Cookie Consent by Free Privacy Policy Generator Update cookies preferences

Privacy notice

Privacy notice

City of York Council (CYC) current data protection notification is registered with the Information Commissioner’s Office (ICO) – reference Z5809563. We created this privacy notice in August 2023 and it will be kept under regular review.

CYC is committed to ensuring that personal data is handled in accordance with the principles set out in data protection legislation and guidance from the Information Commissioner’s Office (ICO).

This privacy notice tells you what to expect when we collect personal information about you on the Raise York (www.RaiseYork.co.uk) website.

CYC is the controller for this information unless we specifically state otherwise in this privacy notice.

You can contact the council’s Data Protection Officer at:

  • post:
    West Offices, Station Rise, York, YO1 6GA
  • telephone: 01904 554145
  • email: [email protected]

This privacy notice should be read in conjunction with other relevant CYC privacy notices and/or policies and procedures.

When appropriate we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this document.

We get information about you directly from you and other sources such as:

  • internal or external referrals
  • your GP, other health service provider, agencies
  • government departments
  • other local authorities you have had involvement with
  • other organisations such as schools, police, charities

Top of page

We may process your and or your child/ren’s personal data such as · your name

  • your address
  • your contact details
  • your date of birth
  • your relationship to family members
  • financial and employment status
  • your rights and status to live in the UK

We may also process certain ‘special category’ data such as

  • ethnicity information
  • health information
  • details of relationships and sexual orientation
  • religious and philosophical beliefs

We may process your data for reasons such as:

  • you have made an enquiry to us
  • you have made an information request to us
  • you have asked us for a service
  • you subscribe to our newsletter
  • you are representing your organisation

Top of page

We do not carry out any automated decision-making without any human intervention through the Raise York website.

Top of page

Please see our cookies page for further information about the information we collect automatically when you use our website.

Top of page

Where we provide services directly to children or young people, the information in the relevant parts of this notice applies to children and young people, as well as adults.

Top of page

The lawful bases for processing your personal data are set out in Article 6 of the UK GDPR and Schedule 1 of the Data Protection Act 2018 (DPA 2018). At least one of these must apply whenever we process your personal data:

(a) Consent: the individual has given clear consent to us to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).

(d) Vital interests: the processing is necessary to protect someone’s life.

(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply when we are processing data to perform our official tasks as a public authority).

This is supported by the following legal framework:

The lawful bases for processing your special categories of personal data are set out in Article 9 of the UK GDPR and Schedule 1 of the Data Protection Act 2018 (DPA 2018). At least one of these must apply whenever we process your special categories of personal data:

(a) Explicit consent
(b) Employment, social security and social protection (if authorised by law)
(c) Vital interests
(d) Not-for-profit bodies
(e) Made public by the data subject
(f) Legal claims or judicial acts
(g) Reasons of substantial public interest (with a basis in law)
(h) Health or social care (with a basis in law)
(i) Public health (with a basis in law)
(j) Archiving, research and statistics (with a basis in law)

This is supported by Schedule1, Part 2 (6) of the Data Protection Act 2018 and the following legal framework:

Some of the Schedule 1 conditions for processing special category of personal data require an Appropriate Policy Document (APD) to be in place, that sets out and explains the procedures for securing compliance with the principles in Article 5 and policies regarding the retention and erasure of such personal data. This document explains this processing and satisfies the requirements of Schedule 1, Part 4 of the DPA 2018 and supplements this privacy notice.

Our Appropriate Policy Document – City of York Council provides further information about this processing.

Top of page

We will only keep your information for as long as is necessary then it will be securely and confidentially deleted or destroyed.

Top of page

We will always satisfy ourselves that we have a lawful basis on which to share the information and document our decision-making and satisfy ourselves we have a legal basis on which to share the information.

In some circumstances, such as under a court order or safeguarding, we are legally obliged to share information. We may also share information about you with third parties including our data processors, government agencies and external auditors. For example, we may share information about you with HMRC for the purpose of collecting tax and national insurance contributions.

Additionally we are required under the Public Records Act 1958 (as amended) to transfer records to the City or National Archives (TNA) for permanent preservation. Some of these records may include the personal data of our current and former employees. Full consideration will be given to Data Protection and Freedom of Information legislation when making decisions about whether such records should be open to the public.

Top of page

Where we have data processors or third parties providing parts or all of our services for us, we have contracts in place with them.

Top of page

We don’t routinely transfer personal data outside of the UK but when this is necessary we ensure that we have appropriate safeguards in place and that is done in accordance with the UK data protection and privacy legislation.

Top of page

We are committed to keeping your information safe and secure. There are several ways we do this, such as:

  • IT security safeguards such as firewalls, encryption, and anti-virus software
  • on-site security safeguards to protect physical files and electronic equipment
  • training for all staff and elected councillors
  • policies and procedures

Top of page

To find out about your rights under Data Protection law, you can go to the Information Commissioners Office (ICO).

You can also find information about your rights at Our Privacy Notice.

If you have any questions about this Privacy Notice, want to exercise your rights, or if you have a complaint about how your information has been used, contact us at email: [email protected] or telephone: 01904 554145, or write to the:

Data Protection Officer
City of York Council
West Offices
Station Rise
York
YO1 6GA

Top of page

Blue arrow pointing upwards