Update to our privacy and cookies notice
Privacy and Cookies Notice
This policy is written in accordance with the General Data Protection Regulation and the Data Protection Act 2017. Fylde Coast YMCA is registered under the Act as a Data Controller under the number Z830776X.
The processing of your personal information is carried out by or on behalf of Fylde Coast YMCA and Fylde Coast YMCA Trading Ltd.
YMCA is a registered charity in England and Wales (3685477). References to ‘YMCA’, ‘we’ or ‘our’ are to Fylde Coast YMCA, Fylde Coast YMCA Trading Ltd is a company registered in England and Wales.
How can you contact us?
You can write into the: Data Protection Officer
YMCA Head Office, St. Albans Road, Lytham Saint Annes, Lancashire, FY8 1XD
You can email our Data Protection Officer at: email@example.com
Or contact our Data Protection Officer by telephone: 01253 895115 ext.2025
When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual. The YMCA is committed to protecting your personal information and being transparent about; what information we hold, how we collect it, how we will use it, how we are protecting your data and rights and how long it is stored for.
We regularly check this notice to ensure we provide you with the most up-to-date information regarding our data processing activities.
This privacy notice was last updated July 2020 the next scheduled review is July 2021
This privacy notice includes any data we collect from you during your relationship with YMCA, this may be via:
- Paper forms you may fill out
- Verbal data collection
- Forms via our website or online surveys
- Cookies and analytics on our websites
- Communications via social media
- Photographs, video or audio recordings
Why we collect your data
The YMCA only collects personal details needed to deliver the service you expect from our; physical activity, young people, outdoor education and housing services.
Depending on the service you receive or use the information we are required to process may include:
- to process your personal information in the administration of a leisure centre membership
- to provide you with advice or support that you have requested or been referred to
- to provide children and young people under the age of 16 with advice, support, activities that develop physical fitness and emotional wellbeing with the permission of a parent/guardian or carer
- to process personal details required for the administration of your booked training course
- to communicate with you regarding YMCA’s work, fundraising, and campaigning activities
- to process donations and administer Gift Aid information for any donation you make to YMCA
- for our own internal administrative purposes, and to keep a record of your relationship with us
- to manage your communication preferences
- to process job applications or volunteer placements
- to conduct surveys, research and gather feedback
- to comply with applicable laws and regulations, and requests from statutory agencies
- to comply with contractual obligations surrounding monitoring and evaluation requirements from funding bodies
- Data required to process and contact you regarding payments you make to YMCA.
Information we collect
We collect the following information:
- Your full name
- Contact details – including your postal address, telephone numbers and email address
- Date of birth
- Your bank details
- Your health information; physical and mental health dependent on the service being accessed
- Information regarding your criminal record e.g. DBS checks
- Photographs, video or audio recordings
- Records of your correspondence and engagement with us
- Your communication preferences
- Details of your personal circumstances if you are accessing our housing advise or supported accommodation schemes
- Medical information if you are using our physical activity referral programme ‘Your Move’ from GP’s with your consent
- CCTV, many of our premises are surveyed by CCTV for the purposes of security. Images and videos may be retained for a limited period.
- IP Address
- Web browser type and version
- A list of URLs starting with a referring site, your activity on our site and your behaviour on our site
This information may be collected via
- Any paper forms you complete at a YMCA centre
- Telephone conversations or face-to-face interactions
- Digital forms completed via our website or online surveys distributed by departments
- Third party companies and websites such as JustGiving
- Applications for employment or volunteering
- Communication via social media
- Cookies and analytics on our websites
- Photographs, video or audio recordings
We may also collect sensitive personal information about you dependent on the requirements of our services such as your; personal circumstances, family history, health information, religion, sexuality, ethnicity, political and philosophical beliefs and criminal record.
Why are we allowed to process your personal information?
Our Privacy and Cookie policies take into account several laws including:
- The Data Protection Bill 2017 (replacing the Data Protection Act 1998)
- The Privacy and Electronic Communications (EC Directive) Regulations 2003
- General Data Protection Regulation (EU) 2016/679, which will come into force in the UK on the 25th May 2018 and replace the (previous EU Directive)
Accessing and updating your personal information
If you would like to update your communication preferences email; firstname.lastname@example.org
You can ask us what information we hold about you by contacting us, or for any other data protection enquiries email our Data Protection Officer at: Grant.Sellars@fyldecoastymca.org or write to us; Data protection officer, YMCA Fylde Coast Head Office, St Albans Road, Lytham Saint Annes, Lancashire, FY8 1XD
Using your personal data
If you are receiving advice, guidance or support from YMCA we will need to process your data because of your specific relationship with us.
All of your personal information and sensitive personal information such as; notes, letters and information given to us about you is stored in an individual confidential file only accessible by individuals in the organisation tasked to advise or support you. We take information security very seriously and no one is allowed access to our system or files unless they need it to provide a service to you, or one of the other purposes aforementioned in this notice.
We send the following marketing materials;
- Direct marketing by email
- Direct marketing by SMS
- Direct marketing by post
We will never share or sell your personal data to a third-party organisation for its marketing, fundraising or campaigning purposes
You are able to withdraw your consent to marketing materials or update your preferences for marketing materials at any point using the details in the ‘contact us’ section.
Electronic communications such as emails will always include a link to unsubscribe from future electronic communications, so you can manage your own communication preferences.
When you make changes to your consent for marketing materials YMCA will aim to update your record within one month (unless you have unsubscribed to email marketing which occurs immediately). We will still be required to send you updates surrounding transactions and service-based communications such as; the administration of your leisure membership, booking, use of our housing service and youth services.
Sharing information with third party providers
If in the course of receiving a YMCA service where deemed necessary we may agree to refer you to a third party provider, this may require us to share relevant information such as (but not limited to); contact details, background information, information about the service we are providing to you, health and medical information.
Our policy is to ensure where possible we have sought permission from the individual, parent, guardian or carer to do so, all associated personal data that is shared will be suitably protected.
Depending on your settings or the privacy policies for social media messaging services like Facebook, Twitter, and Instagram, you may receive targeted advertisements through our use of social media audience tools. For example, Facebook’s ‘Custom’ and ‘Lookalike’ Audiences’ programmes enable us to display adverts to our existing supporters or leisure centre members when they visit Facebook, or other people who have similar interests or characteristics to our supporters or leisure centre members. We may provide your data (including your email address) to Facebook, so it can determine whether you are a registered account holder with them, or so that Facebook create a ‘lookalike’ audience. Our adverts may then appear when you access Facebook. We only work with social media networks that provide a facility for secure and encrypted upload of data, and immediately delete any records not matching with their own user base. For more information, or to manage your social media ad preferences, please see Facebook’s Data Policy.
Our legal basis for processing personal data
We need a lawful basis to collect and use your personal data under data protection law. There are six legal justifications for processing personal information and eight additional ways for processing special category personal information. 4 number of these are relevant to the types of processing that we carry out. This includes information that is processed on the basis of:
- A person’s consent (to direct marketing by email or SMS)
- A contractual relationship (to provide you with an annual leisure centre membership, or goods and services that you have purchased from us)
- Processing that is necessary for compliance with a legal obligation
- Activities falling within our legitimate interests as a non-profit organisation
Charity Governance: including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes
Administration and operational management: responding to solicited enquires, providing information and services, research, event management, the administration of volunteers, employment and recruitment requirements.
NHS Track and Trace
Due to the COVID-19 pandemic we all need to work together to slow the spread of COVID-19 and part of this process means we have to work with the government and NHS as part of their contact tracing system, NHS Track & Trace.
We will not use your information for any other purpose other than to provide your details to the NHS and/or the government as part of the Track & Trace Programme should an outbreak of COVID-19 occur locally. We will ask you before we do.
Retention of your personal data
Whatever your relationship with us, we will only store your information for a specified amount of time, as set out in our internal data retention policy. The type of data kept by us will depend upon laws and regulations that the personal information falls within such as financial regulations, Limitations Act, Health and Safety Regulations or Contractual obligations we may have with local government. We have a retention schedule for all the information we possess, once the retention period has expired the information will be confidentially disposed of and or permanently deleted from our software and digital systems.
Security of your personal data
Our organisation takes the security of your personal information very seriously, we use appropriate technical and organisational measures to protect your personal data and to prevent the loss, misuse, damage or alteration of your personal data.
Our organisation takes all reasonable precautions to ensure that information received from third parties is processed and stored safely, however, we cannot take responsibility for the actions of third parties before the information is transferred to our organisation.
Our website uses a small number of cookies to give us a better overall picture of how people interact with the site, and how we can improve our services for our clients and supporters. The information we gather through this process is completely anonymous, and we cannot identify visitors to our site.
(a) ensure content on the website is relevant to you
(b) remember your choices so we don’t have to ask you every time you visit
(c) improve your experience on our website by providing statistical data on overall usage, and anonymised trend data from website visitors
(d) continually improve our services and website
This cookie is automatically created by ASP.NET and is required for functionality of the website. More details about this cookie are available on http://support.microsoft.com/kb/899918
- Google Analytics (4 cookies: _utma, _utmb, _utmc, _utmz)
If invoked in the Connect configuration, these third party cookies are created and used by Google to collect information about how visitors use a website. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
Some old versions of Connect may use this cookie to store the current visual theme selected by visitor.
Right to be informed
You have the right to understand how your personal data will be used. This privacy notice should provide you with sufficient information to understand this, if you have any queries please get in contact with our Data Protection Officer the information is located in ‘Contact Us’.
Right of access
You have the right to know what information we hold about you and to ask in writing to see these records. The YMCA will aim to supply any information that you request to see within 30 days but for more complex requests this may be extended to 60 days if this is occurs we will contact you to update you. We will not charge you for this other than in exceptional circumstances. Once the request has been made, before we release information to you, you will be asked for proof of identity as the staff member dealing with your request will need to verify your identity as a security measure.
Right to withdraw consent
Where we process your information based on consent such as; marketing, you can withdraw that consent at any time. If you would like to withdraw your consent you can do this by clicking unsubscribe in our marketing emails, text stop for SMS marketing, email email@example.com to withdraw consent or ask one of our employees to change your communication preferences.
Right to restrict processing
In certain situations, you have the right to ask for the YMCA to restrict the processing of your personal information if your personal data is inaccurate or there is a disagreement on the legitimacy of the processing.
Right of erasure
In some cases you have the right to be forgotten (i.e. have your information removed from our databases). The YMCA will inform you whether you have the right to be forgotten from our databases and we will give confirmation of deletion by email or post.
Right of rectification
If you believe that the information the YMCA holds about you is inaccurate, you have the right to ask for those records to be updated. To update your details you can contact us through the contact details provided in this privacy notice or by speaking to an employee in one of our YMCA’s.
Right to data portability
If we are processing your personal information because you have given your consent for us to collect it, you have the right to request that the data is transferred from one service provider to another.
If you have complaints concerning the use of your personal information, please get in touch with us using the information provided in the contact us section. We would be happy to help and discuss your concerns.
If you are not satisfied with how we handle your request, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website http://www.ico.org.uk