Microsoft bookings privacy notice

This privacy notice is designed to help you understand how and why we process your personal data in relation to Microsoft bookings. This notice should be read in conjunction with our corporate privacy notice.

Who are we?

North Yorkshire Council (NYC) is a ‘data controller’ as defined by Article 4(7) of the UK General Data Protection Regulation (UK GDPR). Teams across NYC may use the Microsoft bookings solution to allow customers to book appointments for different services, allowing for the automation of resource assignments and email reminders to the customers booked on.

We have appointed Veritau Ltd to be our data protection officer. Their contact details are:

Information Governance Office


West Offices

Station Rise


North Yorkshire



Tel: 01904 552848

What personal information do we collect?

We will process the following personal information:

  • name
  • customer email address

We may also be required to process the below personal information:

  • telephone number
  • customer address

The information used will be the information you enter into the MS bookings form. Some forms may only require your full name and email address, whereas some may also request a contact number and address depending on the service you’re booking.

Why do we collect your personal information?

We require your name, email address and telephone number so that we can confirm your booking and share relevant information with you in relation to your booking as well as responding to queries/issues with bookings.

We may require an address to ensure we’re able to book you in at a location most local to you.

Who do we share this information with?

Sometimes we work in conjunction with companies, event providers and other organisations, such as professional organisations in order to provide bookable services, and it may be necessary to share your data with these.

You will be informed about the specific organisations we will share with for each service you book using one of our Microsoft Bookings solutions.

How long do we keep your information for?

Data held

Retention Period

Data relating to temporary services

All booking information is deleted 1 month after the temporary service ends or until you withdraw consent. (Whichever is first).

Data relating to continually ran services

Data is destroyed 1 month following your attendance to your booking or until you withdraw consent. (Whichever is first).

What is our lawful basis for processing your information?

We rely on the following lawful basis to process your personal data:

  • UK GDPR Article 6 (1)(f) – for other event types, the processing is necessary for the purposes of the legitimate interests pursued by the controller

The legislations, policies and guidance that relate to this service includes, but is not limited to:

  • localism act 2011 (for events in relation to our functions)

For more information about how we use your data, including your privacy rights and the complaints process, please see our corporate privacy notice.