Privacy Policy

This privacy notice describes the handling of all personal data we collect, how this information is used and how your privacy is protected. This policy only relates to the personal data that the Centre for Forest Protection collects and processes, or otherwise controls.

Who we are

The Centre for Forest Protection website is hosted by Forest Research, the research agency of the Forestry Commission. Forest Research is the data controller for pages starting with

If you follow a link to pages provided by another organisation or business, that organisation or business will:

  • be the data controller
  • be responsible for processing any data you share with them
  • publish and manage their own privacy notice with details of how to contact them.

We are not responsible for external organisations that may link to our web pages. For more information concerning external agencies and stakeholders please visit the relevant privacy statement on their own web pages.

The Centre for Forest Protection is committed to the responsible handling and security of personal data. Your privacy is important to us and protected in law through the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA 2018). To comply with this legislation, we must provide you with information setting out how we process your personal data.

What is personal data?

Personal data is data which identifies an individual directly or indirectly, in particular by reference to an identifier such as their name or a reference number.

What information do we collect?

The personal data we collect from you includes:

  • questions, queries or feedback you leave, including your email address if you contact
  • your email address and subscription preferences when you sign up to our email alerts
  • how you use our emails – for example whether you open them and which links you click on
  • your Internet Protocol (IP) address, and details of which version of web browser you used
  • information on how you use the site, using cookies and page tagging techniques.

Why we need your data

We collect your personal data in order to:

  • gather feedback to improve our services, for example our email alerts
  • respond to any feedback you send us, if you’ve asked us to
  • send email alerts to users who request them
  • provide you with information about our work
  • monitor use of the site to identify security threats
  • monitor the performance of the site to identify inefficiencies and errors.

We do this to help:

  • make sure is meeting the needs of its users
  • make improvements, for example improving the site search
  • make performance improvements, for example improving page load time and data usage

What we do with your data

The data we collect may be shared with our partner organisations. It may also be shared with our technology suppliers, for example our hosting provider.

We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.

The data we collect with Google Analytics cookies is transferred and stored with Google where we analyse it with Google Analytics software (Universal Analytics). We do not allow Google to use or share this data for their own purposes. We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption.

We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

How long we keep your data

We will only retain your personal data for as long as it is needed for the purposes set out in this document or for as long as the law requires us to. We will:

  • keep your email data until you unsubscribe
  • keep your feedback data for 2 years
  • delete access log data which contain your IP address after 120 days.

Changes to this policy

We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If these changes affect how your personal data is processed, GDS will take reasonable steps to let you know.

Last updated 1 May 2022