Your council

Customer Service Privacy Notice

City of York Council (CYC) current data protection notification is registered with the Information Commissioner’s Office (ICO) – reference Z5809563. We regularly review this privacy notice, and it was last updated in May 2025.

CYC is committed to ensuring that personal data is handled in accordance with the principles set out in data protection legislation and guidance from the Information Commissioner’s Office (ICO).

This privacy notice tells you what to expect when Customer Service’s processes your information which will vary depending on why and how you are contacting or interacting with us, and the service or information you are requesting. The table below sets out which customer service departments and contact methods are included within this privacy notice.

Service area Phone contact Face to face contact Email contact
Operator switchboard Yes No No
Council Tax Yes Yes Yes
Housing Benefit Yes Yes No
Parking Yes Yes No
Planning Yes No Yes
Concessionary travel Yes Yes Yes
Register Office Yes No No
Electoral services Yes Yes No
Waste, highways and environmental services Yes No Yes
West Offices helpdesk No Yes No

CYC is the controller for the personal data we process, unless otherwise stated. You can contact the council’s Data Protection Officer at:

West Offices
Station Rise
York
YO1 6GA

Telephone: 01904 555719.

Email: information.governance@york.gov.uk.

This privacy notice should be read in conjunction with other relevant CYC privacy notices and/or policies and procedures.

When appropriate we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this document. 

How do we get your information

We get information about you from the following sources:

  • directly from you
  • from third parties acting on your behalf such as family member(s), advocates, etc 
  • from our commissioned partners or contractors who undertake work on our behalf 
  • from external agencies and government departments such as other councils; the NHS; Department of Work and Pensions; Department of Health and Social Care (DHSC)

Top of page

What personal data we process and why

We will only ask you for the information that is necessary to provide you with the service you are contacting us about.

This may simply mean providing your name and address but for some services, we will need more details and sometimes special categories of personal data, for example, if you are applying for an assisted waste collection, we may need information about your health.

We will use your information to:

  • provide you with the information or service you have requested
  • make the application for the service you have requested
  • update internal systems to ensure our records remain accurate and up to date based on the information you provide
  • to inform services to respond to the problem you have reported
  • book your appointment with the required service
  • record details of our interaction with you on the appropriate council system
  • send you newsletters and updates that you have asked to receive

We may use information to create reports and statistics that are anonymous which cannot be linked back to you or to individuals, such as:

  • informing market development
  • statistical analysis
  • statutory returns
  • ensuring service quality 
  • inform service improvements

We may ask you to take part in surveys, consultation, or other events to get your feedback and opinions on our services. When we do this, we will ask for your consent. You can withdraw your consent at any time by contacting:

Where we use platforms, systems, or apps such as WhatsApp to contact you, provide secure online conversations, hold meetings, and so on we will let you know.

Top of page

Automated decision-making

We do not carry out any automated decision-making in Customer Service.

Top of page

Collecting information automatically

Please see our cookies page for further information about the information we collect automatically when you use our website.

Top of page

Childrens’ information

Where we provide services directly to children or young people, the information in the relevant parts of this notice applies to children and young people, as well as adults.

Top of page

Lawful basis for processing your personal data

Any personal data including special category data that we process about individuals is done so in accordance with one or more of the below Article 6 and 9 of the UK GDPR and Schedule 1 of the Data Protection Act 2018 (DPA 2018)

  • Article 6(1):
    • (a) Consent: the individual has given clear consent for the council to process their personal data for a specific purpose.
    • (c) Legal obligation: the processing is necessary for the council to comply with the law (not including contractual obligations).
    • (e) Public task: the processing is necessary for the council to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
    • (f) Legitimate interests: the processing is necessary for the council’s legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
  • Article 9(2):
    • (a) Explicit consent
    • (b) Employment, social security, and social protection (if authorised by law)
    • (g) Reasons of substantial public interest (with a basis in law)
    • (h) Health or social care (with a basis in law)

This is supported by Schedule 1, Part 2 (6) of the Data Protection Act 2018 and the legal frameworks such as:

  • Digital Economy Act 2017
  • Digital Government Regulations 2018
  • Local Government Act 2003
  • Localism Act 2011
  • Social Security Administration Act 1992
  • Housing Benefit Regulations 2006
  • Local Government Finance Act 2012

Some of the Schedule 1 conditions for processing special category and criminal offence data require an Appropriate Policy Document (APD) to be in place, which sets out and explains the procedures for securing compliance with the principles in Article 5 and policies regarding the retention and erasure of such personal data. This document explains this processing and satisfies the requirements of Schedule 1, Part 4 of the DPA 2018 and supplements this privacy notice.

Our Appropriate Policy Document provides further information about this processing.

Top of page

How long we keep your personal data

Customer Service will keep your personal data for 13 months after your last enquiry with us closes.

This means if we don’t hear from you in that time period, we'll delete your personal data from the customer service system.

Top of page

Data sharing

We will share your information with other Council Services for them to:

  • provide you with the information or service you have requested
  • decide on your application for the service you have requested
  • confirm to you when changes to your information are updated
  • respond to the problem you have reported
  • prepare for your appointment with the required service
  • to offer you social welfare support, information, and advice

You can find out more about what other council service area’s do with your information at in our Privacy Notice. For other advice and support services, see sharing information with advice providers.

In some circumstances, such as under a court order or safeguarding, we are legally obliged to share information. We may also share information about you with third parties including our data processors, government agencies and external auditors.

The council must protect public funds and may use personal data and data-matching techniques to detect and prevent fraud, collect taxes, and ensure public money is targeted and spent in the most appropriate and cost-effective way. To do this, we may share your personal data with other bodies responsible for auditing or administering public funds including the Audit Commission, the Department for Work and Pensions, other local authorities, HM Revenue and Customs, and the Police.

We will always satisfy ourselves that we have a lawful basis on which to share the information and document our decision-making.

Additionally, we are required under the Public Records Act 1958 (as amended) to transfer records to the City or National Archives (TNA) for permanent preservation. Full consideration will be given to Data Protection and Freedom of Information legislation when making decisions about whether such records should be open to the public.

Top of page

Data processors and/or third parties

Where we have third parties providing parts or all our services for us, we have contracts or agreements in place with them such as 

Top of page

Transfers of personal data

We do not routinely transfer personal data outside of the UK but when this is necessary, we ensure that we have appropriate safeguards in place and that is done in accordance with the UK data protection and privacy legislation.

Top of page

How we protect your information

We are committed to keeping your information safe and secure. There are several ways we do this, such as:

  • IT security safeguards such as firewalls, encryption, and anti-virus software
  • on-site security safeguards to protect physical files and electronic equipment
  • training for all staff and elected councillors
  • policies and procedures

Top of page

Your rights in relation to this processing

To find out about your rights under Data Protection law, you can go to the Information Commissioners Office (ICO).

You can also find information about your rights at Our Privacy Notice.

If you have any questions about this Privacy Notice, want to exercise your rights, or if you have a complaint about how your information has been used, please contact us at information.governance@york.gov.uk or 01904 555719, or write to the:

Data Protection Officer
City of York Council
West Offices
Station Rise
York YO1 6GA

Top of page

Also see

Data Protection Officer

West Offices, Station Rise, York, YO1 6GA

Telephone: 01904 555719

Comment on this page