Terms and Privacy

Collecting your personal information

South Yorkshire Mayoral Combined Authority take the privacy of your information very seriously. Our Privacy Notice below explains how we will collect and use the information you give us via our websites and otherwise when you are using our services, for instance when you complete any paper and online forms, or provide data to us by telephone.

We are committed to good information handling principles and protecting the privacy and confidentiality of any personal information we deal with.

When we interact with you, we might give you supplementary privacy notices which are more specific to the personal data we’re collecting or using at that point. You should read those notices alongside this Privacy Notice.

In this Privacy Notice, the word “we” or “SYMCA” refers to South Yorkshire Mayoral Combined Authority and South Yorkshire Local Enterprise Partnership. Unless otherwise stated, South Yorkshire Mayoral Combined Authority are the data controller of any personal data collected. Our contact details are included in the How to contact us section below.

What is personal information?

“Personal information” is data which relates to an identified or identifiable natural person who can be identified from that data. This means any individual who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you. The processing of personal data is governed by the UK General Data Protection Regulation (the “UK GDPR”) as tailored by the Data Protection Act 2018.

We collect your personal information in order to provide services to you. This includes the details about yourself that you provide over the telephone, on forms, by email, in letter, in person and online.

We’ll only collect information that is necessary or is required by law and we’ll explain the reasons for this.

We recognise that the information you provide may be sensitive and we will respect your privacy.

You may choose not to provide us with personal information, although some of our services may not be available as a result.

The categories of personal data we hold

Personal information collected from you in connection with our services includes the following:

  • your full name, postal address, e-mail address, employer/business and professional information, job title, any other personal data which is voluntarily provided from time to time
  • bank and card details where you make payments to us or we pay you.

If you communicate with us by email over the internet you should be aware that the nature of the internet as a means of communication means that this may not be secure. Please do not email us with confidential or sensitive information. We comply with data privacy laws in relation to security but cannot accept responsibility for unauthorised access to your information that is outside our control. Further information regarding our approach to the security of personal information is included in the section below on Security of personal information.

Third party personal information

If you give us personal information about another person, in doing so you confirm that they have given you their prior permission to provide it to us and for us to be able to process their personal data (including any sensitive personal data).

You must also ensure this, and other relevant privacy policies, are brought to their attention so they can review how their personal information may be used.

The purposes for which we use personal information

South Yorkshire Mayoral Combined Authority complies with its obligations under the UK GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We will only use your personal information for the purposes that you would reasonably anticipate or that we state when we collect it and, where necessary, when you have given us your consent. The situations in which this is relevant are set out in the table below.

The legal basis for our use and other processing of your personal information under data privacy laws

We are required to indicate our processing activities with your personal information and the legal basis for those activities (see the table below). The legal basis includes handling your personal information:

  • in order that we may perform our services and obligations under any contract with us
  • for the legitimate interests of SYMCA or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
  • for processing which is necessary for compliance with a legal obligation
  • where it is necessary to protect your vital interests or those of another person
  • where it is necessary for the performance of a task carried out in the public interest (referred to below as public task) or in the exercise of official authority vested in the data controller
  • with your consent. This means your freely given, specific, informed and unambiguous consent which must be collected from you at the time at which it is requested, including in relation to any direct marketing communications.

Visit the AEB section to read the AEB privacy notice.

You should be aware that you are entitled under data privacy law to withdraw your consent, where it has been given, at any time.  You can withdraw your consent by contacting us. See more details in the How to contact us section below.

You should be aware that if you do this and if there is no alternative lawful reason for us to rely on to justify the relevant use or other processing on your personal information, this may affect our ability to provide our services.

Security of personal information

We endeavour to use appropriate technical and physical security measures to protect personal information which is transmitted, stored or otherwise processed from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access, whenever this is collected in connection with our services.

In particular, we endeavour to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate: (a) pseudonymisation (such as where data is separated from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) and encryption, (b) ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services used to process your personal information, (c) ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (d) ensuring a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational security measures.

If there is a breach of security involving your personal information which we are concerned will involve risks to you, we shall, without undue delay, work to mitigate those risks and contact you and/or the data privacy supervisory authority in accordance with applicable laws.

Sharing your personal data

Your personal data will be treated as strictly confidential, and will be shared only under the following circumstances:

  • if we have your consent.
  • in exceptional circumstances – this might be to comply with legal requirement and regulatory requirements, for the administration of justice, to protect vital interests, to protect the security or integrity of our databases or this site, to take precautions against legal liability.
  • with third parties we are required to partner with to deliver the services you are seeking
  • with regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements and government

Transfer of data abroad

Unless explicitly specified, your data will not be transferred outside the European Economic Area (EEA). In the event that a data transfer is made, appropriate technological safeguards will be put in place.

How long will we keep your data?

South Yorkshire Mayoral Combined Authority will only collect information that is necessary for the purposes for which it was described above or in another privacy notice provided to you, or that is required by law. We will retain this for no longer than reasonably necessary. When determining the appropriate criteria and timeframe for retention of users’ data, we will refer to our Retention Policy and Schedule.

People who contact us via Social Media

Any interactions with us via Social Media are subject to the Privacy Notice of the site/application used. If you send us a direct or private message via social media, it will be processed in accordance with section 1 of the table below and retained in line with the SYMCA Retention Schedule.

People who use our public WiFi service

When you connect to our public WiFi service in our interchanges certain information such as the make of device and time you accessed the service is captured. This information is anonymised and you will never be contacted by us or our service suppliers as a result of using our WiFi service. We use the anonymised data to help us develop better products.

CCTV at interchanges and other SYMCA sites

All our sites have CCTV installed for the security and protection of customers and staff and for the prevention and detection of crime. The viewing and use of the recordings are strictly controlled.

Your rights and your personal data

Unless subject to an exemption under the UK GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which we hold about you.
  • The right to request that we amend or rectify any personal data if it is found to be inaccurate or out of date.
  • The right to request your personal data is erased where it is no longer necessary for us to retain such data.
  • The right to withdraw your consent to the processing at any time (Only where consent is relied upon as a processing condition).
  • The right to request that the we as the data controller provide you the data subject with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) (This right only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means).
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
  • The right to object to the processing of personal data, (where applicable) (This only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics)
  • The right not to be subject to a decision based solely on automated processing. (We do not make automated decisions)

Exercising your rights

Please see the contact details in the How to contact us section below if you wish to exercise any rights. We will endeavour to acknowledge requests within two working days and issue the appropriate response and information promptly and within the relevant statutory timescale (usually one month).

How do I request access to my personal information?

South Yorkshire Mayoral Combined Authority tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 2018. If we do hold information about you, we will:

  • give you a description of it.
  • tell you why we are holding it.
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

To make a request to the South Yorkshire Mayoral Combined Authority for any personal information we may hold you need to put the request in writing to the address provided below.

How to contact us

If you want to request information about our Privacy Notice or request a copy of any information we hold about you, you can email us using DPO@SouthYorkshire-CA.gov.uk or write to:

Steve Davenport
The Data Protection Officer
South Yorkshire Mayoral Combined Authority
11 Broad Street West
Sheffield
S2 1BQ

For independent advice about data protection, privacy and data sharing issues, you can contact the regulatory body Information Commissioner’s Office (ICO). For more information, including the ICO’s contact details please visit their website at www.ico.org.uk

Your right to lodge complaints with the data privacy supervisory authority

If you want to complain about any issues relating to your personal information, you can email or write to us using the address provided above.

You can also complain to the Information Commissioner’s Office, who can be contacted by telephone at 0303 123 1113, by email using the form at the following web link Contacting the ICO , or in writing to:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

South Yorkshire Mayoral Combined Authority is registered with the Information Commissioner’s Office under Registration number: ZA092329

Changes to this privacy notice

We keep our privacy notice under regular review. Our data practices may change from time to time. If and when our data practices change, we will notify you of the changes via this page where the current version of the Privacy Notice will be published. Where appropriate, we will notify you of changes usually by email, but occasionally in another more appropriate format such as letter. We also encourage you to check this page frequently.

This privacy notice was last updated in March 2023.

Cookies 

Like most websites we use ‘cookies’ to collect anonymous statistics about how people use the site, and to help us keep it relevant for the user. Cookies ‘remember’ bits of information from your visit to the site.

A cookie is a simple text file that’s stored on your computer or mobile device by a website’s server. Only that server can retrieve or read the contents of that cookie. Each cookie is unique to your web browser. So, if we put a cookie on your computer, it can’t be read by any other website.

Please see our cookie page for further details.

How we use cookies to collect statistics

To improve our service, we collect anonymous web statistics.

They store several cookies on users’ computers or mobile devices to tell us how many people have visited each web page, how they got there, and where they navigated to from there. The data collected is completely anonymous and does not store any personal details.

Changing your cookie settings

You can change your computer settings at any time to accept all cookies, to notify you when a cookie is issued, or not to receive cookies. How you do this depends on your web browser.

Find out more at  www.aboutcookies.org 

Terms and conditions

These terms and conditions cover www.southyorkshire-ca.gov.uk, www.travelsouthyorkshire.com, mytsy.travelsouthyorkshire.com.

When you use this website, you are agreeing to accept these terms and conditions, and any additional terms on individual pages within the sites.

We may change this information without notice, so you should revisit this page and any other relevant pages from time to time.

Copyright and use of content

Unless expressly stated the copyright and other intellectual property rights (such as design rights, trademarks, patents etc.) in any material provided on this website remains the property of South Yorkshire Mayoral Combined Authority (SYMCA) (or as, the case may be, another rightful owner). SYMCA-owned material on the website, including text and images, may not be printed, copied, reproduced, republished, downloaded, posted, displayed, modified, re-used, broadcast or transmitted in any way, except for the user’s own personal non-commercial use.

All content is available under the Open Government Licence, except where otherwise stated.

External links

The site includes links to other ‘external’ websites. We do not control or endorse these websites and are not responsible for their content.

Disclaimer and limitation of liability

We have taken all reasonable care to compile information and material on this website, but we are not responsible for any loss, damage or inconvenience caused by any inaccuracy or error.

South Yorkshire Mayoral Combined Authority, our suppliers and any third parties mentioned on the site are not liable for any damages arising from the use of, or inability to use, this site, or any websites linked to this site.

The legal basis for our use and other processing of your personal information under data privacy laws

 

Purpose of Data Use

Personal information used

Our Lawful Basis for using the information

1

To answer your queries or complaints

Contact details and records of your interactions with us.

We have a legitimate interest to handle your queries and complaints. Details of our complaints procedure can be found on our website.

 

2

To arrange and manage any contracts or funding agreements.

Contact details, transaction and payment information. Information about your business (sole traders & partnerships).

Records of your interactions with us.

Evidence required, including employee information, to authenticate funding claims.

This is necessary to enable us to properly administer and manage any contract or funding agreement with you.

3

To manage your relationship with us including providing business support. This may include telling you about events and news updates.

Contact details and records of your interaction with us. 

Information about your business (sole traders & partnerships)

The legal basis for handling this data is legitimate interest. We have determined through a legitimate interest test that the information we may send you is proportionate and necessary to provide you with the support you have requested. Whilst relying on legitimate interest as a legal basis for processing we will still ask you how you prefer to be contacted and you can unsubscribe at any time.

4

To send you general marketing information we think you might find useful or which you have requested from us, including our newsletters and information about events.

Contact details and marketing preferences.

The lawful basis for handling this data is consent.

5

For the purposes of promoting events and projects related to the activity of SYMCA.

Images in video and/or photographic form.

Where you have given us your explicit consent to do so.

6

To administer your attendance at any workshops, programmes or events you sign up to.

Contact details.

We have a legitimate interest to process this data to enable us to register you on to and properly manage and administer your attendance on any workshops, events or programmes you sign up to. 

7

For the purpose of undertaking statutory consultation exercises.

Contact details and records of your interaction with us.

The lawful basis for handling this data is public task.

8

For the purpose of managing a Mayoral election.

Electoral roll information.

The lawful basis for handling this data is public task.

9

For the purpose of meeting Access to Information obligations.

Images webcast live, retained and made available via the Combined Authority’s website.

The lawful basis for handling this data is legal obligation.

10

Retention of records

All the personal information we collect.

We have a legitimate interest in retaining records whilst they may be required in relation to complaints or claims. We need to retain records in order to properly administer and manage your relationship with us and in some cases we may have legal or regulatory obligations to retain records for the purposes of accounting and to audit our operations.

11

To conduct research and data

analysis and develop

statistics to better understand

event attendance

Records of your

attendance at any events.

 

This is necessary to perform our legitimate interest with you to ensure that our future events are relevant.

12

To conduct research and data analysis. 

Data made available to us through Data Sharing Agreements with partners.

The lawful basis for handling this data is legitimate interest.

13

To process applications for travel passes 

Details you provide in relation to your application.

The lawful basis for us to process your personal data is public task/legal obligation.

14

The prevention and detection of crime

Images captured on CCTV and personal information we collect.

The lawful basis for handling this data is public task/legal obligation.

15

To commission and fund adult education budget provision for learners within the South Yorkshire Region

 

Also see our specific AEB Privacy Notice

Data made available to us through Data Sharing Agreements with the ESFA or any other necessary parties.

The lawful basis for handling this data is public task. Any Special Category data processed will be processed in accordance with Article 9 (2)(g) GDPR.

16

To deliver and evaluate programmes funded by the Department of Education

Data made available to us through Data Sharing Agreements with the ESFA or any other necessary parties.

We have a legitimate interest to handle and transfer data to the Department of Education to enable effective delivery of Skills programmes including Multiply and Skills Bootcamps.

17

To deliver services to patients, clinicians, the health services and adult social care services workforce and the public about and in connection with Covid-19, including the provision of information, fit notes and the provision of health care and adult social care services. Specifically, this will enable: 

  1. understanding Covid-19 and risks to public health, trends in Covid-19 and such risks, and controlling and preventing the spread of Covid-19 and such risks;
  2. identifying and understanding information about patients with Covid-19 and collecting information about services in relation to testing for Covid-19;
  3. monitoring and managing the response to Covid-19 by health and social care bodies in relation to testing for Covid-19; 
  4. research and planning in relation to testing for Covid-19. 

 

Data made available to us through Data Sharing Agreements with PHE.

The lawful basis for handling this data is public task. Any Special Category data processed will be processed in accordance with Article 9 (2)(i) GDPR for reasons of public interest in the area of public health.

 

18

If you apply for a job or a non-Executive role with us

 

Contact details, employment history and experience.

The lawful basis relied upon is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract.

 

Information you provide to us during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. We will hold the information securely whether it’s in electronic or physical format.

We will only use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

We will ask you to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. If you do provide this ‘special category’ information we will rely article 9(2)(b) of the GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. And Schedule 1 part 1(1) of the DPA2018 which again relates to processing for employment purposes. This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide will be used only to produce and monitor equal opportunities statistics.

Data about unsuccessful applicants will be held within the recruitment system for a period of three months from the date of the interviews before being deleted.