Planning and building

Strategic Planning Policy Privacy Notice

City of York Council (CYC) current data protection notification is registered with the Information Commissioner’s Office (ICO) – reference Z5809563. We regularly review this privacy notice, and it was last updated in March 2026.

CYC is committed to ensuring that personal data is handled in accordance with the principles set out in data protection legislation and guidance from the Information Commissioner’s Office (ICO).

This privacy notice tells you what to expect when we process your information, and it applies to the Council’s Strategic Planning Policy such as the Local Plan and the Minerals and Waste Joint Plan.

CYC is the controller for this information unless we specifically state otherwise in this privacy notice.

You can contact the council’s Data Protection Officer at:

West Offices
Station Rise
York
YO1 6GA

Telephone: 01904 555719.

Email: information.governance@york.gov.uk.

This privacy notice should be read in conjunction with other CYC privacy notices that are available in our Privacy Notice and/or CYC policies and procedures.

When appropriate we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this document.

How we collect your information

We get information about you from the following sources:

  • directly from you or from your organisation
  • from third parties acting on your behalf such as family members, advocates, appointed agents or representatives
  • from our commissioned partners or contractors who undertake work on our behalf

Top of page

What personal data we process and why

We process the following personal and special categories of personal data such as:

  • your name and personal contact details and those of your agent, if relevant
  • organisation name, address, and email
  • your ID number, if provided
  • your opinions, thoughts, and feedback
  • your representations
  • details of your land ownership
  • photograph/image
  • audio and video recordings

We use the information you give us to ensure the Council meets its statutory and national planning policy requirements such as:

  • plan-preparation, including the Local Plan, Minerals and Waste Joint Plan and Neighbourhood Plans
  • plan delivery, including Supplementary Planning Documents, Community Infrastructure Levy, Annual Monitoring Report, Statement of Community Involvement, and guidance notes
  • plan-making inputs, including the evidence base, Sustainability Appraisal, Habitats Regulations assessment and Heritage Impact Assessment

In the preparation of plan-making there is a requirement to engage with various consultation bodies and members of the public. The local planning authority is required under planning regulations to publish a detailed statement on representations received after each consultation stage. Individuals’ names and organisation names may be published within these reports for reasons of transparency. These reports are required to be submitted to the Secretary of State for Housing, Communities and Local Government, and to the Planning Inspectorate or appointed Examiners as part of the plan Examination process.

As part of the process of Plan preparation the Council needs to make information available for public inspection, which we do by publishing on our website and making paper copies available on request. We will only make available or publish the information we have to do to meet our legal obligations. This may include:

  • your name, or the name of the organisation you represent
  • your ID number, if provided
  • your comments/representations - where the information supplied by you or on your behalf is in relation to housing or employment sites, it will form part of databases for developable land and for the purpose of producing the Strategic Housing and Employment Land Availability Assessment and Brownfield Land Register

In plan-preparation and some aspects of plan delivery we are required by law to share information with the Planning Inspectorate or Examiner appointed to undertake a plan Examination. This includes:

  • your name
  • organisation, where relevant
  • your ID number, if provided
  • your contact address and telephone number
  • your email address, if provided
  • your comments

You can find information on how the Planning Inspectorate uses your personal data, in the Planning Inspectorate Privacy Notice.

We will ask for your consent:

  • to take part in surveys, consultation or other events to get your feedback
  • to take your photo, video and audio record. You can find more information about how the council uses photos, videos and audio recordings in the Communications Team including photos, filming and recording Privacy Notice
  • to contact you about consultations or, if you have requested to be notified of the submission of a Plan for examination, the publication of the Inspectors’ or Examiner’s recommendations and Plan adoption

You can withdraw your consent at any time by email: localplan@york.gov.uk.

When you make an online payment on the council’s website, you can find details at Online Payments Privacy Notice – City of York Council.

If you choose to subscribe to council updates, you can find more details on how to subscribe to email updates.

See the City of York Council Email Updates Privacy Notice.

You can also find information about webcasting at public meetings.

Use of Artificial Intelligence (AI)

We may use Artificial Intelligence (AI) technologies to support or enhance council services. Where AI is involved in a process that directly affects your interaction with us, we will inform you before your user journey begins. This ensures transparency and helps maintain trust in how we use AI.

Our use of AI complies with the UK General Data Protection Regulation (UK GDPR), including the principles of lawfulness, fairness, transparency, accountability, and accuracy. We conduct Data Protection Impact Assessments (DPIAs) where AI systems are likely to result in high risks to individuals’ rights and freedoms, such as automated decision-making or profiling.

If generative AI tools are used, we do not use personal or end-user data to train AI models. This helps ensure compliance with the purpose limitation and data minimisation principles under UK GDPR.

AI for Staff Productivity and Accessibility

Where AI tools are used solely by staff to assist with drafting, research, or accessibility - for example, to improve writing efficiency or summarise information - these uses do not form part of a business process that affects service delivery or decision-making. As such, no specific notification will be provided for these internal productivity uses.

These uses are considered low-risk and do not involve automated decision-making that produces legal or similarly significant effects. They are also subject to internal governance and safeguards to ensure responsible use.

Examples include:

  • Drafting internal reports or meeting notes
  • Summarising lengthy documents for quicker review
  • Assisting with spelling, grammar, or formatting tasks

We may use your information to create reports and statistics that are anonymous and cannot be linked back to you or individuals such as:

  • for statistical analysis
  • for statutory returns
  • for audit framework
  • to help design better services
  • to inform funding decisions

Top of page

Automated decision-making

We do not carry out any automated decision-making in the delivery of our Strategic Planning Policy.

Top of page

Collecting information automatically

Please see our Cookies Policy for further information about the information we collect automatically when you use our website.

Top of page

Children’s information

Where we provide services directly to children or young people, the information in the relevant parts of this notice applies to children and young people, as well as adults.

Top of page

Lawful basis for processing your personal data

Any personal and special category data that we process about individuals is done so in accordance with one or more of the following Articles 6 and 9 of the UK GDPR and Schedule 1 of the Data Protection Act 2018 (DPA 2018).

Article 6(1):

  • (a) Consent: the individual has given clear consent for the council to process their personal data for a specific purpose
  • (c) Legal obligation: the processing is necessary for the council to comply with the law (not including contractual obligations)
  • (e) Public task: the processing is necessary for the council to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
  • (f) Legitimate interests: the processing is necessary for the council’s legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests (this does not apply to the council processing data to perform our official tasks)

Article 9(2):

  • (a) Explicit consent
  • (g) Reasons of substantial public interest (with a basis in law)

This is supported by Schedule1, Part 2 (6) of the Data Protection Act 2018 and the following legal framework:

  • The Localism Act (2011)
  • The Planning and Compulsory Purchase Act (2004) (as amended)
  • The National Planning Policy Framework (2018) and associated regulations
  • The Community Infrastructure Levy Regulations 2010 (as amended)
  • The Town and Country Planning (Local Planning) (England) Regulations 2012, including but not limited to Reg 22 (1c), Reg 22 (3aii), Reg 35 (1)(a) and (b)
  • The Town and Country Planning (Brownfield Land Register) Regulations 2017
  • The Neighbourhood Planning (General) Regulations 2012

Some of the Schedule 1 conditions for processing special category data require an Appropriate Policy Document (APD) to be in place, which sets out and explains the procedures for securing compliance with the principles in Article 5 and policies regarding the retention and erasure of such personal data. This document explains this processing and satisfies the requirements of Schedule 1, Part 4 of the DPA 2018 and supplements this privacy notice.

Our Appropriate Policy Document provides further information about this processing.

Top of page

How long we keep your personal data

We will only keep your information for as long as it is needed and then it will be securely and confidentially deleted or destroyed.

You can find details on how long the council keeps records in our Retention Schedule.

Top of page

Data sharing

We will only share your information where it is appropriate to, with:

  • other CYC services
  • other councils, government departments and agencies such as Planning Inspectorate, Examiners and Secretary of State for Housing, Communities and Local Government
  • other organisations, such as NHS and the Police.
  • third parties including our data processors, partners or contractors, who undertake work on our behalf
  • internal and external auditors

In some circumstances, such as under a court order or safeguarding, we are legally obliged to share your information.

We will always satisfy ourselves that we have a lawful basis on which to share the information and document our decision-making.

Additionally, we are required under the Public Records Act 1958 (as amended) to transfer records to the City or National Archives (TNA) for permanent preservation. Full consideration will be given to Data Protection and Freedom of Information legislation when making decisions about whether such records should be open to the public.

Top of page

Data processors and/or third parties

When we have third parties providing parts or all of our services, systems, software, platforms, applications (apps) for us, we have contracts or agreements in place with them. These include:

Top of page

Transfers of personal data

We do not routinely transfer personal data or special categories of personal data outside of the UK, but when this is necessary, we ensure that we have appropriate safeguards in place and that is done in accordance with the UK data protection and privacy legislation.

Top of page

How we protect your information

We're committed to keeping your information safe and secure. There are several ways we do this, such as:

  • IT security safeguards such as firewalls, encryption, and anti-virus software
  • on-site security safeguards to protect physical files and electronic equipment
  • training for all staff and elected councillors
  • policies and procedures

Top of page

Your rights in relation to this processing

To find out about your rights under data protection law, you can go to the Information Commissioner's Office website.

You can also find information about your rights in our Privacy Notice.

If you have any questions about this privacy notice, want to exercise your rights, or if you have a complaint about how your information has been used, please contact us on email: information.governance@york.gov.uk, or on telephone: 01904 555719, or write to:

Data Protection Officer
City of York Council
West Offices
Station Rise
York YO1 6GA

Top of page

Also see

Data Protection Officer

West Offices, Station Rise, York, YO1 6GA

Telephone: 01904 555719

Comment on this page