Our corporate privacy notice as well as service specific privacy information.

Information here will help you understand how and why we process your personal data and relates to the whole council. We also have specific privacy notices for each area of the council showing how each service within the council may process your data.

Term Definition
Personal data Any information related to a living person, that could be used to directly or indirectly identify that person.
Special category data

Special category data is personal data which is more sensitive, and so needs more protection. This could be:

  • race and ethnicity;
  • sex life or sexual orientation;
  • medical information (both physical and mental health);
  • religious or philosophical beliefs;
  • biometric data (thumb prints etc);
  • genetics (DNA etc);
  • trade union membership; or
  • political beliefs.
Data controller An organisation or individual that determines why personal data is been collected and is responsible for the security of that data.
Data processor A contractor, organisation or individual (not an employee) who uses personal data on behalf of the data controller.
Data processing Any action taken with personal data.  This includes the collection, use, disclosure, destruction and holding of data.
Data subject A living person who the personal data is about.
Data protection officer The role of the data protection officer (DPO) is to make sure that the organisation processes personal data in compliance with data protection law.
Consent A freely given choice about how personal data is used in an organisation (for example, opting in to marketing emails).

North Yorkshire County Council is a ‘data controller’ as defined by Article 4(7) of the General Data Protection Regulation (GDPR). This means that we have a duty of care towards the personal data that we collect and use. 

We have appointed Veritau Ltd to be our data protection officer. Their contact details are:

Data Protection Officer
Veritau Ltd
County Hall
Racecourse Lane
Northallerton
DL7 8AL
infogov@northyorks.gov.uk
01609 532526

In order to provide our services, we need to collect and use your personal data and sometimes your special category personal data.

We will only collect the data we need. If we don’t need your personal data we will keep it anonymous (which means you can’t be identified).

We collect this data so that we can:

  • deliver, manage, and check the quality of services that we offer;
  • investigate complaints or concerns raised by you or other individuals; and
  • assist with the research and planning of new council services.

We may hold your name, contact details, and address on our databases so that we can provide services to you, and easily identify you if you contact us. This includes our customer contact system, departmental back office systems, and our online systems. Council officers may only access your personal data if they need it for a task they are working on. There are procedures and checks in place to ensure that our staff can not use your data for their own personal benefit.

Third party processors

In order to deliver the best possible service we often use third party organisations. These organisations will sometimes need access to your personal data in order to complete their work. If we do use a third party organisation we will always have an agreement in place to ensure that the other organisation keeps your data secure.

Other organisations

Sometimes we have to pass your data to other organisations. This could be because of a legal requirement or because a court orders us to do so. For example, we may need to share information with the police to help prevent or detect a crime. We may not have to tell you if we do share with other organisations in this way.

Statutory functions

Our internal auditors, counter fraud service, data protection officer, and external auditors may also have access to your personal data in order to complete their work. We will only share personal data with another organisation if we have a lawful basis to do so, and we will always keep records of when your data has been disclosed to another organisation.

National Fraud Initiative

We also collect and use your data for the National Fraud Initiative (NFI)

We are committed to keeping the personal data that we hold safe from loss, corruption or theft. There are several ways we do this, including:

  • training for all staff and elected councillors on how to handle personal data;
  • policies and procedures detailing what council officers can and can not do with personal data;
  • IT security safeguards such as firewalls, encryption, and anti-virus software; and
  • on site security safeguards to protect physical files and electronic equipment.

Unless we are using your data based on consent or to carry out obligations under contract, then we are using our legal powers. There are various different legal reasons for us to collect and use your personal data. The service specific privacy notices, which can be found at the end of this page, will tell you which legal power we are using according to which council service is using your data.

We will only keep your personal data for as long as it is needed for the purpose it was collected for, or for as long as is required by legislation. There are different retention periods for different types of information. The service specific privacy notices, which can be found at the end of this notice, will tell you how long each service area may keep your information for.

Usually, the information that we hold is all held within the UK. However, some information may be held on computer servers which are outside of the UK. We will take all reasonable steps to make sure your data is not processed in a country that the UK government does not see as ‘safe’. If we do need to send your data out of the EU we will ensure it has extra protection from loss or unauthorised access. 

Data protection legislation gives you, the data subject, a number of rights in regards to your personal information. You can find out about your data protection and subject access rights here.

If you have concerns about the way in which we have handled your personal data then please contact our data protection officer:  

Data Protection Officer
Veritau Ltd
County Hall
Racecourse Lane
Northallerton
DL7 8AL
infogov@northyorks.gov.uk
01609 532526

You can complain to the Information Commissioner’s Office (the data protection regulator) about the way in which we have handled your personal data:

First Contact Team 
Information Commissioner’s Office
Wycliffe House 
Water Lane 
Wilmslow Cheshire
SK9 5AF
casework@ico.gsi.gov.uk
03031 231113 
www.ico.org.uk

Privacy notices from other areas of the council

These documents are currently being revised and will be updated very shortly.

These documents are currently being revised and will be updated very shortly.

These documents are currently being revised and will be updated very shortly.

These documents are currently being revised and will be updated very shortly.

All public and private organisations are legally obliged to protect any personal information they hold. North Yorkshire County Council is the ‘data controller’ for your information. This means that the council has a duty of care towards the personal data that we collect and use.

We have appointed Veritau Ltd to be our data protection officer. Their contact details are:

Information Governance Office
Veritau Ltd
County Hall
Racecourse Lane
Northallerton
DL7 8AL

What do we mean by personal information?

We need to record some very basic details about our customers. Some of the details we ask for are mandatory. The mandatory information we ask for includes your full name, date of birth, address and postcode. The other details we ask for are non-mandatory and you do not have to supply them. We ask for these extra details because they help us to monitor and improve our services. The non-mandatory information we ask for includes your email, telephone number and disability information.

What is my personal information used for?

We use your personal information for our membership records and to provide the services you have subscribed to. We use your personal information to identify you when you contact us (in these situations we will ask you to confirm some of your personal details). On some occasions we use your personal information to contact you (this is explained in further detail below). We use your anonymised information for statistical analysis and to monitor and improve our services.

Who can view my personal information?

There are two North Yorkshire County Council departments that have secure access to your personal information. These are the library service and the customer resolution centre. 

Some of our libraries are provided in partnership with local community organisations and your personal details will be securely available to volunteers who help us to operate our community library service. Volunteers are bound by the same data protection requirements as paid staff.

Your personal information will be not be sold or disclosed to any third parties unless required by law.

How do you store my personal details?

We only store your personal information when volunteered to us by you. The information you provide is administered by employees of the North Yorkshire library and information service and our community library partners. When you join the library your personal information is entered into our electronic library management system.

Your library membership needs renewing every three years. Your library membership will become deactivated and your data deleted or anonymised 24 months after your ticket expires and / or if there has been no activity within this time. We will not contact you when your account becomes deactivated.

You have the right to have any personal information amended at any time. You also have a right to withdraw your consent at any time and to have your information deleted. Providing there are no outstanding loans or charges on your account and you are not a guarantor you have the right to have any personal information removed from our systems and records. 

How will you contact me?

On occasion we will use your personal information to contact you at the address, email or phone number you have provided us with. Your personal information will not be sold or disclosed to any third parties.

If you provide an email address or telephone number we will be able to notify you about matters relating to your library account e.g. items due for return or collection. 

Your library membership needs renewing every three years. If you provide an email address you will be sent two emails informing you that your membership is due to expire - one 21 days before expiry and one three days before expiry. 

We would like to send you occasional emails to keep you informed about the benefits of your library membership (e.g. new online resources, special promotions), events and activities happening at a library near you or to invite you to share your views on the library service and its future development. We do require you to opt-in for this service and that can be done by accessing the contact preferences section online at My Library Account, or in person by speaking to a member of staff or volunteer at any North Yorkshire library. These emails will only relate to North Yorkshire library matters and we will not share your details with third parties. You can opt out at any time by logging into your library account or contacting a North Yorkshire library.

Privacy and our public network computers

When you book a people’s network session we are able to view the date and time of your session, your name and library membership number. This information is stored on our secure computer booking system. 

We also make use of software to gauge customer demand on our peoples network computers. The software we employ is used to evaluate and improve our services and no personal information is collected this way. Anyone who wishes to use our people’s network computers must read and accept the terms of our  acceptable use agreement (pdf / 29 KB).

North Yorkshire library and information service reserves the right to refuse or terminate a public computer session if we believe our acceptable use agreement is being violated or there is some form of inappropriate activity taking place. 

Privacy when asking a question

We aim to be discreet in responding to enquiries of a personal or sensitive nature, especially when they are made in person. We also endeavor to protect your confidentiality when dealing with any questions or issues you raise (this includes telephone and email enquiries).

Please note that libraries are public spaces and it is possible for conversations to be heard by other customers. We remind customers to be cautious when making enquiries of a personal or sensitive nature.

How to make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint and to check on the level of service we provide. More information about complaints about council services is available here.

If you are not happy with the outcome of any complaint you make to us about data protection you have the right to lodge a complaint with the Information Commissioner's Office. You can contact them via the ICO website.

How to get a copy of your information

If you wish to see the information the council holds about you, or have any questions about how the council handles your personal information, you can contact our information governance team at infogov@northyorks.gov.uk.

The council is subject to the requirements of the Freedom of Information Act 2000 and the Environmental Information Regulations 2004.

This notice should be read in conjunction with the council's overall privacy notice which can be read on the current page, above.

These documents are currently being revised and will be updated very shortly.

These documents are currently being revised and will be updated very shortly.

Rate this page