We're now part of the York & North Yorkshire Combined Authority

Website forms and social media – Privacy notice

Published: 20 February 2024
Review date: 20 February 2025
Policy owner: Data Protection Officer

This privacy notice has been written to inform individuals about how and why Office of the North Yorkshire Police, Fire and Crime Commissioner processes personal data.
Specifically, it outlines how we may use your information on our website and on our social media channels.

This privacy notice should be read in conjunction with the General Privacy Notice.

Who are we?

North Yorkshire Police, Fire and Crime Commissioner is a data controller as defined by the UK GDPR. This means that we determine the purposes for which your personal data is processed and the manner of the processing. We will only collect and use your personal data in ways that are compliant with data protection legislation.

The role of the DPO is to monitor our compliance with the UK GDPR and the Data Protection Act 2018 and advise on data protection issues. If you would like to discuss this privacy notice or our use of your data, please contact:

Data Protection Officer
Office of the Police, Fire and Crime Commissioner
Harrogate Police Station
Beckwith Head Road
North Yorkshire
info@northyorkshire-pfcc.gov.uk // 01423 569562

What personal information do we collect?

The personal data we collect about you could include:
• Name, address, email address, telephone number, social media handle and other information that allows us to contact you in back in order to deal with your enquiry
• Comments/images that may contain personal or sensitive data that you choose to share with us through a direct message
• Information about your mobile device, laptop, and how you use our website

Why do we collect your personal information?

We process your information for the purposes outlined below:

• To deliver services and support you
• To manage those services we provide to you
• To help investigate any worries or complaints you have about our services
• To improve our website set default options for you

Who do we obtain your information from?

We will collect information through posts that are relevant to the Office for the Police, Fire and Crime Commissioner – direct mailings, comments, replies, screenshots and emails form any social media channel or website we run.

Who do we share your personal data with?

We may share your information with the following organisations:

• North Yorkshire Police
• North Yorkshire Fire and Rescue Service
• Commissioned Services

We may also share information with other third parties where there is a lawful basis to do so. For example, we sometimes share information with the police for the purposes of crime detection or prevention.

We may engage the services of commercial companies to store and manage your information on our behalf. Where we have these arrangements, there is always a contract, memorandum of understanding or information sharing agreement in place to ensure that the requirements of the GDPR on handling personal information are met.

How long do we keep your personal data for?

We will retain your information in accordance with our Records Management Policy and Retention Schedule. The retention period for most of the information we process about you is determined by statutory obligations. Any personal information which we are not required by law to retain will only be kept for as long as is reasonably necessary to fulfil its purpose.

We will delete any personal information stored on our website through the submission of our online form, every 30 days.

We do not keep a log of enquiries and posts made through social media, however, if you make a complaint this may be logged in line with our complaints policy and procedure to investigate and provide a response.

Any use of social media in your control, such as sending us a tweet, you will be able to delete. Any direct messages sent to us will be deleted after 30 days from the last communication.

In relation to Facebook, we will not as a matter of course delete anything posted to our page unless it contains inappropriate content.

What is our lawful basis for processing your information?

Under the UK GDPR, it is essential to have a lawful basis when processing personal information. We normally rely on the following lawful bases:

• Article 6(1)(a) – Consent
• Article 6(1)(c) – legal obligation (in relation to fraud)
• Article 6(1)(f) – legitimate interests

We only rely on legitimate interests when we are using your data in ways you would reasonably expect.

Where we are processing your personal data with your consent you have the right to withdraw that consent. If you change your mind or are unhappy with our use of your personal data, please let us know by contacting the Data Protection Officer.

For information about the cookies collected on our website and how to block them visit our Cookie Policy.

Changes to this notice

We reserve the right to change this privacy notice at any time.

This privacy notice was last reviewed 31 January 2024.