This page explains how this site, which is managed by the Broads Authority, uses any information you give to us, and the ways in which we protect your privacy.

You can also download PDF copies of our Privacy notice, Data Protection Policy and Data retention and information management policy.

Introduction, identity and contact details

The Broads Authority is the data controller in relation to this website. We are committed to protecting your privacy and processing your personal data in accordance with data protection legislation (currently the Data Protection Act 1998) and legislation as a result of the EU General Data Protection Regulation GDPR). This policy implements the provisions of GDPR  and we have a Data Protection Policy (PDF) which provides more information.

This page explains how this site, which is managed by the Broads Authority, uses any information you give to us, and the ways in which we protect your privacy.

You can contact us at Yare House, 62-64, Thorpe Road, Norwich Norfolk NR1 1RY, United Kingdom. Our Data Protection Officer is based at this address and can be contacted on 01603 756018 or by e-mail at

Broads Authority is a body corporate established under UK law by the Norfolk and Suffolk Broads Acts 1988 and 2009. It undertakes tasks in the public interest as set out in those Acts of Parliament and most of our data processing is done on this lawful basis.

The information we collect about you

The Broads Authority website is intended to provide information to members of the public and potential employees about our work. We may use (or “process”) your personal information for a number of purposes, including:

  • To deal with your requests and enquiries.
  • To contact you for reasons related to your enquiry.
  • To deal with matters relating to our powers as a Local Planning Authority and your communication with us in relation to planning applications and comments upon them.
  • To use your IP address to monitor traffic and gather browsing behaviours of visitors to our websites. We will not use your IP address to identify you in any way.

The legal basis for this processing is that the processing is necessary for tasks in the public interest or exercise of authority vested in the controller. The powers which are vested in the Authority are found in the Norfolk and Suffolk Broads Act 1988 (as amended), various Byelaws made under this legislation, local government legislation and Town and Country Planning legislation.

The Broads Authority does not store any of the personal information captured about individuals who access the Authority’s website - except where you have voluntarily chosen to give us your personal details either:

  • Via email.
  • When completing an online form.
  • When completing an optional online survey.

Data Protection Principles

We will process your personal information lawfully, fairly and transparently and in accordance with GDPR Data Protection Principles. We do not carry out automated decision-making.

We have appropriate technological and organisational measures in place to prevent the loss, misuse or alteration of your personal information.

Any information you provide us is stored securely on password and firewall protected servers.

However, the internet is not generally a secure medium for communication and therefore we cannot guarantee the security of any information you send us over the internet.

Data retention and sharing

We do not pass on your details to any third party unless you give us permission or the Authority is legally obliged to do so or it is for the prevention or detection of crime or fraud. The Authority does not share this data with third parties, nor does it transfer this data outside the European Union.

In relation to our functions as a Local Planning Authority we have an obligation to maintain information on our public planning file and make this accessible via our website. This includes personal details in relation to planning applications and comments made in response to planning applications.

We monitor this site's access log information and the connection address from the IP address you are connecting from is automatically included.

The Authority does issue "cookies" (these are small files of information which web sites use to identify its users), however, these do not contain personal information - see 'How we use cookies' below, for more information.

The personal data you give the Broads Authority will be used exclusively for providing you with the information or service which you have requested and other Broads Authority related information and services that may be of interest to you. It will not be shared with any other organisation.

We will retain your information (where no period is stipulated within this notice) in accordance with our Data and Information Retention Policy. This policy is available on request from our Data Protection Officer and prescribes categories of data and the period retention is required for the organisational requirements of the Authority, balanced against the principle that data should not be retained longer than is necessary.

Please see our Data retention and information management policy (PDF) for more information.

How we use cookies

The law requires your permission to save cookies on your machine.  Please read the below carefully and contact us if you have any questions.

Cookies are small files which are sent to your browser (for example Google Chrome, Internet Explorer or Mozilla Firefox) and stored on your computer's hard disk. They only identify your computer and not you personally.

Google Analytics cookies

These cookies are used to help record your use of this website. They are used to collect statistics about site usage such as when you last visited the site. This information is then used to improve the user experience on our website. The cookies contain randomly generated IDs used to recognise your browser when you read a page. The cookies contain no personal information and are used only for web analytics.

The Google Analytics cookies are called _utma, _utmb, _umtc and _utmz. They will appear in the list of cookies under

  • _utma tracks whether you have visited the website before. It is set to expire 2 years after your last visit.
  • _utmb establishes a ‘user session’ and tracks which pages you look at on this visit to the website. It is set to expire 30 minutes after your last visit.
  • _utmc is connected with _utmb and expires when you closed your browser, rather than just visit another website.
  • _utmz tracks whether you have come to the website from a search engine, another website or have typed the web address directly into your browser. It is set to expire 6 months after it was last set.

We encourage you to accept the cookies our website uses as they help us to improve the user experience for you and many others.

Help on how to delete or reject cookies

If you do not want to receive cookies from this website, select cookie settings under the privacy settings in your browser options, then add our domain to the list of websites you do not want to accept cookies from. Under settings you can also delete individual cookies or any cookies that your browser has stored. You can find more information on how to delete and control cookies. You can read more details on Cookies and Google Analytics.

Your rights in relation to data processing including rights to access and erasure

You have the right to see any personal information that we hold about you. Such requests are called subject access requests. If you would like to make a subject access request please contact the Authority’s Data Protection Officer at:

Data Protection Officer, Broads Authority, Yare House, 62-64 Thorpe Road, Norwich Norfolk, NR1 1RY. Alternatively e-mail

We will respond to such requests within one month. There is no fee to make a request.

You may ask us to rectify any personal information which is incomplete or inaccurate. You may also ask us to erase such data once processing is no longer necessary or if you object to processing or consider that we are processing it unlawfully. We will consider such requests and if we refuse, we will give reasons.

Requests may require you to prove your identity before we respond to you. Those under the age of 16 years of age should make a request through their parent or guardian.


You have the right to lodge a complaint with the supervisory authority in relation to data processing in the UK.

This is the Information Commissioner’s Office at Wycliff House, Water Lane, Wilmslow Cheshire SK9 5AF. Telephone: 0303 123 1113.

Data Protection Policy

You can find out more information on how we are committed to protecting your privacy on our Data Protection Policy.

(This page was last updated 30/06/21)