A boy's hand thrust forward towards the camera

City of York Safeguarding Children Partnership Privacy Notice

The Children Act 2004, as amended by the Children and Social Work Act 2017, and the associated statutory guidance Working Together to Safeguard Children (2018) replaced Local Safeguarding Children Boards (LSCBs) with new local multi-agency safeguarding partnership arrangements (MASA).

The new MASA arrangements placed new duties on the three Statutory Safeguarding Partners (namely: the Local Authority, the Police and the Humber and North Yorkshire Health and Care partnership) in local areas, to make arrangements to work together, and with other relevant agencies locally, to safeguard and promote the welfare of all children in their area.

See further information about the City of York Safeguarding Children Partnership including which organisations are partners.

We regularly review the CYSCP privacy notice, and it was last updated in September 2024.

See details of specific privacy information for each of the statutory partner organisations including details of their ICO registration and Data Protection Officer:

  • City of York Council
  • North Yorkshire Council
  • North Yorkshire Police
  • Humber and North Yorkshire Health and Care Partnership
  • Other agencies:
    • Airedale NHS Foundation Trust
    • Airedale, Wharfedale and Craven CCG
    • Bradford District Care NHS Foundation Trust
    • CAFCASS
    • Change Grow Live
    • Harrogate and District NHS Foundation Trust
    • HMP Askham Grange
    • Humber Teaching NHS Foundation Trust
    • Leeds and York Partnership NHS Foundation Trust
    • Morecambe Bay CCG
    • NHS England North
    • NHS England North Region (Yorkshire and Humber)
    • North Yorkshire Fire and Rescue Service
    • Probation Service
    • Schools and other education settings
    • South Tees Hospitals NHS Foundation Trust
    • Tees and Esk Wear Valley NHS Foundation Trust
    • Vocare
    • The York and North Yorkshire Combined Authority Office for Policing, Fire, Crime and Commissioning Partnerships, including IDAS
    • York and Scarborough Teaching Hospital NHS Foundation Trust
    • York CVS
    • Yorkshire Ambulance Service NHS Trust

When appropriate we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this privacy notice.

How we collect your information

We get information about you from the following sources.

Directly from you

  • when you visit our website
  • when you contact us in writing, speak to us on the phone, by email or any other type of electronic communication, or talk to us face to face
  • when you contact us and take part in any learning or development opportunities available through the CYSCP. E-learning training is provided through AdaptiVLE at CYSCP Training
  • when you take part in any of our surveys or consultation
  • when you submit a children’s safeguarding referral by completing the online Multi-Agency Safeguarding Hub (MASH) referral form

We do not collect information when you use a link in our website to other externally operated websites. If you transfer to another site, please read their Privacy Notice or Statement, this will also apply to individual partners and agencies websites within the CYSCP.

If you are accessing online services and are under the age of 13; please get your parent/guardian's permission beforehand whenever you provide us with personal information.

From third parties

We receive information from:

  • partners including public sector organisations such as;
    • local authorities
    • health services
    • police
    • GPs
    • schools and other educational settings
    • emergency services
    • the Disclosure and Barring Service (DBS)
    • Probation Services
  • voluntary and third sector organisations such as;
    • care providers
    • Voluntary Adoption Agencies
    • youth groups
    • charities
  • members of the public

Top of page

What personal data we process and why

We process different categories of personal information about you such as:

  • personal data or identifiers, such as;
    • name
    • alternative names
    • current and previous address
    • contact details
    • date of birth
    • date of death if applicable
    • National Insurance Number
    • NHS number
    • pupil number
  • Special category personal data, such as;
    • health or medical information
    • reports
    • photographs
    • gender
    • religious or philosophical beliefs
    • ethnicity

We may also process information about services you have received and criminal conviction data in accordance with our statutory functions.

The purpose of our local arrangements is to support and enable organisations and agencies across York to work together so that:

  • children are safeguarded and their welfare promoted
  • partner organisations and agencies collaborate, share, and co-own the vision for how to achieve improved outcomes for vulnerable children
  • organisations and agencies challenge appropriately and hold one another to account effectively
  • there is early identification and analysis of new safeguarding issues and emerging threats
  • learning is promoted and embedded in a way that local services for children and families can become more reflective and implement changes to practice
  • information is shared effectively to facilitate more accurate and timely decision-making for children and families

The CYSCP website hosts an online Multi-Agency Safeguarding Hub (MASH) referral form. This form is to enable professionals and members of the public to submit a children’s safeguarding referral. Although this online form is hosted on the CYSCP website, the information within it is submitted directly to the MASH and not to the CYSCP.

The CYSCP also gathers information to know how well agencies are working together to keep children safe. This helps us understand the experiences of children and young people living in York. Where appropriate we will seek information from parents and carers and the wishes and feelings of children (including children who might not ordinarily be heard) about the priorities and the effectiveness of local safeguarding work.

The CYSCP provides multi-agency face to face and e-learning courses to practitioners working with children and young people and their families/carers in York. These courses are designed to improve the safeguarding of children and young people in York. We will contact learners who have completed a course, approximately 3 to 6 months, after their attendance or completion, to take part in a survey to help us understand and monitor how the training has impacted on their working practices and on children and young people they work with in York. The information from these surveys is collated, analysed and reviewed on a quarterly basis and a summary produced on an annual basis. We never use your name or any other personal identifiable information in any presentations or reports, as it is anonymised and will not identify any individuals. The anonymised information contributes to the annual learning needs analysis as well as helping to understand the quality and impact of the training. A report, based on the anonymous information, is compiled for CYSCP and a summary provided within the CYSCP annual report as part of the Partnership’s requirement to monitor the impact of training.

The CYSCP produces a free monthly newsletter to share and disseminate information to our partners, stakeholders and wider community. If you choose to sign up to receive these, you are giving your consent for us to process your information for this purpose. You can withdraw your consent or unsubscribe, at any time by contacting us on email: [email protected]

The CYSCP may use your information to create reports and statistics that are anonymous and cannot be linked back to you, your family or individuals such as:

  • statistical analysis
  • statutory returns
  • audit framework

Top of page

Automated decision-making

We do not carry out any automated decision-making without any human intervention in the CYSCP.

Top of page

Collecting information automatically

Please see our Cookies Policy for further information about the information we collect automatically when you use our website.

Top of page

Children's information

Where we provide services directly to children or young people, the information in the relevant parts of this notice applies to children and young people, as well as adults.

Top of page

Lawful basis for processing your personal data

Any personal data including special category data and criminal offence data that we process about individuals is done so in accordance with Article 6, 9 and 10 of the UK GDPR and Schedule 1 of the Data Protection Act 2018 (DPA 2018).

Article 6(1):

  • (a) Consent: the individual has given clear consent for the council to process their personal data for a specific purpose.
  • (c) Legal obligation: the processing is necessary for the council to comply with the law (not including contractual obligations).
  • (d) Vital interests: the processing is necessary to protect someone’s life.
  • (e) Public task: the processing is necessary for the council to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

Article 9(2):

  • (a) Explicit consent
  • (b) Employment, social security and social protection (if authorised by law)
  • (c) Vital interests
  • (g) Reasons of substantial public interest (with a basis in law)
  • (h) Health or social care (with a basis in law)

The public tasks based on the public interest and legal obligations arise from the following provisions:

  • Children Act 1989
  • The Working Together to Safeguard Children 2018 statutory guidance
  • Children Act 2004
  • Education Act 1996
  • Education Act 2002
  • Education and Skills Act 2000
  • Legal Aid, Sentencing and Punishment of Offenders Act 2012
  • Police Reform and Social Responsibility Act 2011
  • Childcare Act 2006
  • Crime and Disorder Act 1998
  • Housing Act 1996
  • Safeguarding Vulnerable Groups Act (SVGA) 2006

Where we process personal data relating to criminal convictions and offences, this is also under Article 10 UK GDPR that covers processing in relation to criminal convictions and offences or related security measures. In addition, section 11(2) of the DPA 2018 specifically confirms that this includes personal data relating to the alleged commission of offences, or proceedings for an offence committed or alleged to have been committed, including sentencing.

Some of the Schedule 1 conditions for processing special category and criminal offence data require an Appropriate Policy Document (APD) to be in place, that sets out and explains the procedures for securing compliance with the principles in Article 5 and policies regarding the retention and erasure of such personal data. This document explains this processing and satisfies the requirements of Schedule 1, Part 4 of the DPA 2018 and supplements this privacy notice.

See the Appropriate Policy Documents for each of the statutory partner organisations:

Top of page

How long we keep your personal data

Information will only be kept for as long as is necessary by the relevant CYSCP partner.

Top of page

Data sharing

We will always satisfy ourselves that we have a lawful basis on which to share information and document our decision making.

We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.

We may be required or permitted, under Data Protection legislation, to disclose your information without your explicit consent, for example if we have a legal obligation to do so, such as safeguarding, law enforcement, fraud investigations, regulation and licensing, criminal prosecutions, and court proceedings.

Additionally, we are required under the Public Records Act 1958 (as amended) to transfer records to the City or National Archives (TNA) for permanent preservation. Full consideration will be given to Data Protection and Freedom of Information legislation when making decisions about whether such records should be open to the public.

Top of page

Data processors and/or third parties

Where we have external third parties providing parts or all of our services for us, we only work with them where we are satisfied, they take appropriate measures to protect your personal information and where required, we have contracts or agreements in place with them.

Where we use SurveyMonkey for our surveys, you can find out how they use your information in the Survey Monkey Privacy Notice.

When you take part in learning and development through the CYSCP we work with AdaptiVLE, you can find out how they use your information in the AdaptiVLE Privacy Policy.

When you subscribe to our newsletters, we use Granicus Gov Delivery to send you updates and newsletters, you can find out how they use your information in the Granicus Privacy Policy.

If we use Microsoft Teams, to contact you, to gather information from you, or if we are recording or transcribing our discussion or meeting with you, we will let you know. You can find more details about this in the City of York Council Microsoft Office 365 (MS365) Teams Meeting recording and transcription privacy notice.

When we use Zimma Ltd trading as Ticket Tailor for arranging and organising events, you can find out how they use your information in the Ticket Tailor Privacy Policy.

When we use Eventbrite for arranging and organising events, you can find out how they use your information in the Eventbrite Privacy Policy.

Top of page

Transfers of personal data

We don’t routinely transfer personal data outside of the UK but when this is necessary, we ensure that we have appropriate safeguards in place and that is done in accordance with the UK data protection and privacy legislation.

Top of page

How we protect your information

We are committed to keeping your information safe and secure. There are several ways we do this, such as:

  • IT security safeguards such as firewalls, encryption, and anti-virus software
  • on-site security safeguards to protect physical files and electronic equipment
  • training for all staff and elected councillors
  • policies and procedures

Top of page

Your rights in relation to this processing

To find out about your rights under Data Protection law, you can go to the Information Commissioners Office (ICO).

You can also find information about your rights in the City of York Council Privacy Notice.

If you have any questions about this Privacy Notice, want to exercise your rights, or if you have a complaint about how your information has been used, please contact us on email: [email protected], or telephone: 01904 554145, or write to:

Data Protection Officer
City of York Council
West Offices
Station Rise
York
YO1 6GA

Top of page

Making a payment

To find out what the council does with your information when making an online payment, please see the City of York Council Privacy Notice - online payments. Where we use Stripe for online payments, you can find their privacy information at the Stripe Privacy Policy.

Top of page

We are the sole owner of the information collected via our website. It does not store or capture personal data of users with general public access, but does log the IP address of a visitor. This enables us to determine which pages are being viewed and helps us to improve our services. It does not use cookies for the general running of the City of York Safeguarding Children Partnership (CYSCP) website, but does use them to enable requested services (for example, payments) and to remember choices during the visit.

Anonymous information about page visits is collected using Google Analytics.

Our website privacy notice does not cover external websites; we encourage you to read the privacy notices on any other websites you visit.

Our website also lists email addresses for external organisations (those addresses that don't contain 'york.gov.uk'); we cannot guarantee what will happen to your personal data if you email an external organisation.

Top of page

Cookies

By using our website you are consenting to certain types of cookie being placed on your device. See our Cookies Policy.

Where our website links to external resources or websites, these may add their own cookies. These are outside our control. Cookies can be disabled by changing the settings in your browser, but you may need to re-enter information at times.

Top of page

Email

Emails that we send to you or you send to us, may be retained as a record of contact and your email address stored for future use in accordance with our record retention schedules. If we need to email sensitive or confidential information to you, we may perform checks to verify the correct email address and may take additional security measures.

Top of page

Unsolicited mail

You will not receive unsolicited paper or electronic mail as a result of sending us any personal data while using our website, unless you have given us permission to do this.

Top of page

Third parties

We do not pass personal data to third parties for marketing, sales or any other commercial purposes without your prior explicit consent.

If we have to share your personal data externally, we require any third party to comply with the principles of data protection legislation, and our procedures and instructions, when they use your information on our behalf.

Top of page