Menu Close

Privacy notice for SENDIASS North Yorkshire

Terms and conditions

We regularly update this Privacy Notice; it was last reviewed and updated in October 2023.

When we use your personal data, SENDIASS North Yorkshire complies with the Data Protection Act 2018 and we are part of North Yorkshire Council’s data protection registration with the Information Commissioner’s Office (ICO)

The council is the data controller for your information unless we specifically state otherwise in this privacy notice.

To make it clear how we collect and use your personal data, and to help you understand your rights, we've divided our Privacy Notice into the following areas:

  • personal data
  • collecting personal data
  • using your personal data
  • sharing your personal data
  • our legal basis for using personal data
  • retaining personal data
  • transferring personal data abroad
  • further processing of personal data
  • your rights relating to personal data


Who are SENDIASS North Yorkshire

Our website address is:

What personal data we collect and why we collect it

We may collect your information in the following ways:

  • via our website, our contact form
  • telephone, electronic, occasionally paper.
  • email
  • face-to-face

When we collect your information we will:

  • ensure you know why we need it
  • only ask for what is necessary for the service we're providing to you
  • protect it and make sure nobody has access to it who shouldn’t
  • ensure you know if you have a choice about giving us information
  • make sure we don’t keep it for longer than is necessary

We ask that you give us accurate information, notify us of any mistakes, and tell us as soon as possible of any changes.


Using personal data

We will use your information to deliver the SENDIASS North Yorkshire services such as:

  • monitoring the usage of our website
  • responding to your enquiries or referrals

We may use information to create reports and statistics that are anonymous. Sometimes we need to share your information with others. We will only do this when it is necessary to offer you this service, or if we are required to do so by law. If the information shared presents safeguarding concerns the service is required to follow the local safeguarding policy. Anonymised data may be used for reporting to support the develop of this service and meet national bodies and regional bodies such as The Council of Disabled Children, National Special Educational Needs Information and Advice Service (IASSN) or SENDIASS North Yorkshire’s annual report. Any case studies would be pseudonymised and ensured that they are not identifiable.

We do not plan to share information with anyone else or use it for anything else.

This information cannot be linked back to you, your family, or individuals such as:

  • statistical analysis
  • statutory returns
  • audit framework

When we use MS Teams to provide secure online conversations, we do not record these sessions and only if requested would be consider this. If you want to record or transcribe to use for resource’s we would ask your permission to ensure you are at ease, otherwise we would not go ahead with this. Please be reassured we would always explain to you and seek your permission before recording.

Where we use data processors who use third parties to provide elements of services for us, we have contracts in place with them. SENDIASS North Yorkshire has a contract in place with Synergy Case management to provide our case management system. We have a contract with Cirrus for our website and we pay for the additional licence to ensure our website is secure.


Contact forms

If you fill out a form on our website, the information is sent directly, via email, to
Information is not stored on this site.



We use Google analytics to provide analytics and feedback of the site’s usage.


Our legal basis for using personal data

Any personal data including special category data that we process about individuals using SENDIASS North Yorkshire is done so in accordance with Article 6, 9 and 10 of the UK GDPR and Schedule 1 of the Data Protection Ac 2018 (DPA 2018).

The legal basis for processing your personal data is in accordance with the following:

  • Article 6(1)(c) so we can comply with our legal and statutory duties including, but not limited to, those which apply under the legislation shown below
    • Children and families act 2014
    • SEND Regulations 2014
    • SEND Code of Practice 2014
  • Article 6(1)(d) to protect your vital interests or those of another person
  • Article 6(1)(e) for the performance of our public task
  • Article 6(1)(f) for the purposes of our legitimate interest

Where the information we process is special category data, for example your health data, the additional bases for processing that we rely on are:

  • Article 9(2)(a) your explicit consent
  • Article 9(2)(b) which relates to carrying out our legal obligations and the safeguarding of your fundamental rights including, but not limited to, those which apply under the legislation shown below
    • Children and families act 2014
    • SEND Regulations 2014
    • SEND Code of Practice 2014
  • Article 9(2)(c) to protect your vital interests or those of another person where you are incapable of giving your consent
  • Article 9(2)(g) – where processing is necessary for reasons of substantial public interest

Some of the Schedule 1 conditions for processing special category data are examples like data concerning health or racial or ethnic origins.

We will always ask for your consent to take part in surveys or to get your feedback, about our services.

Retaining personal data

We will only keep your information for as long as is necessary and then we will delete or destroy it securely.

At the end of any defined data retention period, we may leave any relevant information on our secure database if appropriate but where required and appropriate to do so, we may store documents in locked archives that can only be accessed by SENDIASS North Yorkshire.


Transferring personal data abroad

We have not been required to transfer personal data outside of the UK but when this is necessary, we would ensure that we have appropriate safeguards in place and it complies with obligations equivalent to the principles of the Data Protection Act 2018.

Further processing of personal data

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we'll provide you with a new notice and ensure you are aware before proceeding.

The new notice will:

  • explain this new use before we start the processing
  • set out the relevant purposes and processing conditions

Where and whenever necessary, we'll seek your consent to the new processing, if we start to use your personal data for a purpose not mentioned in this Privacy Notice.

Your rights relating to personal data

When we collect your personal data, we'll tell you how we are going to use it. Where we process your personal data, you have several rights under data protection law.

The right to be informed

You have the right to be told how your personal data will be processed. This right applies whether you supply your personal data to us, or whether we obtain your data from a third party. We'll inform you how we're processing your data using privacy notices, to explain what we are doing with your personal data and why.

The right of access to your personal data

You have the right to request access to personal data held about you; this is also known as making a 'Subject Access Request' (SAR). This must be done through North Yorkshire Council’s service called Veritau. Data Protection Services - Veritau

The right to rectification of your personal data

If your personal data is inaccurate or incomplete, you have the right to ask for this to be rectified. We'll always comply with a request for rectification, unless there is a legal reason why we can’t (for example, if the information held is for evidential purposes and was accurate at the time of collection). Where we can’t rectify your information, we'll provide an explanation.

The right to have your personal data erased

You have the right to ask for any information held about you to be erased - sometimes referred to as the “right to be forgotten". We must legally erase any information where there is no compelling reason for us to be processing it. Where we cannot comply with a request to erase your information, we'll provide an explanation.

The right to restrict the processing of your personal data

You have the right to ask for the processing of your personal data to be blocked or suppressed. This right is like asking for your data to be erased, but in this instance, it means that we can only store/hold your information and can’t process it in any other way. For example,

  • where you have contested the accuracy of your information and processing is restricted until its accuracy is verified
  • where you have objected to processing and we are considering the legal implications of complying with your request
  • where we no longer require the information, but you have specifically asked that we keep it to enable you to seek legal advice or for legal proceedings

Where we cannot comply with a request for restriction of processing because there is a legal reason not to, we'll provide an explanation.

The right to object to certain types of processing

You have the right to object to certain types of processing of your personal data. If you object to the processing of your information and there is a legal reason why we cannot comply we'll provide an explanation.

The right to ask for your data to be sent to another organisation - data portability

There are some limited circumstances where you have the right to ask us to transfer your personal data to another organisation. However, to exercise this right the following criteria must apply:

  • you must have given your information to us directly
  • we must only be processing your data solely on the basis that you have given your consent, or we are processing it to fulfil a contract (if we're processing your information to fulfil a public task, this right does not apply)
  • the processing of the data is carried out by automatic means (only by a computer system with no human intervention)

We do not believe that any type of processing that we carry out would fall within these criteria. However, we'll always comply with requests to provide your data where possible, and if we cannot we'll provide an explanation.

The right to object to automated decision making - including profiling of you

Automated decision making is purely carried out by a computer system with no human intervention. For example, when you apply for credit, a computer system may decide that you're not eligible. We currently do not carry out automated decision makings without any human intervention. However, where we may make an automated decision about you, you have the right to object to this. We'll tell you where we are making automated decisions about you.

The right to raise a complaint with the Information Commissioner’s Officer

If you have a concern about the way we handle your personal data, contact the Information Commissioner's Office (ICO). If the ICO thinks we have not complied with legal obligations, they can give us advice and ask us to solve the problem. The ICO cannot award you compensation, their main aim is to improve the information rights practices of organisations. The ICO will not usually investigate concerns where there has been an undue delay in bringing it to their attention and so you should raise your concerns with them within 3 months of your last contact with us about your concern.

There are some circumstances where other laws prevent us from complying with some of your rights and where this is the case, we'll provide an explanation.

Find out more about your legal rights from the Information Commissioners Office (ICO).