This privacy notice is designed to help you understand how and why the public health team process your personal data. This notice should be read in conjunction with our corporate privacy notice.
Who are we?
North Yorkshire Council is a ‘data controller’ as defined by Article 4(7) of the UK General Data Protection Regulation (UK GDPR). Local authority public health responsibilities are set out in the Health and Social Care Act 2012. We assumed these responsibilities on 1 April 2013.
We have appointed Veritau Ltd to be our data protection officer.
Their contact details are:
What personal information do we collect?
- date of birth
- contact details
Special category data:
- health information
Why do we collect your personal information?
In order to fulfil our statutory responsibilities we have a legal basis to process personal data for certain public health purposes under Section 42(4) of the SRSA (2007) as amended by section 287 of the health and social care act (2012) and regulation 3 of the health service (control of patient information) regulations 2002.
There are several reasons why we collect and process personal and/or special category data:
- to plan and improve services that we provide and commission
We review data about where people live, such as partial postcodes, in order to ensure everyone in the county can access our services. Where services are targeted to specific groups, for example by age, we need to check that we are reaching people most effectively.
- to provide you with a service that meets your needs
The public health grant to the council funds a number of services, most of which are provided by external organisations. These services will collect, store and process your personal data in order to assess and meet your needs and comply with any statutory requirements. Our contract with these organisations include our expectations of them in relation to compliance with data protection law. You should refer to their individual service privacy notices and websites for further information below this notice.
These services include:
- adult weight management
- adult drug and alcohol service
- children’s weight management
- flu vaccinations for North Yorkshire Council staff
- healthy child services
- sexual health services
- stop smoking services
- strong and steady
Where our services are provided by general practice and pharmacy teams you should refer to their privacy notice:
For communication purposes
We collect and store professional contact details for those on our circulation lists, those who attend meetings we organise and those we fund training for in order to send updates and meeting papers. The amount of personal data that we collect is very limited and only includes information relating to your job role which includes your job title, work address, email and telephone number.
To organise events
We will process your personal data to reserve a place for you at the event you desire to attend; to provide you with information about the event for which you have registered, that includes confirmation of a place, event updates, and possible changes, cancellation or similar information; to provide you with information about accessibility, transportation, parking, etc. that may impact on your attendance to the event; to share any relevant information after the event for example, copies of slides.
For research and development purposes
The Public Health team may conduct primary research, social marketing, and service evaluations, or commission academic or other suitable organisations to conduct these on our behalf.
For epidemiological and surveillance purposes
To produce assessments of the health and care needs of the population and identify priorities for resource allocation and action, in particular to comply with our statutory responsibilities:
- joint strategic needs assessments (JSNA)
- joint health and wellbeing strategy (JHWS)
- director of public health annual reports
Who do we share this information with?
In order to deliver the best possible service, the team or those we commission may need to disclose your personal data to other organisations.
This could include, but not necessarily limited to:
- NHS agencies (GPs, hospitals, ambulance, health visitor), mental health services, and other health providers
- education providers
- domiciliary care, residential/nursing care, and day care providers
- local and central government agencies (such as the department of health and department of work and pensions)
Use of your NHS Number
If you are receiving support from one of our services then the NHS may share your NHS number with us. This is so that the NHS and adult social care are using the same number to identify you whilst providing your care. By using the same number we are able to work together to improve your care and support.
How long do we keep your information for?
We will only keep your personal data for as long as it is needed for the purpose it was collected for, or for as long as is required by legislation. There are different retention periods for different types of information. Please refer to the specific privacy notice for details of the relevant retention period.
The following table details the retention periods for records relating to mailing lists, public consultations, online surveys and events:
Until you withdraw your consent OR Updated annually or when consent preference is altered.
Length of consultation plus 2 years.
For six months after the consultation has concluded.
For events name and preferred method of contact which could include email address, telephone number, postal address
Retain from year records created plus 1 year.
What is our lawful basis for processing your information?
With regard to personal data:
- article 6(1)(a) - consent article 6(1)(c) – legal obligation
- article 6(1)(e) - public task
With regard to special category data:
- article 9(2)(a) - Consent
- article 9(2)(h) – Provision of health and social care
- article 9(2)(i) – Processing is necessary for reasons of public interest
Across the service we rely on the appropriate legal basis for processing your personal and special category data. Please refer to the public health services specific privacy notices for more detailed information.
For more information about how we use your data, including your privacy rights and the complaints process, please see our corporate privacy notice.