Cookie Consent by Free Privacy Policy Generator website
Business

UK Shared Prosperity Fund Privacy Notice

City of York Council (CYC) current data protection notification is registered with the Information Commissioner’s Office (ICO) – reference Z5809563. We regularly review this privacy notice, and it was last updated in March 2025.

CYC is committed to ensuring that your information is handled in accordance with the principles set out in data protection legislation and guidance from the Information Commissioner’s Office (ICO).

This privacy notice tells you what to expect when we process your information and it applies to the administration and management of the UK Shared Prosperity Fund (UK SPF), or those participating in UK SPF funded services and activities.

CYC is the controller for the personal data we process unless we specifically state otherwise in this privacy notice.

You can contact the council’s Data Protection Officer at information.governance@york.gov.uk or 01904 554145, or write to:

Data Protection Officer
City of York Council
West Offices
Station Rise
York
YO1 6GA

This privacy notice should be read in conjunction with other CYC privacy notices that are available in our Privacy Notice and/or CYC policies and procedures.

When appropriate we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this privacy notice.

How we collect your information

We get information about you from the following sources:

  • directly from you
  • third parties responsible for delivering UK SPF projects in which you are participating
  • from our commissioned partners or contractors who undertake work on our behalf

Top of page

What personal data we process and why

We process the following personal data:

  • name
  • addresses
  • email address
  • demographic and company information about your business
  • protected characteristics - this will tell us how well we have been able to reach and offer support to as many groups of people as possible

We will use your information as you have applied to participate in a service or activity provided by the UK SPF fund, and we need this information to ensure you meet eligibility criteria. This will include information on the deliverability of the project, strategic fit, impact, and value for money.

If you choose to take part in our surveys or consultations, we will also collect your comments, feedback and opinions. You can withdraw your consent to these at any time by contacting UKsharedprosperityfund@york.gov.uk

We may use some information about your organisation and project in case studies, or as part of our reporting processes but we will ask for your consent to do this. Where we use photos as part of our case studies you can find out more information about what we may do with your information via Communications Team including photos, filming and recording Privacy Notice

We may use your information to create reports and statistics that are anonymous and cannot be linked back to you, your family, or individuals such as:

  • statistical analysis
  • statutory returns
  • audit framework
  • see how the council and its partners are supporting individuals
  • help design better services
  • inform funding decisions

Top of page

Automated decision-making

We do not carry out any automated decision-making without any human intervention in this Programme.

Top of page

Collecting information automatically

Please see our cookies page for further information about the information we collect automatically when you use our website.

Top of page

Childrens information

Where we provide services directly to children or young people, the information in the relevant parts of this notice applies to children and young people, as well as adults.

Top of page

Lawful basis for processing your personal data

Any personal data, special category data that we process about individuals is done so in accordance with one or more of the following Articles 6 and 9 of the UK GDPR and Schedule 1 of the Data Protection Act 2018 (DPA 2018).

Article 6(1)

  • (a) Consent: the individual has given clear consent for the council to process their personal data for a specific purpose.
  • (e) Public task: the processing is necessary for the council to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

Article 9(2)

  • (a) Explicit consent

Some of the Schedule 1 conditions for processing special category and criminal offence data require an Appropriate Policy Document (APD) to be in place, which sets out and explains the procedures for securing compliance with the principles in Article 5 and policies regarding the retention and erasure of such personal data. This document explains this processing and satisfies the requirements of Schedule 1, Part 4 of the DPA 2018 and supplements this privacy notice

Our Appropriate Policy Document provides further information about this processing.

Top of page

How long we keep your personal data

We will only keep your information for as long as it is needed then it will be securely and confidentially deleted or disposed of.

You can find details on how long the council keeps records at Retention Schedule.

Top of page

Data sharing

We will only share your information where it is appropriate to, with:

  • other CYC services
  • other councils, government departments and agencies
  • third parties including our data processors, partners or contractors, who undertake work on our behalf
  • >third parties responsible for delivering UK SPF projects in which you are participating
  • internal and external auditors

In some circumstances, such as under a court order or safeguarding, we are legally obliged to share your information.

We will always satisfy ourselves that we have a lawful basis on which to share the information and document our decision-making.

Additionally, we are required under the Public Records Act 1958 (as amended) to transfer records to the City or National Archives (TNA) for permanent preservation. Full consideration will be given to Data Protection and Freedom of Information legislation when making decisions about whether such records should be open to the public.

Top of page

Data processors and third parties

When we have third parties providing parts or all of our services for us, we have contracts or agreements in place with them. These include:

Top of page

Transfers of personal data

We do not routinely transfer personal data or special categories of personal data outside of the UK but when this is necessary, we ensure that we have appropriate safeguards in place and that is done in accordance with the UK data protection and privacy legislation.

Top of page

How we protect your personal data

We are committed to keeping your information safe and secure. There are several ways we do this, such as:

  • IT security safeguards such as firewalls, encryption, and anti-virus software
  • on-site security safeguards to protect physical files and electronic equipment
  • training for all staff and elected councillors
  • policies and procedures

Top of page

Your rights relating to personal data

To find out about your rights under data protection law, you can go to the Information Commissioners Office (ICO) website.

You can also find information about your rights in our Privacy Notice.

If you have any questions about this privacy notice, want to exercise your rights, or if you have a complaint about how your information has been used, please contact us on email: information.governance@york.gov.uk, or on telephone: 01904 554145, or write to:

Data Protection Officer
City of York Council
West Offices
Station Rise
York YO1 6GA

Top of page

Also see

Data Protection Officer

West Offices, Station Rise, York, YO1 6GA

Telephone: 01904 554145

Comment on this page