We created this privacy notice in July 2023 and will keep it under regular review. When we use your personal data, City of York Council (CYC) complies with data protection legislation and is the registered ‘Controller.’ Our data protection notification is registered with the Information Commissioner’s Office (ICO) - reference Z5809563.
CYC is the controller for the personal data we process for this mailing group, unless otherwise stated.
You can contact the council’s Data Protection Officer at:
Data Protection OfficerWest Offices
Station Rise
York
YO1 6GA
- Telephone: 01904 554145
- Email: information.governance@york.gov.uk
You can find more information about the role of the DPO in our Data Protection Policy Statement.
This privacy notice should be read in conjunction with other relevant specific privacy notices that are available in our Privacy Notice.
When appropriate we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this privacy notice.
To help you understand this Privacy Notice including your rights, we have divided it into the following areas:
- Collecting your information
- What personal data we process and why
- Data sharing
- Lawful basis for processing your personal data
- How long we keep your personal data
- Use of data processors
- Your rights in relation to this processing
- Transfers of personal data
- How we protect your personal data
Collecting your information
We will collect your information when you register to attend an event and if you choose to join the networking group.
When we collect your personal data, we will:
- ensure you know why we need it
- only ask for what is necessary for the purposes of attending the event and/or joining the networking group
- protect it and make sure nobody has access to it who shouldn’t
- ensure you know if you have a choice about giving us information
What personal data we process and why
The information we will collect includes your:
- name
- organisation
- role
- contact details
- comments and feedback during an event
When we use Eventbrite to send you invitations, you can find details about how they use personal information in the Eventbrite Privacy Policy.
We may use Mentimeter or other interactive survey systems, you can find details about how they use personal information in the Mentimeter Privacy Policy.
Data sharing
We will use the feedback from the event(s) internally to shape future events and we will only share your personal information with other council services as appropriate, for example business intelligence.
If you chose to opt into the networking opportunity, we will share your name, organisation, role and contact details with others who chose to opt in. We will ask annually if you want to stay in the network which will also allow us to keep the ‘network’ updated.
The information may also be included in presentations, statistics, and reports. Any presentations, statistics and reports for publication or use outside of the authorised council staff, will be anonymised, and cannot be linked back to you or individuals. Reports containing anonymous information may also be shared with the public and other organisations.
We will not use the information for any other purpose than set out in this privacy notice and will not disclose to a third party i.e. other companies or individuals, unless we are required to do so by law for the prevention of crime and detection of fraud, or, in some circumstances, when we feel that you or others are at risk.
CYC does not pass or sell personal data to third parties for marketing, sales, or any other commercial purposes.
Lawful basis for processing your personal data
Participation in our events and the networking opportunity are both voluntary which means we will use your information with your consent. This is our lawful basis and means it is done in accordance with Schedule 1 of the Data Protection Act 2018 (DPA 2018) and:
- UK GDPR Article 6(1)(a) - consent of the data subject
- UK GDPR - Article 9(2)(a) - Explicit consent of the data subject
Some of the Schedule 1 conditions for processing special category require an Appropriate Policy Document to be in place that sets out and explains the procedures for securing compliance with the principles in Article 5 and policies regarding the retention and erasure of such personal data. This document explains this processing and satisfies the requirements of Schedule 1, Part 4 of the DPA 2018 and supplements this privacy notice. You can find this in our Appropriate Policy Document.
You can withdraw your consent at any time by contacting the Carbon Reduction Team on email: carbon.reduction@york.gov.uk.
How long we keep your personal data
We will keep the information you give us at the event(s) for up to three years and then will securely and confidentially destroy it.
We will keep the information you give us for the networking opportunity only for as long as you are a member and then will securely and confidentially destroy it.
Where required or appropriate, at the end of the retention period we will pass onto the City Archives any relevant information.
Use of data processors
Where we use data processors who are third parties to provide elements of services for us, we have contracts or agreements in place with them.
Your rights in relation to this processing
To find out about your rights under data protection law, you can go to the Information Commissioners Office website (ICO).
You can also find information about your rights in our Privacy Notice.
If you have any questions about this privacy notice, want to exercise your rights, or if you have a complaint about how your information has been used, please contact us on email: information.governance@york.gov.uk, or on telephone: 01904 554145 or write to:
Data Protection OfficerWest Offices
Station Rise
York
YO1 6GA
Transfers of your personal data information abroad
When it is necessary for us to transfer your personal information outside of the UK this will only be done in accordance with data protection and privacy legislation.
How we protect your personal data
We are committed to keeping your information safe and secure. There are several ways we do this, such as:
- IT security safeguards such as firewalls, encryption, and anti-virus software
- on-site security safeguards to protect physical files and electronic equipment
- training for all staff and Elected Members
- policies and procedures