This privacy notice was completed by City of York Council (CYC) as the current Chair of the York Access Forum and sets out the processing we do if you join this mailing group. The council will regularly review this privacy notice.
CYC complies with the UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018, and is the registered with the Information Commissioner’s Office (ICO), reference: Z5809563.
CYC is the controller for the personal data we process for this mailing group, unless otherwise stated.
You can contact the council’s Data Protection Officer at:
West OfficesStation Rise
York
YO1 6GA
Telephone: 01904 555719.
Email: information.governance@york.gov.uk.
Download a Word-version of the York Access Forum Privacy Notice. Alternatively, download a pdf-version of the York Access Forum Privacy Notice.
Find more information about the role of the DPO.
This privacy notice should be read in conjunction with other CYC privacy notices that are available in our Privacy Notice.
When appropriate we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this privacy notice.
To help you understand this Privacy Notice including your rights, we've divided it into the following areas:
- How we collect your information
- What personal data we process and why
- Automated decision-making
- Data sharing
- Lawful basis for processing your personal data
- Withdrawing Consent
- How long we keep your personal data
- Do we use any data processors
- Your rights in relation to this processing
- Transfers of your personal data information abroad
- How do we protect your personal data
How we collect your information
We will collect your information when you join the mailing group.
When we collect your personal data, we will:
- ensure you know why we need it
- only ask for what is necessary for the purposes of this group
- protect it and make sure nobody has access to it who shouldn’t
- ensure you know if you have a choice about giving us information
What personal data we process and why
We will ask you:
- your name
- your contact details (email and phone number)
- the name of any organisation you represent
- your dietary requirements
- whether you have a blue badge
- whether you have a support worker / assistant
- whether you require any reasonable adjustments or access support
- whether you need support to exit the building in case of an emergency
The information you provide will be used to keep you up to date about the York Access Forum, ask for your views and to send you invitations for meetings.
Automated decision-making
We do not carry out any automated decision-making when we use your information as set out in this privacy notice.
Data sharing
The information may also be included in presentations, statistics, and reports. Any presentations, statistics and reports for publication or use outside of the authorised council staff, will be anonymised, and cannot be linked back to you or individuals. Reports containing anonymous information may also be shared with the public and other organisations.
We will not use the information for any other purpose than set out in this privacy notice and will not disclose to a third party i.e. other companies or individuals, unless we are required to do so by law for the prevention of crime and detection of fraud, or, in some circumstances, when we feel that you or others are at risk.
CYC does not pass or sell personal data to third parties for marketing, sales, or any other commercial purposes.
Lawful basis for processing your personal data
We process your personal data and special category data as set out in this privacy notice, with your consent. This is our lawful basis and means it is done in accordance with Schedule 1 of the Data Protection Act 2018 (DPA 2018) and:
- UK GDPR Article 6(1)(a) – consent of the data subject
- UK GDPR - Article 9(2)(a) - Explicit consent of the data subject
Some of the Schedule 1 conditions for processing special category require an Appropriate Policy Document to be in place that sets out and explains the procedures for securing compliance with the principles in Article 5 and policies regarding the retention and erasure of such personal data. This document explains this processing and satisfies the requirements of Schedule 1, Part 4 of the DPA 2018 and supplements this privacy notice. You can find this in Our Appropriate Policy Document.
Withdrawing Consent
You can withdraw your consent at any time by email: cycaccessteam@york.gov.uk.
How long we keep your personal data
We will keep the information you give us in CYC’s secure network and make sure it can only be accessed by authorised staff.
We will keep the information only for as long as is necessary as a member of this mailing group and then will securely and confidentially destroy it.
Where required or appropriate, at the end of the retention period we will pass onto the City Archives any relevant information.
Do we use any data processors
Where we use data processors who are third parties to provide elements of services for us, we have contracts or agreements in place with them.
Your rights in relation to this processing
To find out about your rights under data protection law, you can go to the Information Commissioner's Office website.
You can also find information about your rights in our Privacy Notice.
If you have any questions about this privacy notice, want to exercise your rights, or if you have a complaint about how your information has been used, please contact us on email: information.governance@york.gov.uk, or on telephone: 01904 555719, or write to:
Data Protection OfficerCity of York Council
West Offices
Station Rise
York YO1 6GA
Transfers of your personal data information abroad
When it is necessary for us to transfer your personal information outside of the UK this will only be done in accordance with data protection and privacy legislation.
How do we protect your personal data
We are committed to keeping your information safe and secure. There are several ways we do this, such as:
- IT security safeguards such as firewalls, encryption, and anti-virus software
- on-site security safeguards to protect physical files and electronic equipment
- training for all staff and Elected Members
- policies and procedures