YMCA North Tyneside – Privacy Policy – May 2018

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by General Data Protection Regulation (the ‘GDPR’).

Data Controller

YMCA North Tyneside is the data controller. This means it decides how your personal data is processed and for what purposes.  YMCA North Tyneside may change this policy from time to time and any such changes will be published on our website. Notwithstanding any change to this policy, we will continue to process your personal data in accordance with your rights and our obligations in law.

How do we process your personal data?

We collect data necessary for YMCA North Tyneside to pursue its stated charitable objectives, and by running events, maintaining memberships, keep our members and supporters informed of our activities, marketing, fundraising and the effective running of YMCA North Tyneside through its staff, trustees and volunteers.

YMCA North Tyneside complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

In furtherance of this we use your personal data, which includes but is not limited to the following purposes: –

  • to administer membership records;
  • to maintain our financial accounts and records (including the processing of gift aid);
  • to provide news and information about events, activities and services at YMCA;
  • to fundraise and promote the interests of YMCA;
  • to manage employees and volunteers;
  • to enable YMCA to provide voluntary services for the benefit of the public in our local community;
  • Safeguarding casework and safer recruitment work;
  • Fulfilling obligations under Health & Safety legislation;
  • Conference/events management;
  • Issuing and arranging the distribution of publications, mailings and newsletters;
  • Enabling people to participate in campaigns/allowing the administration of campaigns;
  • Communication with existing/new/potential supporters of YMCA about enquiries relating to giving to/fundraising on behalf and promoting the interests of YMCA;
  • To respond to general enquiries.

Data collected and processed may include, but not be limited to:

  • name and job title
  • contact information including email address
  • demographic information such as postcode
  • Sensitive data may be collected where necessary for safeguarding purposes, or for employment purposes, or where required by law. Article 9 GDPR defines sensitive data as information about an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life, or sexual orientation.

What is the legal basis for processing your personal data?

Organisations are permitted to process data if they have a legal basis for doing so. YMCA North Tyneside processes data on the basis that:

  • YMCA North Tyneside has a legitimate interest to process data; and/or
  • Express and informed consent has been given by the person whose data is being processed; and/or
  • It is necessary in relation to a contract or agreement which the person has entered into or because the person has asked for something to be done so they can enter into a contract or agreement; and/or
  • There is a legal obligation on YMCA North Tyneside to process data; and/or
  • Processing is necessary to protect the vital interests of a data subject or another person (in accordance with safeguarding policy and practice).

Where we process special category sensitive data (under Article 9 of the GDPR) we process data on the basis that:

  • Explicit consent has been given by the person whose data is being processed; and/or
  • It is necessary for YMCA North Tyneside to carrying out its obligations under employment, social security or social protection law, or a collective agreement; and/or
  • Processing is necessary to protect the vital interests of a data subject or another individual where the data subject is physically or legally incapable of giving consent; (in accordance with safeguarding policy and practice); and/or
  • YMCA North Tyneside is a membership organisation and the processing relates only to members or former members or those who have regular contact with it in connection with its purposes, and no disclosure is made to a third party without consent of the person whose data is being processed; and/or
  • Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes.

Sharing your personal data

Your data will not be shared outside of YMCA North Tyneside, except where required to do so by law, or with trusted third parties where necessary to communicate with our members, office holders and volunteers (such as mailing companies for postal communications or through small email campaigns or newsletters), and only once satisfied that any such use of data will accord with this policy. Explicit, informed consent will be sought from individuals whenever and wherever required in accordance with data protection legislation.

Security

We are committed to ensuring that your information is secure.  In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the data we process.  Users of our web-based applications are responsible for keeping passwords confidential. We will only ask users for passwords for IT support purposes.

How long do we keep your personal data?

We retain data in paper or electronic format on the following basis:

 

Record Type Retention Period
Members and friends contact details 24 months after the last contact
Gift aid declarations and paperwork 6 years after the calendar year to which it relates
Personal data relating to events for which additional information is gathered eg Youth Club Trips Disposed of immediately after the event unless anything has occurred (eg an accident) which indicates that records should be retained for a longer period.
Records of attendance of children/young people and helpers Indefinitely for safeguarding purposes
Photographs and videos of events 24 months after the event – selected items retained for historical records
Insurance Records Indefinitely
Safeguarding matters Indefinitely or until advised otherwise by authorities
Accident Books 3 years from the date of the last entry (or, if the accident involves a child/ young adult, then until that person reaches the age of 21)
Complaints (non -safeguarding) 3 years after resolution of complaint (unless further action is anticipated)
Board Minutes Indefinitely
Employee Records 6 years after the date of termination of employment
Pension Records (money purchase) 6 years after transfer or value taken
Day Nursery records 6 years after child leaves our nursery
Housing Resident records 6 years after resident leaves our accommodation
Rejected Job Applicant records 6 months after applicant is notified of rejection
Applications of successful candidates, Employment contracts, changes to terms and conditions, copies of identification documents, performance and training records, Redundancy records 50 years after employment ceases
Disclosure & Barring Service Certificate number and date 50 years after employment / volunteering ceases
Employee Annual leave, sickness, parental leave, return to work records. Records for the purposes of tax returns including wage or salary records, records of overtime, bonuses and expenses. 6 years after end of each tax year
Pay as you earn records, income tax returns, NI, Correspondence with HMRC, National Minimum Wage compliance records, Statutory Sick Pay records. Statutory maternity, paternity and shared parental pay records, calculations, certificates or other evidence. Records relating to hours worked and payments made to workers 3 years after the end of the financial year to which they relate
Details of employee benefits in kind, income tax records (P45, P60, P58, P48 etc), annual return of taxable pay and tax paid. 4 years after end of each tax year
Records of reportable injuries, diseases or dangerous occurrences. Injury arising out of accident at work 3 years from date of the entry
Lists or register of employees who have been exposed to asbestos dust, including health records of each employee. Medical records and details of biological tests under the Control of Lead at Work Regulations. Medical records as specified by the Control of Substances Hazardous to Health Regulations (COSHH). Records of monitoring of exposures to hazardous substances (where exposure monitoring is required under COSHH) 40 years from the date of the last entry made in the record
Records of tests and examinations of control systems and protective equipment under COSHH 5 years from the date on which the record was made

 

We regularly review the data we hold and securely delete any personal data that is no longer necessary for us to process.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

  • The right to request a copy of your personal data which YMCA North Tyneside holds about you (a Subject Access Request or ‘SAR’);;
  • The right to request that YMCA North Tyneside corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for YMCA North Tyneside to retain such data. (Records will remain in skeleton, to ensure no further contact in future);
  • The right to withdraw your consent to the processing at any time
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
  • The right to lodge a complaint with the Information Commissioner’s Office.

 

Fundraising

You can contact the Fundraising Regulator on 0300 999 3407 or via email: enquiries@fundraisingregulator.org.uk or at Fundraising Regulator, 2nd Floor, CAN Mezzanine Building, 49 – 51 East Road, London N1 6AH.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Contact Details

To exercise all relevant rights, queries of complaints please in the first instance contact the Data Protection Officer at dataprotection@ymcanorthtyneside.org or Data Protection, YMCA North Tyneside, Church Way, North Shields. NE29 0AB.

You can contact the Information Commissioner’s Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.


 

Web browsing and cookies

What is a cookie?

A cookie is a small file that we send to your computer or other device that is accessing YMCA North Tyneside website and that we can then access when you visit YMCA North Tyneside website again in the future. By sending cookies like this we are able to offer you an improved user experience when using YMCA North Tyneside website.

Does YMCA North Tyneside website set cookies?

Yes, we currently use cookies on this website to count the numbers of visitors and understand how to serve our visitors and members better. When you use YMCA North Tyneside website, a small number of cookies are set.

What cookies are set?

YMCA North Tyneside website current sets the following cookies:

__atuvc: A cookie issued by the “AddThis” service which we use throughout YMCA North Tyneside website to allow content to be shared between different services. This cookie expires after two years and is set in line with the AddThis Privacy Policy: http://www.addthis.com/privacy/privacy-policy

Google Analytics (__utma, __utmb, __utmc, __utmv, __utmz): We use Google Analytics to monitor and analyse how our site is working, which areas are most popular and a number of quality indicators. Google Analytics generates anonymous statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available at: https://policies.google.com/privacy

Additional cookies may sometimes be set by third-party services used through YMCA North Tyneside website. These include but are not necessarily limited to Google, Twitter, YouTube and Facebook.

None of the cookies above contain any personal data or information that could be used to identify you personally. Their purpose is solely to improve the functionality and quality of service of YMCA North Tyneside website.

Can I disable the cookies?

Yes. Most browsers allow you to refuse to accept cookies. This choice will, however, have a negative impact upon the usability of many websites, including this one.

Most browser companies provide instructions on disabling cookies on their websites. You can learn more about cookies and how to disable them at www.cookiesandyou.com