Cookie Consent by Free Privacy Policy Generator website

City Of York Council Law Enforcement Processing Privacy Notice

We keep the City of York Council law enforcement processing privacy notice under review. It was last reviewed and updated in June 2023.

When we use your personal data, City of York Council (CYC) complies with data protection, legislation and is the registered ‘Controller’. Our data protection notification is registered with the Information Commissioner’s Office (ICO) – reference Z5809563.

The processing of data for law enforcement purposes can only be done by an organisation which is considered as a ‘competent authority’. Law enforcement purposes are ‘the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security’. The description of a ‘competent authority’ is laid down in data protection law, and includes but is not limited to, organisations such as police forces, the Financial Conduct Authority, and the Information Commissioner. Data Protection Act 2018 (

Guidance on how organisations should process data for ‘law enforcement purposes’ can be found on the Information Commissioner’s Office (ICO) website Data sharing and reuse of data by competent authorities for non-law enforcement purposes.

This Privacy Notice explains how and why we process your personal data, under Part 3 of the Data Protection Act 2018 for law enforcement purposes and the steps we take to keep your information safe.

We are responsible for delivering a wide range of public services and functions. This includes a number of law enforcement functions associated with:

  • Trading Standards
  • Environmental Enforcement
  • Youth Justice Service
  • Children’s Services (for example Non-attendance at school; Child employment; Child performance)
  • Planning
  • Highways
  • Health and Safety

View the privacy and transparency information for all of the City of York Council (CYC).

How we process your personal information for law enforcement purposes

We have a statutory duty to protect the public and the local community. To do this it is necessary for us to process your personal information under the lawful basis of public interest and official authority. This means we process your personal information for carrying out tasks that are laid down in law and collectively described as the administration of justice.

The Administration of Justice, includes:

  • the prevention and detection of crime
  • apprehension and prosecution of offenders
  • protecting life and property
  • preserving order
  • maintenance of law and order
  • national security
  • defending civil proceedings
  • any duty or responsibility of the council arising from common or statute law

Top of page

Whose personal data do we process for law enforcement purposes

To carry out the purposes described above, we may obtain, use, and disclose personal information relating to a wide variety of individuals including but not limited to:

  • offenders and suspected offenders
  • witnesses or reporting persons
  • individuals passing information to us
  • victims/complainants, both current, past, and potential

Top of page

What type of personal information do we process

To carry out our statutory responsibility we will process varying types of personal data, this includes:

  • your name and address
  • employment details
  • financial details
  • racial or ethnic origin
  • religious or other beliefs of a similar nature
  • physical or mental health condition
  • sexual life
  • offences and alleged offences
  • criminal proceedings
  • outcomes and sentences
  • cautions
  • physical identifiers
  • photograph
  • sound and visual images
  • criminal Intelligence
  • information relating to safety
  • incidents and accident details

At this time, we do not process any DNA, fingerprints, other genetic samples, or facial recognition data for law enforcement purposes.

We will use only the minimum amount of personal information necessary to fulfil a particular purpose or purposes.

Personal information can be information that is held on a computer, in a paper record such as a file or images, but it can also include other types of electronically held information such as CCTV images and/or audio recordings.

Top of page

Where we collect personal information from

  • Other law enforcement agencies and Local Authorities
  • Emergency services such as:
    • Police
    • Fire Service
    • National Health Service or Ambulance
    • HM Revenue and Customs
    • licensing authorities
    • legal representatives
  • Other prosecuting authorities such as:
    • solicitors
    • courts
    • partner agencies involved in crime and disorder strategies
    • private sector organisations working with/for us on anti-crime strategies
    • voluntary sector organisations
    • governmental agencies and departments
    • suspected or known perpetrators of offences and relatives
    • guardians or other persons associated with the individual
    • victims
    • witnesses
    • City Of York Council CCTV systems
    • body worn video
    • from correspondence sent to us including anonymous reports and concerns

We may also obtain details from the council’s own information systems, this may include ‘general data’ processed for purposes under Part 2 of the Data Protection Act 2018.

Top of page

How we handle your personal information

We handle personal information according to the requirements of Part 3 of the UK Data Protection Act 2018. Your personal information held on our systems and in our files, is secure and is accessed on a need-to-know basis by our staff, and any data processors working on our behalf.

We will ensure that your personal information is handled fairly and lawfully with appropriate justification. We will only use your information for lawful purposes and in connection with our requirement to prevent crime, bring offenders to justice, and protect the public.

We will strive to ensure that any personal information used by us or on our behalf is of the highest quality in terms of accuracy, relevance, and adequacy and will not be excessive. We will attempt to keep it as up to date as possible and will protect your data from unauthorised access or loss.

We will regularly review your data to ensure it is still required and we have a lawful purpose to continue to retain it. If there is no lawful purpose, then your data will be securely destroyed.

Top of page

Lawful basis for processing your personal data

Any personal data including special category data and criminal offence data that we process about individuals is done in accordance with Article 6, 9 and 10 of the UK GDPR and Schedule 1 of the Data Protection Act 2018 (DPA 2018).

The legal basis for processing your personal data is in accordance with the following:

  • Article 6(1)(c) UK GDPR – Processing is necessary for compliance with a legal obligation
  • Article 6(1)(e) UK GDPR - Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller 

The legal basis for processing your special category data is in accordance with the following:

  • Article 9(2)(b) of the UK GDPR - Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement 
  • Article 9(2)(g) – Processing is necessary for reasons of substantial public interest on the basis of Union or Member State law which is proportionate to the aim pursued and which contains appropriate safeguards

Where we process personal data relating to criminal convictions and offences, this is also under Article 10 UK GDPR that covers processing in relation to criminal convictions and offences or related security measures. In addition, section 11(2) of the DPA 2018 specifically confirms that this includes personal data relating to the alleged commission of offences, or proceedings for an offence committed or alleged to have been committed, including sentencing. 

Some of the Schedule 1 conditions for processing special category and criminal offence data require an Appropriate Policy Document (APD) to be in place, that sets out and explains the procedures for securing compliance with the principles in Article 5 and policies regarding the retention and erasure of such personal data. This document explains this processing and satisfies the requirements of Schedule 1, Part 4 of the DPA 2018 and supplements this privacy notice.

Read the Appropriate Policy Document for the council.

Top of page

Who we share your personal information with

To enable us to meet our statutory duties we may be required to share your data with other organisations that process data for a similar reason or to keep people safe.

These organisations include:

  • the police and other law enforcement agencies
  • partner agencies working on crime reduction initiatives
  • partners in the Criminal Justice arena
  • other local authorities
  • other bodies or individuals where it is necessary to prevent harm to individuals

Disclosures of personal information are considered on a case-by-case basis, using only the personal information appropriate to a specific purpose and circumstances, and with necessary controls in place.

We will also disclose personal information to other bodies or individuals when required to do so, or under an act of legislation, a rule of law, and by court order. This may include:

  • The Police
  • Serious Fraud Office
  • National Fraud Initiative
  • Courts

Top of page

How we keep your personal information safe

We take the security of all personal information under our control very seriously. We maintain compliance with the Public Services Network (PSN) Code of Connection.

We ensure that appropriate policy, training, technical and procedural measures are in place.

Top of page

How long we keep your personal information

We keep your personal information as long as is necessary for the particular purpose or purposes for which it is held.

Top of page

Your rights relating to personal data

To find out about your rights under data protection law, including in relation to processing for law enforcement purposes, you can go to the Information Commissioners Office (ICO).

If you have any questions about this privacy notice, want to exercise your rights, or if you have a complaint about how your information has been used, please contact us on, or on telephone: 01904 554145, or write to:

Data Protection Officer
City of York Council
West Offices
Station Rise
YO1 6GA.

See further details of your rights relating to personal data.

Top of page

Also see

Data Protection Officer

West Offices, Station Rise, York, YO1 6GA

Telephone: 01904 554145