Cookie Consent by Free Privacy Policy Generator website
Parking and permits

Blue Badge Privacy Notice

City of York Council's (CYC) current data protection notification is registered with the Information Commissioner’s Office (ICO), reference: Z5809563.

We regularly review this privacy notice, and it was last updated in July 2025.

CYC is committed to ensuring that information is handled in accordance with the principles set out in data protection legislation and guidance from the Information Commissioner’s Office (ICO).

This privacy notice tells you what to expect when we process your information, and it applies when you apply for and use a Blue Badge.

CYC is the controller for the personal data we process, unless we specifically state otherwise in this privacy notice.

You can contact the council’s Data Protection Officer at:

West Offices
Station Rise
York
YO1 6GA

Telephone: 01904 554145.

Email: information.governance@york.gov.uk.

This privacy notice should be read in conjunction with other relevant specific privacy notices that are available in our Privacy Notice.

When appropriate we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this privacy notice.

How we collect your information

We get information about you from the following sources:

  • directly from you
  • from third parties acting on your behalf, such as family members, Citizens Advice, advocacy services or other charitable organisations.
  • from our commissioned partners or contractors who undertake work on our behalf
  • from Department for Work and Pensions (DWP)
  • from medical service organisations, for example a GP, hospital, or physiotherapist

Top of page

What personal data we process and why

The Blue Badge scheme is a central government directive owned by the Department for Transport (DfT); however, each local authority is responsible for holding the information for their customers.

We will only process the information that is necessary when you apply for and use a Blue Badge such as

  • name
  • address
  • contact details (email address and phone numbers)
  • date of birth
  • gender
  • town and country of birth
  • marital status
  • National Insurance Number
  • vehicle registration number, if applicable
  • previous Blue Badge details, if applicable
  • proof of identity, such as copies of your driving licence, passport
  • proof of address, such as council tax bill, utility bill
  • details of any person or organisation applying on your behalf
  • details of any person with legal responsibility for you
  • photograph
  • details about your disability, health or long-term condition, pain medication and assessment of your walking ability
  • evidence to support your eligibility for a Blue Badge, such as Certificate of Visual Impairment, evidence of entitlement to benefits or allowances you receive relating to your personal needs

If you make a payment as part of your blue badge application, you can find more details about this on the GOV.UK website: Apply for or renew a Blue Badge.

When using your Blue Badge to access areas of York, to be dropped off or picked up we may also collect:

  • name of the person driving
  • registration number of the car
  • time of drop-off and collection

We will use your information to:

  • process your application
  • process the Blue Badge payment
  • answer any appropriate questions relating to your application or use of a Blue Badge
  • assess your application to see whether it meets one of the automatic qualifying criteria, or if further assessment is required
  • provide you with any relevant advice
  • investigate any instances where a Blue Badge is allegedly being misused
  • carry out our enforcement functions
  • send you letters, email notifications and process online payments
  • create a secure record of your application on our Case Management System (CMS)
  • maintain a register showing the holders of Blue Badges issued by the council and link this to the central badge register called 'Manage Blue Badges'

Following assessment of your application for a Blue Badge, you may be asked to attend an appointment with an expert assessor, where further information may be gathered. We will ask you to participate in a mobility assessment, you are not required to do so but it may affect the outcome of your application if you do not participate.

We may ask you to take part in surveys or consultation to give us your feedback, comments, and opinions. If you choose to take part, you can withdraw your consent at any time by contacting us on email: bluebadge@york.gov.uk.

We may use your information to create reports and statistics that are anonymous and cannot be linked back to you or individuals such as:

  • statistical analysis
  • statutory returns
  • audit framework
  • to see how the council and its partners are supporting individuals
  • to help design better services
  • to inform funding decisions

Top of page

Automated decision-making

We do not carry out any automated decision-making without any human intervention in providing this service.

Top of page

Collecting information automatically

Please see our Cookies Policy for further information about the information we collect automatically when you use our website.

Top of page

Children’s information

Where we provide services directly to children or young people, the information in the relevant parts of this notice applies to children and young people, as well as adults.

Top of page

Lawful basis for processing your personal data

Any personal data including special category data that we process about individuals is done so in accordance with one or more of the following Article 6 and 9 of the UK GDPR and Schedule 1 of the Data Protection Act 2018.

Article 6(1):

  • (c) Legal obligation: the processing is necessary for the council to comply with the law (not including contractual obligations)
  • (e) Public task: the processing is necessary for the council to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law

Article 9(2):

  • (b) Employment, social security, and social protection (if authorised by law)
  • (g) Reasons of substantial public interest (with a basis in law)

This is supported by Schedule1, Part 2 (6) of the Data Protection Act 2018 and the following legal framework:

Some of the Schedule 1 conditions for processing special category data require an Appropriate Policy Document to be in place, which sets out and explains the procedures for securing compliance with the principles in Article 5 and policies regarding the retention and erasure of such personal data. This document explains this processing and satisfies the requirements of Schedule 1, Part 4 of the DPA 2018 and supplements this privacy notice.

See our Appropriate Policy Document.

Top of page

How long we keep your personal data

Blue Badges expire after 3 years. You will need to reapply for your Blue Badge and submit a new application before it has expired.

We will only keep your information for as long as it is needed then it will be securely and confidentially deleted or disposed of.

You can find details on how long the council keeps records in our Retention Schedule.

Top of page

Data sharing

We will only share your information where it is appropriate to, with:

  • other CYC services
  • other councils, government departments and agencies
  • other organisations, such as the NHS
  • third parties including our data processors, partners, or contractors, who undertake work on our behalf
  • internal and external auditors

In some circumstances, such as under a court order or safeguarding, we are legally obliged to share information.

We will always satisfy ourselves that we have a lawful basis on which to share the information and document our decision-making.

We do not pass or sell your information to third parties for marketing, sales or any other commercial purposes without your prior explicit consent.

Additionally, we are required under the Public Records Act 1958 (as amended) to transfer records to the City or National Archives (TNA) for permanent preservation. Full consideration will be given to Data Protection and Freedom of Information legislation when making decisions about whether such records should be open to the public.

Top of page

Data processors and/or third parties

When we have third parties providing parts or all of our services, systems, software, platforms, applications (apps) for us, we have contracts or agreements in place with them. These include:

Top of page

Transfers of personal data

We don’t routinely transfer personal or special categories of personal data outside of the UK, but when this is necessary we ensure that we have appropriate safeguards in place and that is done in accordance with the UK data protection and privacy legislation.

Top of page

How we protect your information

We're committed to keeping your information safe and secure. There are several ways we do this, such as:

  • IT security safeguards such as firewalls, encryption, and anti-virus software
  • on-site security safeguards to protect physical files and electronic equipment
  • training for all staff and elected councillors
  • policies and procedures

Top of page

Your rights in relation to this processing

To find out about your rights under data protection law, you can go to the Information Commissioner's Office website.

You can also find information about your rights in our Privacy Notice.

If you have any questions about this privacy notice, want to exercise your rights, or if you have a complaint about how your information has been used, please contact us on email: information.governance@york.gov.uk, or on telephone: 01904 554145, or write to:

Data Protection Officer
City of York Council
West Offices
Station Rise
York YO1 6GA

Top of page

Also see

Data Protection Officer

West Offices, Station Rise, York, YO1 6GA

Telephone: 01904 554145

Comment on this page