This Privacy Notice is designed to help you understand how and why Ryedale District Council is processing your personal data in relation to Coronavirus (Covid-19). This notice should be read in conjunction with the Council’s Corporate Privacy Notice.
Who are you?
Ryedale District Council is a ‘Data Controller’ as defined by Article 4(7) of the General Data Protection Regulation (GDPR).
Ryedale District Council is a Category 1 Emergency Responder as set out by the Civil Contingencies Act (CCA) 2004 and has statutory duties and responsibilities to fulfil as part of this.
We process the data of service users in a variety of different ways, typically we will have a privacy notice for the specific team or area informing you of how and why this information is collected and processed. However, as this area of processing data is likely to change rapidly and affect various different services, we have one privacy notice for processing data related to Coronavirus (COVID-19). This should be read in conjunction with any other relevant privacy notices.
We have appointed Veritau Ltd to be our Data Protection Officer. Their contact details are:
|Data Protection Officer Veritau Ltd County Hall Racecourse Lane Northallerton DL7 8AL DPA@ryedale.gov.uk // 01609 53 2526|
What Personal Data of mine do you collect?
We could collect:
- Contact details
- Address or other geographical marker
- Medical Information, age or any other personal information which would mark a vulnerability to the virus
- Recent history of contacts with other individuals or any other personal information which could help prevent or trace transmission of the virus
- Any other personal information which we are asked to be collected by the relevant health or government authorities to mitigate the risks associated with Coronavirus (COVID-19) this includes health risks, economic risks and social risks.
What is the purpose of collecting my Personal Data?
- The Coronavirus (COVID-19) situation means that to fulfil these responsibilities, including statutory obligations, we may collect additional personal information where relevant to the prevention or mitigation of the impact, of the virus to comply with the CCA.
- This information is collected so we can prioritise our services and plan and respond to the situation as it changes.
- We may also be required to collect and process personal information to mitigate the other impacts of Coronavirus (COVID-19) such as economic or social impacts.
Who do you share this data with?
The Civil Contingencies Act places a duty on Category 1 responders to share information with Category 2 responders and other organisations in order to provide services in response to the pandemic. We may share information with others including, but not limited to, Category 1 and Category 2 responders, such as:
- Other Council services, public bodies and authorities including North Yorkshire County Council and other District Councils within North Yorkshire
- Central Government
- Emergency services
- NHS agencies
- Healthcare organisations
- Utility companies
- Voluntary organisations
How long do you keep this data for?
Information will be kept for as long as necessary for the purposes for which it is processed. We will destroy or archive information when the risks from Coronavirus (COVID-19) have been appropriately reduced.
What is your legal basis for processing this data?
The legal basis we rely on will be determined by the specific process. However it is likely that we will process this personal data under the legal basis of:
- Article 6(1)(c) – Legal Obligation and;
- Article 6(1)(e) – Public Task.
- Article 6(1)(d) – Vital Interest of the data subject and other people
Some of the personal data processed by us will be information defined as Special Category Data. In order to lawfully process this type of information, we will rely on the following Article 9 conditions:
- Article 9(2)(g) – Reasons of substantial public interest (with a basis in law)
- Article 9(2)(c) – Vital Interest of the data subject where they are physically or legally unable to give consent.
The legislations, policies and guidance that underpin this processing include, but are not limited to:
- Civil Contingencies Act (CCA) 2004 and Civil Contingencies Act 2004 (Contingency Planning) Regulations 2005
- The Local Government Act 1972
- The Local Government Act 2000
Changes to this Privacy Notice
This privacy notice will undergo regular review as the situation evolves. If any changes are made, we will publish the updated version on our website.
For more information about how we use your data, including your privacy rights and the complaints process, please see our Corporate Privacy Notice.