Cookie Consent by Free Privacy Policy Generator

Concerned about an adult in York? Let us know

Safeguarding Adults York Privacy Notice

City of York Safeguarding Adults Board (CYSAB) works with organisations across York to help protect adults with care and support needs from abuse or neglect. The Board includes representatives from key organisations across York, including City of York Council, health services, the police and independent care providers.

The three Statutory Safeguarding Partners are:

  • City of York Council
  • North Yorkshire Police
  • the NHS Humber and North Yorkshire Integrated Care Board

The Partners work together with other relevant agencies locally, to safeguard and promote the welfare of adults in their area.

See further information about the CYSAB, including which organisations are the Statutory Safeguarding Partners: CYSAB - The Board.

When the CYSAB use your personal data, we comply with the Data Protection Act 2018, and is the registered ‘controller’. Our data protection notification is registered with the Information Commissioner’s Office (ICO), reference: Z5809563.

We regularly update the CYSAB Privacy Notice and it was last updated in December 2024.

Specific privacy information for each of the statutory partner organisations, including details of their ICO registration and Data Protection Officer, can be found on their websites:

When appropriate we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this document.

We get information about you from the following sources:

  • directly from you
  • from third parties acting on your behalf, such as family members, advocates
  • professionals, such as police, NHS, Coroners and Fire Service

Top of page

We process the following personal data and special categories of personal data, such as:

  • name
  • data of birth
  • date of death
  • address
  • email or telephone number
  • gender
  • NHS number
  • details of family members, associates, and personal relationships
  • history of behaviour that may cause safeguarding concerns
  • information about individuals who are reported as missing
  • information about individuals who are at risk of abuse or neglect
  • ethnicity or race
  • religious beliefs
  • health information
  • details about sex life and/or orientation

When we process information relating to criminal convictions and offences, this includes details of any past criminal convictions or offences.

  • details of criminal offences and prosecutions
  • information about individuals who are released from prison

We need to collect this information for the following purposes:

  • service provision
  • fulfil our statutory obligation in relation to safeguarding adults as defined in the Care Act 2014, which may include Safeguarding Adults Reviews or section 42 enquiries

When you take part in one of our surveys or consultations, we will also collect your comments, feedback, and opinions. You can withdraw your consent to these at any time by contacting us on email: sab@york.gov.uk.

When you complete an online form on our website and ask for a copy of your completed form, this will be sent to the email address you have provided.

If you choose to subscribe to our newsletters or updates, we will collect your preferred contact details. You can unsubscribe at any time by contacting us on email: sab@york.gov.uk.

We may use your information to create reports and statistics that are anonymous and cannot be linked back to you, your family, or individuals such as:

  • statistical analysis
  • statutory returns
  • audit framework
  • to see how the council and its partners are supporting individuals
  • to help design better services
  • to inform funding decisions

Top of page

We do not carry out any automated decision making in providing CYSAB services.

Top of page

Please see our Cookie Policy for further information about the information we collect automatically when you use our website.

Top of page

Where we provide services directly to children or young people, the information in the relevant parts of this notice applies to children and young people, as well as adults.

Top of page

Any personal data, special category data and criminal offence data that we process about individuals is done so in accordance with one or more of the following Articles 6 and 9 and 10 of the UK GDPR and Schedule 1 of the Data Protection Act 2018 (DPA 2018).

Article 6(1):

  • (a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose
  • (c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations)
  • (e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
  • (f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests (this does not apply to a public authority processing data to perform their official tasks)

Article 9(2):

  • (a) Explicit consent
  • (g) Reasons of substantial public interest (with a basis in law)
  • (h) Health or social care (with a basis in law)

This is supported by Schedule1, Part 2 (6) of the Data Protection Act 2018 and the following legal framework:

  • Care Act 2014
  • Mental Capacity Act 2005
  • Health and Social Care Act 2015
  • Domestic Abuse Act 2021
  • Legal Aid, Sentencing and Punishment of Offenders Act 2012
  • Police Reform and Social Responsibility Act 2011
  • Crime and Disorder Act 1998
  • Safeguarding Vulnerable Groups Act (SVGA) 2006

Where we process information relating to criminal convictions and offences, this is also under Article 10 UK GDPR that covers processing in relation to criminal convictions and offences or related security measures. In addition, section 11(2) of the DPA 2018 specifically confirms that this includes personal data relating to the alleged commission of offences, or proceedings for an offence committed or alleged to have been committed, including sentencing.

Some of the Schedule 1 conditions for processing special category and criminal offence data require an Appropriate Policy Document (APD) to be in place, which sets out and explains the procedures for securing compliance with the principles in Article 5 and policies regarding the retention and erasure of such personal data. This document explains this processing and satisfies the requirements of Schedule 1, Part 4 of the DPA 2018 and supplements this privacy notice.

You can find the Appropriate Policy Documents for each of the statutory safeguarding partners on their websites.

Top of page

Information will only be kept for as long as is necessary by the relevant statutory safeguarding partner and key organisations of the CYSAB.

Top of page

We will only share your information where it is appropriate to, with:

  • statutory safeguarding partners of the CYSAB
  • key organisations of the CYSAB
  • regulatory authorities such as Care Quality Commission and Local Government and Social Care Ombudsman
  • coroners
  • third parties including our data processors, partners, or contractors, who undertake work on behalf of the CYSAB
  • third parties acting on your behalf, such as advocates
  • government agencies
  • internal and external auditors

In some circumstances, such as under a court order or safeguarding, we are legally obliged to share your information.

We will always satisfy ourselves that we have a lawful basis on which to share the information and document our decision making.

Additionally, we are required under the Public Records Act 1958 (as amended) to transfer records to the City or National Archives (TNA) for permanent preservation. Full consideration will be given to Data Protection and Freedom of Information legislation when making decisions about whether such records should be open to the public.

Top of page

Where we have external third parties providing parts or all of our services for us, we only work with them where we are satisfied, they take appropriate measures to protect your personal information and where required, we have contracts or agreements in place with them.

Specific information on data processors or third parties used by each of the statutory safeguarding partners can be found on their websites.

Top of page

We do not routinely transfer personal data, special categories of personal data or criminal offence data, outside of the UK but when this is necessary, we ensure that we have appropriate safeguards in place and that is done in accordance with the UK data protection and privacy legislation.

Specific information on transfers of personal data, special categories of personal data or criminal offence data by each of the other statutory partner organisations can be found on their websites:

Top of page

We're committed to keeping your information safe and secure. There are several ways we do this, such as:

  • IT security safeguards such as firewalls, encryption, and anti-virus software
  • on-site security safeguards to protect physical files and electronic equipment
  • training for all staff
  • policies and procedures

Specific information on how each of the other statutory safeguarding partners keep your information safe can be found on their websites:

Top of page

To find out about your rights under Data Protection law, you can go to the Information Commissioners Office (ICO) website.

Specific information on your rights from each of the other statutory safeguarding partners can be found on their websites:

Top of page

We are the sole owner of the information collected via our website. It does not store or capture personal data of users with general public access, but does log the IP address of a visitor. This enables us to determine which pages are being viewed and helps us to improve our services.

It does not require cookies for the general running of the CYSAB website, but does require them to enable requested services (for example, payments) and to remember choices during the visit.

Anonymous information about page visits is collected using Google Analytics.

Our website privacy notice does not cover external websites; we encourage you to read the privacy notices on any other websites you visit.

Our website also lists email addresses for external organisations (those addresses that don't contain 'york.gov.uk'); we cannot guarantee what will happen to your personal data if you email an external organisation.

Top of page

By using our website you are consenting to certain types of cookie being placed on your device. See our Cookies Policy.

Where our website links to external resources or websites, these may add their own cookies. These are outside our control. Cookies can be disabled by changing the settings in your browser, but you may need to re-enter information at times.

Top of page

Emails that we send to you or you send to us, may be retained as a record of contact and your email address stored for future use in accordance with our record retention schedules. If we need to email sensitive or confidential information to you, we may perform checks to verify the correct email address and may take additional security measures.

Top of page

You will not receive unsolicited paper or electronic mail as a result of sending us any personal data while using our website, unless you have given us permission to do this.

Top of page

We do not pass personal data to third parties for marketing, sales or any other commercial purposes without your prior explicit consent.

If we have to share your personal data externally, we require any third party to comply with the principles of data protection legislation, and our procedures and instructions, when they use your information on our behalf.

Top of page