Ryedale District Council

Ryedale District Council is a ‘Data Controller’ as defined by Article 4(7) of the General Data Protection Regulations (GDPR). This means that the Council has a duty of care towards the personal data that it collects and uses.

The Council has appointed Veritau Ltd to be its Data Protection Officer. Their contact details are:

Information Governance Office
Veritau Ltd
County Hall
Racecourse Lane
Northallerton
DL7 8AL
Email:
Tel: 01904 55 2848

In order to deliver our services the Council needs to collect and use your personal data and sometimes your special category personal data. We will only collect the data we need and if we don’t need your personal data we will keep it anonymous.

There will be instances where we will anonymise your data. For example, in a survey we may not need your contact details. In which case, we'll only collect your survey responses.

We may need to use and collect your personal data, and sometimes your special category personal data, so that we can:

• Deliver, manage, and check the quality of services that we provide to you
• Investigate complaints or concerns raised by you or other individuals
• Assist with the research and planning of new services

Your name, contact details, and address may be held on the Council’s databases, so that we can deliver services to you and easily identify you should you contact us. This includes our customer contact system, departmental back office systems and our systems that enable online service delivery.

Council officers may only access your personal data if they require it to perform a task. There are procedures and checks in place to ensure that officers can not use your data for their own personal benefit.

Third Party Processors
In order to deliver the best possible service the Council often uses third party organisations. These organisations will sometimes require access to your personal data in order to complete their work. If the Council does use a third party organisation it will always have an agreement in place to ensure that the other organisation keeps your data secure.

Other Organisations
Occasionally the Council is required to pass your data to other organisations. This could be because of a legal requirement or because a court orders the Council to do so. For example the Council may need to share information with the police to help prevent or detect a crime. The Council may not have to tell you if we do share with other organisations.

Statutory Functions
The Council’s internal auditors, counter fraud service, data protection officer, and external auditors may also have access to your personal data in order to complete their work. The Council will only share personal data with another organisation if it has a lawful basis to do so and will always keep records of when your data has been disclosed to another organisation.

National Fraud Initiative
The Council also collects and uses your data for the National Fraud Initiative (NFI). Please see the Council’s NFI Privacy Notice for more information.

The Council is committed to keeping the personal data that it holds safe from loss, corruption or theft. It has a number of measures in place to do this including:

• Training for all officers and elected councillors on how to handle personal data
• Policies and procedures detailing what officers can and can not do with personal data
• A number of IT security safeguards such as firewalls, encryption, and virus protection software
• On site security safeguards to protect physical files and electronic equipment

Unless the Council is using your data based on consent or to carry out obligations under contract then it will be relying on a legal power.

There are a number of legal reasons for the Council to collect and use your personal data. The service specific privacy notices, which can be found at the end of this notice, will tell you which legal power the Council is relying on for that specific process.

Conditions for criminal offence data, enforcement investigations and prosecutions

Where we are undertaking an investigation we are processing personal information under Part III of the Data Protection Act 2018 (DPA) for law enforcement purposes. The six law enforcement principles are similar to UK GDPR’s, however the transparency requirements are different, due to the potential to prejudice an ongoing investigation in certain circumstances.

When processing sensitive data, we must be able to demonstrate that the processing is strictly necessary and satisfies one of the conditions in Schedule 8 of the DPA or is based on consent.

The Council will only keep your personal data for as long as it is required to fulfil the purpose it was collected for or for as long as is required by legislation.

There are different retention periods for different types of information. The service specific privacy notices, which can be found at the end of this notice, will tell you how long that service area may keep your information for.

Generally the information that the Council holds is all held within the UK. However, some information may be held on computer servers which are held outside of the UK. The Council will take all reasonable steps to ensure your data is not processed in a country that is not seen as ‘safe’ by the UK.

If the Council does need to send your data out of the EU it will ensure it has extra protection from loss or unauthorised access.

Data Protection legislation gives you, the data subject, a number of rights in regards to your personal information. We have a dedicated webpage which explains what these rights are and how you can exercise them.

If you have concerns about the way in which RDC has handled your personal data, please contact our Data Protection Officer on:

Email:

Information Governance Office
Veritau Ltd
County Hall
Racecourse Lane
Northallerton
DL7 8AL
Tel: 01904 55 2848

You may also want to complain to the Information Commissioner’s Office (the Data Protection regulator) about the way in which the Council has handled your personal data. You can do so by contacting:

Email:

First Contact Team
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow Cheshire
SK9 5AF
Tel: 03031 23 1113

• Elections and Democracy
  • Elections privacy notice (PDF, 2 pages, 509kb)
  • Members privacy notice (PDF, 2 pages, 276kb)
  • Polling review consultation privacy notice (PDF, 1 page, 288kb)
  • Candidates, agents and subscribers privacy notice (PDF, 2 pages, 283kb)
• Social Housing, Private Housing, and Ryecare
  • Ryecare privacy notice (PDF, 2 pages, 500kb)
  • Private sector housing privacy notice (PDF, 4 pages, 531kb)
  • Housing options privacy notice (PDF, 3 pages, 544kb)
  • Housing Options Breathing Spaces privacy notice (PDF, 2 pages, 266kb)
  • Derwent Lodge privacy notice (PDF, 3 pages, 525kb)
  • Homelessness Reduction Act privacy notice (PDF, 4 pages, 145kb)
• Community Teams and Community Safety [content in development]
• Environmental Health
  • Specialist environment team privacy notice (PDF, 2 pages, 280kb)
• Licensing
  • Licensing (PDF, 2 pages, 286kb)
• Council Tax and Benefits
  • Benefits privacy notice (PDF, 2 pages, 281kb)
  • Local taxation privacy notice (PDF, 2 pages, 282kb)
• Legal Services
  • Legal Services (PDF, 2 pages, 299kb)
• Planning Applications and Local Plan Consultations
  • Planning Service (PDF, 3 pages, 304kb)
  • Planning consultations (PDF, 2 pages, kb)
• Human Resources
  • Employment privacy notice (PDF, 3 pages, 295kb)
  • Disciplinary procedure privacy notice (PDF, 2 pages, 309kb)
  • Grievance procedure privacy notice (PDF, 2 pages 293kb)
  • Recruitment privacy notice (PDF, 2 pages, 394kb)
• Fraud and National Fraud Initiative
  • Counter fraud (PDF, 3 pages, 302kb)
• Streetscene
  • Pest Control (PDF, 1 page, 312kb)
  • Waste and recycling (PDF, 1 page, 312kb)
• Grant applications
  • Grant applications (PDF, 1 page, 549kb)
• Economic development, business and partnerships
  
  • Economic development, business and partnerships (PDF, 2 pages, 516kb)
   

This Privacy Notice has been written to inform you about how Ryedale District Council processes your personal data when you visit this website.

This notice only applies to how the Council uses your data when you visit our website. For more information about how the Council uses personal data in general please see our other privacy notices.

Who are we?
Ryedale District Council is a ‘Data Controller’ as defined by Article 4(7) of the General Data Protection Regulation (GDPR).

The Council has appointed Veritau Ltd to be their Data Protection Officer. Their contact details are:

Data Protection Officer
Veritau Ltd
County Hall
Racecourse Lane
Northallerton
DL7 8AL

Email:
Tel: 01904 55 2848

Cookies
When you visit our website we will place a small file on your electronic device (computer, phone, or tablet etc) – this file is called a ‘cookie’. This is a common practice used by most websites that you visit.

Cookies are used so that:

• We can remember the information you’ve provided us with while on our website, so you don’t have to keep re-entering the information whenever you visit a new page
• We can look at how you use our website so that we can improve it for other users

When you use our website you agree that we can put these cookies on your device. We do not use cookies that also monitor other websites that you’ve visited (these are known as privacy intrusive cookies).

Our cookies will not identify you but if you prefer you may wish to turn Cookies off. For more information about how to this and more information about Cookies in general, please see the website About Cookies.

Google Analytics
Because we want to make sure our web content is the best that it could possibly be, we use Google Analytics to collect information about how people use this website.

Google Analytics collects information about:

• What pages you visit on this website
• How long you are on this website
• What you did to get here (through another website or by search engine)
• What you clicked on when visiting this website
• The number of times a word is searched for and the number of negative returns of a search result

We do not collect any personal information (such as your name), only the above activities.

This is an example of how we store this data and how long we keep it for:

For more information about Google Analytics and to opt out of Google Analytics all together please see the Google Analytics opt out browser add-on. 

Crazy Egg
Cookies placed by Crazy Egg do not include personally identifiable information such as name, phone number, email address or mailing address, nor does Crazy Egg link cookies to such personally identifiable information in their servers or databases

Copyright
Any information on this website, including not limited to graphics, design, text, and images are subject to Copyright which belongs to the Council or a third party that has given permission for the Council to use this information. The Council grants permissions to electronically copy, print to hard copy, or transfer such material so long as it is for Council business only.

Disclaimer and External Links
The Council makes every effort to ensure the content on this website is correct and factual. The Council accepts no liability for any inconvenience or loss caused by reliance on any information contained on this website.

The Council makes every effort to ensure links to external websites are secure. The Council accepts no liability for the privacy practices of those external websites.

Accessibility
For more information, see our website accessibility statement.

For more information about how the Council uses your data, including your privacy rights and the complaints process, please see our Corporate Privacy Notice above.