We keep the Blue Badge Privacy Notice under review. It was last reviewed and updated in May 2018.

If you have any questions about this Privacy Notice contact the council’s Data Protection Officer.

View the Privacy and transparency information for all of the City of York Council (CYC).

Collecting personal data

The Blue Badge Service will collect personal data about you when you apply for a Blue Badge.


  • only ask you for the personal data that's necessary to provide you with the Blue Badge service
  • protect it and make sure nobody has access to it who shouldn’t
  • ensure you know if you have a choice about giving us personal data
  • make sure we don’t keep it for longer than is necessary

We ask that you:

  • give us accurate information
  • tell us as soon as possible of any changes
  • tell us as soon as possible if you notice mistakes in the personal data we hold about you

If you don't provide the personal data requested by us, we may not be able to provide you with the information you need and/or process a Blue Badge application for you.

See further details about the steps we take when we collect your personal data.

Using personal data

The personal data you give us will be used by The Blue Badge team to:

  • provide you with the information you requested
  • process and resolve an application for a Blue Badge as you have requested

See further details about how we use your personal data.

Sharing personal data

We'll share personal data about you with other services if appropriate.

Sharing data with Parking Services

Once your badge has been issued, certain details may be accessed for enforcement purposes to continue to assess the valid use of your badge, such as:

  • badge number
  • badge expiry date
  • your name
  • your date of birth
  • your contact number
  • the reason for issuing the badge

Data regarding any medical issues will not be available at this point.

Sharing data with external partners

We have a contract in place with a company called Premier Physical Healthcare (PPH) to conduct mobility assessments where required. This does mean your data will be shared with them to allow this process to happen.

PPH must review your application and any supporting documentation in order to aid the assessment process. This information is transferred by a secure, electronic mailing process. View the PPH privacy policy.

The issuing of Blue Badges is a central government directive and while each local authority is responsible for holding the data of it’s customers, there is a central system that we all must use to ‘order and print’ blue badges.

Northgate are the company who have currently been awarded this contract by central government and provide this system for all Local Authorities in the country. Your data will be stored electronically onto a central database owned by Northgate.

Sharing data under Data Protection legislation

We may be required or permitted, under Data Protection legislation, to disclose your personal data without your explicit consent, for example if we have a legal obligation to do so, such as for:

  • law enforcement
  • fraud investigations
  • regulation and licensing
  • criminal prosecutions
  • court proceedings

We must protect public funds and may use personal data and data-matching techniques to detect and prevent fraud, collect taxes and ensure public money is targeted and spent in the most appropriate and cost-effective way. To do this, your personal data may be shared with other bodies responsible for auditing or administering public funds, including the Department for Work and Pensions, HM Revenue and Customs, the Police and other local authorities.

Your personal data will only be shared with someone we know is acting on your behalf when we have your prior consent to do this.

Our legal basis for collecting and sharing personal data

The Blue Badge team uses and collects your personal data as you have applied for a Blue Badge. We require this personal data in order to process a badge for you.

You may have also asked for information that requires us to obtain your personal details to provide an accurate response to your query.

Retaining personal data

We'll keep your personal data by electronic means for as long as your application is valid. This means if you are successful in obtaining a badge, your data will be available for up to 3 years.

If your badge has expired, been cancelled or your application refused, you data will be stored for 6 months. This allows any secondary administrative processes to be completed such as appeals, refunds or re-applications.

Any hard copy application forms received will be scanned into our secure systems, and be destroyed a maximum of 6 months after your application has been resolved.

When we no longer have a need to keep your personal data, we'll delete or destroy it securely.

Further processing of personal data

If we wish to use your personal data for a new purpose, not covered by this Blue Badge Privacy Notice, then we'll provide you with a new notice.

The new notice will:

  • explain this new use before we start the processing
  • set out the relevant purposes and processing conditions

Where and whenever necessary, we'll seek your consent to the new processing, if we start to use your personal data for a purpose not mentioned in this Privacy Notice.

See further details about the further processing of personal data.

Your rights relating to personal data

When we collect your personal data we'll tell you how we are going to use it. Where we process your personal data, you have a number of rights under data protection law.

See further details of your rights relating to personal data.

Also see

Comment on this page