National Park in 1954. Since then, the co-ordination of work to achieve National Park purposes in the area has been undertaken by local government and since 1997 by a free standing Exmoor National Park Authority.

Exmoor National Park Authority decides what measures to take to achieve the two National Park purposes:

"To conserve and enhance the natural beauty, wildlife and cultural heritage of the National Park"

"To promote opportunities for the understanding and enjoyment of the special qualities of the National Park by the public"

Exmoor National Park Authority is registered as a Data Controller with the ICO (Information Commissioners Office). Registration number Z9285589.

How do we collect information from you?

You may provide us with information when you use our website, for example, when you contact us about our services, upcoming events, submitting information relevant to planning applications and signing up for our services (e.g. volunteering). You may also supply us with information when contacting us via email, phone or speaking with a member of staff.

What type of information is collected from you?

The personal information we collect might include your name, address, email address, phone number and IP address. Some of our other services and events may require additional information that require your consent, such as any medical conditions and next-of-kin details. If you make a payment online or purchase a product from us, your card information is not held by us, it is collected by our third party payment processors, who specialise and are fully compliant in the secure online capture and processing of credit/debit card transactions.

Your Rights

Unless subject to an exemption under the data protection laws, you have the following rights with respect to your personal data:

  • The right to request a copy of the personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary to retain such data;
  • The right to withdraw your consent to the processing at any time, where consent was the lawful basis for processing your data;
  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), where applicable (i.e. where our processing is based on consent or is necessary for the performance of our contract with you or where we process your data by automated means);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to our processing of personal data, where applicable i.e. where processing is based on our legitimate interests (or in performance of a task in the public interest/exercise of official authority); direct marketing or processing for the purposes of scientific/historical research and statistics).

How is your information used?

We may use your information to:
keep you up to date with matters you have expressed an interest in, such as events, services, planning applications, campaigns, fundraising, processing a job application process a payment that you have made.
process applications that you have submitted.
process comments and feedback you have submitted.
to carry out our obligations arising from any contracts entered into by you and us.
dealing with entries into a competition.
seek your views or comments on the services we provide.
notify you of changes to our services.

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example planning, HR). We will only hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

Who has access to your information?

We will never sell or rent your information to third parties.

We will never share your information with third parties for marketing purposes.

Third Party Service Providers working on our behalf:

We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we will have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the Exmoor National Park Authority Network for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law.

Your choices

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct communications from us about services or activities you have previously expressed an interest in, then you can contact us to ask us to remove you from our database. At the time of signing up for any services or events, you will always be given the choice to positively opt-in; with the exception of matters that carry a statutory objective, such as planning applications.

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email: or telephone on 01398 323665.

How you can access and update your information

If you wish for us to update or rectify information we hold about you, such as a change email address, or any information we hold that is inaccurate or out of date, please email us at:, or write to us at: Exmoor National Park Authority, Exmoor House, Dulverton, Somerset. TA22 9HL. You have the right to ask for a copy of the information Exmoor National Park Authority holds about you by making a Subject Access Request. To do so, please email or write to Exmoor National Park Authority, Exmoor House, Dulverton, Somerset. TA22 9HL.

Security precautions in place to protect the loss, misuse or alteration of your information

Systems and practices are in place to ensure your personal data is used and stored in a secure manner. We use email encryption services for sensitive data. Any payment information is processed by our third party payment processors, who specialise and are fully compliant in the secure online capture and processing of credit/debit card transactions. All of our staff are trained in respect of data protection laws and we employ our own Data Protection Officer.

Non-sensitive details (your email address etc) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Use of 'cookies'

Like many other websites, the Exmoor National Park Authority website uses cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. This helps us to improve our website and deliver a better more personalised service.

It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies off may result in a loss of functionality when using our website.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to Exmoor National Park Authority‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

16 or Under

We are committed to protecting the privacy of children aged 16 or under. If you are aged 16 or under‚ please ensure you get your parent/guardian's permission beforehand whenever you provide us with personal information.

Transferring your information outside of Europe

All of our core services, data we hold and ICT infrastructure are hosted on servers within the EU. For any third party services that we use, such as email marketing services, we ensure they are fully compliant with current data protection laws and in the event that data is held outside the EU, they must be fully compliant and deemed adequate by the General Data Protection Regulation and all other current data protection laws.

Review of this Policy

We keep this Policy under regular review. This Policy was last updated in April 2018.