We keep the Web Services Privacy Notice under review; it was last reviewed and updated in October 2023. If you have any questions about this Privacy Notice contact our Data Protection Officer.
This Privacy Notice should be read alongside the main City of York Council (CYC) privacy notice and any relevant service privacy notices.
- Areas covered by this privacy notice
- Personal data
- Collecting personal data
- Using personal data
- Our legal basis for using personal data
- Sharing personal data
- Retaining personal data
- Further processing of personal data
- Your rights relating to personal data
Areas are covered by this privacy notice
This table illustrates which Web Services areas are covered by this privacy notice.
| Service area | Covered by this privacy notice |
|---|---|
| Comment on this page online form | Yes |
| Feedback online form | Yes |
| Emails to webadmin@york.gov.uk | Yes |
| Telephone calls transferred to Web Services | Yes |
| Face to face contact with Web Services | Yes |
| Consultations and surveys undertaken by Web Services | Yes |
| Online forms created within our Content Management System (CMS) | No, these are covered by the service area to which the data is submitted |
| My Account | No, My Account is covered by ICT Services* |
| Accounts outside of My Account | No, these are covered by the service area providing the system with which you have an account* |
| Web Chat | No, Web Chat is covered by Customer Services* |
| Online payments made via the CYC website (Civica) | No, this is covered by ICT Services* |
| Emails to addresses other than webadmin | No, these are covered by the service area receiving the email |
| Online interactions/social media | No, social media is covered by Communications |
| Subdomains of york.gov.uk | No, these are covered by the service area responsible for the service delivered on the domain* |
| Galaxy websites** and online forms within them | No, these are covered by the service area responsible for the service delivered by the galaxy website* |
| Partnership websites (those governed by CYC, either wholly or in partnership, hosted outside of our CMS) and online forms within them | No, these are covered by the service area responsible for the service delivered by the partnership website* |
* These privacy notices are available from the relevant service area (see: Service Privacy Notices) or directly from galaxy websites or partnership websites when you visit.
** A 'galaxy website' is one that's governed by City of York Council (CYC), either wholly or in partnership, and hosted within our content management system (CMS).
Personal data
Our Web Services collect personal data when you:
- contact us via email, telephone or in person
- submit an online form via the CYC website (york.gov.uk), or using one of our 'galaxy websites'
This privacy notice explains how your personal data is used. See further details about how we define personal data and non-personal data.
Collecting personal data
The amount and type of personal data Web Services collect depends on:
- why you're contacting us
- how you're contacting or interacting with us
- the service or information you're requesting
- the nature of the feedback you're providing
In many cases we'll only require your name and email address, but in some cases we'll need more details, which could include 'sensitive' personal data or 'special categories' of personal data. In all circumstances we'll only ask you for the data that's necessary to provide the service you're requesting.
If you don't provide the appropriate personal data we may not be able to:
- provide you with the correct information
- signpost you to the appropriate service area
- help to fix an error, or explain a solution
Our website (nor any galaxy websites, unless otherwise stated in the relevant Privacy Notice) does not store or capture the personal data of users with public access, but do log the IP address of a visitor. This enables us to determine which pages are being viewed and helps us to improve our services. Anonymous information about page visits is collected using Google Analytics.
Our website uses 'strictly necessary' cookies for the general running of the www.york.gov.uk domain, and other cookies to enable functionality across online services during your visit; see our cookies policy, including cookies used by our services areas and sub-domains. We recommend you read the cookie policy for each of our galaxy websites that you visit.
This privacy notice does not cover 'partnership websites' nor 'external websites' we may link to; we encourage you to read the privacy notices on any other websites you visit.
Our website and galaxy websites may include email addresses for external organisations (those addresses that don't contain '@york.gov.uk'); we cannot guarantee what will happen to your personal data if you email an external organisation.
Using personal data
The personal data you give us will be used by Web Services to:
- provide you with the information you've requested
- signpost you to the appropriate service area
- fix an error, or explain a solution
- update internal systems
- inform services to respond/react to a problem you've reported
- improve the service we provide
- shape new services
Some (anonymised) information is used for quality assurance and training purposes within Web Services, this does not include your personal data.
Some (anonymised) information gathered during consultations and surveys set by Web Services is used for 'research and development' within Web Services, this does not include your personal data.
Where Web Services create and administer galaxy websites (those which are governed by CYC, either wholly or in partnership, and hosted within our CMS), the data you submit via those websites, will be:
- submitted via our CMS to the service area responsible for the service delivered by the galaxy website
- used in accordance with the Privacy Notice found on the galaxy website
We encourage you to read the privacy notice (and cookie policy) for any of our galaxy websites that you visit.
Our legal basis for using personal data
Web Services only uses your personal data because you're interacting with us, or with our website or one of our galaxy websites.
We may not be able to do what you've asked us to do, if you don't provide us with your personal data to use in ways described in this privacy notice.
Sharing personal data
We'll share personal data about you with other council services, and on rare occasions, with our content management system (CMS) providers, in order for them to:
- provide you with the information you've requested
- respond to the problem you've reported
- improve the service we provide
- fix an error, or explain a solution
- update internal systems
- shape new services
The providers of our CMS have secure access to it, in order to maintain and upgrade the software; their access is limited to undertaking such tasks.
Web Services (and a limited number of other council officers, where their role requires it) have secure access to our CMS, in order to maintain and administer our website and galaxy websites; their access is specific to their role and the nature of tasks they're required to undertake.
The council services that Web Services may share your personal data with, have their own Privacy Notice; view other Service Privacy Notices.
Sharing data under Data Protection legislation
We may be required or permitted, under data protection legislation, to disclose your personal data without your explicit consent, for example if we have a legal obligation to do so, such as for:
- law enforcement
- fraud investigations
- regulation and licensing
- criminal prosecutions
- court proceedings
We must protect public funds and may use personal data and data-matching techniques to detect and prevent fraud, collect taxes and ensure public money is targeted and spent in the most appropriate and cost-effective way. To do this, your personal data may be shared with other bodies responsible for auditing or administering public funds, including the Department for Work and Pensions, HM Revenue and Customs, the Police and other local authorities.
Retaining personal data
Web Services will keep your personal data for up to 13 months after your last contact with us, which could be for any of the above listed reasons.
This means if we don’t hear from you in that time period, we'll delete your personal data from our CMS and email accounts.
At the end of the retention period, we may pass any relevant information to the City Archives where it is required or appropriate to do so.
Where online forms generated using our CMS submit your personal data to another council service area (either on our website or galaxy websites) those services have their own retention periods set out in their own Privacy Notice; view other Service Privacy Notices.
Further processing of personal data
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice or by another Service Privacy Notice, then we'll provide you with a new notice.
The new notice will:
- explain this new use before we start the processing
- set out the relevant purposes and processing conditions
Where and whenever necessary, we'll seek your consent to the new processing, if we start to use your personal data for a purpose not mentioned in this Privacy Notice.
Your rights relating to personal data
When we collect your personal data we'll tell you how we are going to use it. Where we process your personal data, you have a number of rights under data protection law.
See further details of your rights relating to personal data.
Also see