Cookie Consent by Free Privacy Policy Generator
A large mural created by young people of York in care.

Speak Up Privacy Notice

We keep the Speak Up (York’s Children’s Rights and Advocacy Service) Privacy Notice under review. It was last reviewed and updated in April 2022.

If you have any questions about this Privacy Notice contact the council’s Data Protection Officer.

View the privacy and transparency information for all of the City of York Council (CYC).

Collecting personal data

We'll collect your information when you contact us or are referred to us, giving your consent for advocacy support, and this privacy notice explains how we will use it.


  • only ask you for the information that is necessary to provide our services to you
  • protect it and make sure nobody has access to it who shouldn’t
  • ensure you know if you have a choice about giving us information
  • make sure we don’t keep it for longer than is necessary

We ask that you:

  • give us accurate information
  • tell us as soon as possible of any changes
  • tell us as soon as possible if you notice mistakes in the information we hold about you

For those young people who are supported through non-instructed advocacy, information may be gathered by:

  • observing the individual person and their situation and noting their unique preferences
  • gathering information from significant others
  • exploring alternative means of communication

Using personal data

We use your personal information to:

  • provide an advocacy service to you
  • ensure you are aware of your rights and entitlements
  • evaluate and quality assure the services we provide; this will include seeking your feedback on the services you have received.

We may also use your anonymised information to:

  • evaluate and quality assure the services we provide
  • inform our future service provision
  • analyse our service provision and effectiveness
  • create reports and statistics that are anonymous and cannot be linked back to you and your family.

Our legal basis for using personal data

We collect and use your personal information with your explicit consent.

Obtaining your feedback about the support you receive from us is also only done with your explicit consent.

Sharing personal data

As a rule, we do not transfer your personal data to third party processors outside the European Economic Area (EEA). However, for as long as the provisions of the Local Authorities and Police and Crime Panels (Coronavirus) (Flexibility of Local Authority and Police and Crime Panel Meetings) (England and Wales) Regulations 2020/392 remain in effect, we are currently using Zoom Video Communications Inc Pro or Business version (“Zoom”) to host meetings (version 5).

Where meetings are recorded, recordings will be kept locally on our server and will not be retained by Zoom. Some personal data, such as user’s names, email addresses; telephone numbers where applicable, IP address, MAC address, other device ID (UDID), device type, operating system type and version, client version, type of camera, microphone or speakers, connection type, etc. will be stored securely on Zoom’s system in the US (that is, outside the EEA) in compliance with the EU – US Privacy Shield Framework. Zoom’s certification ;may be viewed online.

Zoom does not sell personal data to third parties; collects only the personal data required to provide Zoom services; and retains that data only for so long as is necessary for the provision of those services. Zoom’s privacy policy can be viewed online.

Where we use WhatsApp to contact and communicate with you, your name, contact details, profile picture and content of your messages will be visible to Speak Up (York’s Children’s Rights and Advocacy Service) due to the nature of the WhatsApp technology. By joining the WhatsApp chat, you are consenting to sharing this information with us. Should you wish to withdraw your consent at any time, you are responsible for leaving the WhatsApp chat.

WhatsApp's privacy policy can be viewed online.

We have an agreement in place with Attend Anywhere to provide secure online conversations. See the Attend Anywhere privacy statement.

Sharing data under Data Protection legislation

We may be required or permitted, under data protection legislation, to disclose your personal data without your explicit consent, for example if we have a legal obligation to do so, such as for:

  • law enforcement
  • fraud investigations
  • regulation and licensing
  • criminal prosecutions
  • court proceedings

Retaining personal data

We keep your information securely in line with the retention periods shown below, after which time it is made inaccessible to system users or securely destroyed, unless we are required by legal reasons to keep it for longer than the stated retention period.

Category Retention Period
Children and young people with a Child Protection Plan Date of birth +40 years
Children and young people who have been in the care of the local authority (Looked After Children and Care Leavers) Date of birth +75 years - If the child/young person dies before the age of 18 records will be retained for 15 years from their date of death
Adoption Date of birth +100 years
Private fostering arrangements Date of birth +75 years
Private foster parents where parents made own arrangements for child to be fostered Last contact with the Private Foster Parent +10 years, or date of death of Private Foster Parent + 2 years
All other records relating to Children and Young People Records of children and young people who don’t fall into any of the above categories, including Children in Need, and general papers where a file has not been opened Date of Birth +25 years
Register of persons posing a risk to children and those cautioned or convicted of offences against children 75 years from the date of the caution/conviction

At the end of the retention period, we may pass any relevant information to the City Archives where it is required or appropriate to do so.

Further processing of personal data

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we'll provide you with a new notice.

The new notice will:

  • explain this new use before we start the processing
  • set out the relevant purposes and processing conditions

Where and whenever necessary, we'll seek your consent to the new processing, if we start to use your personal data for a purpose not mentioned in this Privacy Notice.

Caldicott Guardians

See details of our Caldicott Guardians, responsible for protecting the confidentiality of people’s health and care information, and making sure such data is used properly.

Your rights relating to personal data

When we collect your personal data we'll tell you how we are going to use it. Where we process your personal data, you have a number of rights under data protection law.

See further details of your rights relating to personal data.