YMCA Privacy & Cookies

YMCA PRIVACY POLICY

Privacy and Cookies Notice

This policy is written in accordance with the General Data Protection Regulation and the Data Protection Act 2017. Fylde Coast YMCA is registered under the Act as a Data Controller under the number Z830776X.

The processing of your personal information is carried out by or on behalf of Fylde Coast YMCA and Fylde Coast YMCA Trading Ltd.

YMCA is a registered charity in England and Wales (3685477). References to ‘YMCA’, ‘we’ or ‘our’ are to Fylde Coast YMCA, Fylde Coast YMCA Trading Ltd is a company registered in England and Wales.

This privacy policy was last updated in July 2022

How can you contact us?

If you have any questions or concerns regarding our Privacy Policy or our processing of your personal information, please contact our Data Protection Officer

You can write into the: Data Protection Officer

YMCA Head Office, St. Albans Road, Lytham Saint Annes, Lancashire, FY8 1XD

You can email our Data Protection Officer at: dpo@fyldecoastymca.org

Or contact our Data Protection Officer by telephone: 01253 895115 ext.2025

When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual. The YMCA is committed to protecting your personal information and being transparent about; what information we hold, how we collect it, how we will use it, how we are protecting your data and rights and how long it is stored for.

We regularly check this notice to ensure we provide you with the most up-to-date information regarding our data processing activities.

This privacy notice was last updated July 2022 the next scheduled review is February 2023

This privacy notice includes any data we collect from you during your relationship with YMCA, this may be via:

  • Paper forms you may fill out
  • Verbal data collection
  • Forms via our website or online surveys
  • Cookies and analytics on our websites
  • Communications via social media
  • Photographs, video or audio recordings

Why we collect your data

The YMCA only collects personal details needed to deliver the service you expect from our physical activity, young people, outdoor education and housing services.

Depending on the service you receive or use the information we are required to process may include:

  1. to process your personal information in the administration of a leisure centre membership
  2. to provide you with advice or support that you have requested or been referred to
  3. Where you have named someone as your emergency contact and provided us with personal data about that individual, it is your responsibility to ensure that that individual is aware of and accepts the terms of this Privacy Policy.
  4. to provide children and young people under the age of 16 with advice, support, activities that develop physical fitness and emotional wellbeing with the permission of a parent/guardian or carer
  5. to process personal details required for the administration of your booked training course
  6. to communicate with you regarding YMCA’s work, fundraising, and campaigning activities
  7. to process donations and administer Gift Aid information for any donation you make to YMCA
  8. for our own internal administrative purposes, and to keep a record of your relationship with us
  9. to manage your communication preferences

10.to process job applications or volunteer placements

11.to conduct surveys, research and gather feedback

12.to comply with applicable laws and regulations, and requests from statutory agencies

13.to comply with contractual obligations surrounding monitoring and evaluation requirements from funding bodies

  1. Data required to process and contact you regarding payments you make to YMCA.

Information we collect

We collect the following information:

  1. Your full name
  2. Contact details – including your postal address, telephone numbers and email address
  3. Date of birth
  4. Your bank details
  5. Your health information; physical and mental health dependent on the service being accessed
  6. Information regarding your criminal record e.g. DBS checks
  7. Photographs, video or audio recordings
  8. Records of your correspondence and engagement with us
  9. Your communication preferences
  1. Details of your personal circumstances if you are accessing our housing advise or supported accommodation schemes
  2. Medical information if you are using our physical activity referral programme ‘Your Move’ from GP’s with your consent
  3. CCTV, many of our premises are surveyed by CCTV for the purposes of security. Images and videos may be retained for a limited period.
  4. IP Address
  5. Web browser type and version
  6. A list of URLs starting with a referring site, your activity on our site and your behaviour on our site

This information may be collected via

  1. Any paper forms you complete at a YMCA centre
  2. Telephone conversations or face-to-face interactions
  3. Digital forms completed via our website or online surveys distributed by departments e.g. Join Online
  4. Third party companies and websites such as JustGiving and Corporate Clients (e.g. AXA, Fylde Council and Wyre Council)
  5. Applications for employment or volunteering
  6. Communication via social media
  7. Cookies and analytics on our websites
  8. Photographs, video or audio recordings

We may also collect sensitive personal information about you dependent on the requirements of our services such as your; personal circumstances, family history, health information, religion, sexuality, ethnicity, political and philosophical beliefs and criminal record.

Why are we allowed to process your personal information?

Our Privacy and Cookie policies take into account several laws including:

  • The Data Protection Bill 2017 (replacing the Data Protection Act 1998)
  • The Privacy and Electronic Communications (EC Directive) Regulations 2003
  • General Data Protection Regulation (EU) 2016/679, which will come into force in the UK on the 25th May 2018 and replace the (previous EU Directive)

Accessing and updating your personal information

If you would like to update your communication preferences email; enquiries@fyldecoastymca.org

You can ask us what information we hold about you by contacting us, or for any other data protection enquiries email our Data Protection Officer at: john.cronin@fyldecoastymca.org or write to us; Data protection officer, YMCA Fylde Coast Head Office, St Albans Road, Lytham Saint Annes, Lancashire, FY8 1XD

Using your personal data

If you are receiving advice, guidance or support from YMCA we will need to process your data because of your specific relationship with us.

All of your personal information and sensitive personal information such as; notes, letters and information given to us about you is stored in an individual confidential file only accessible by individuals in the organisation tasked to advise or support you. We take information security very seriously and no one is allowed access to our system or files unless they need it to provide a service to you, or one of the other purposes aforementioned in this notice.

We send the following marketing materials;

  1. Direct marketing by email
  2. Direct marketing by SMS
  3. Direct marketing by post

We will never share or sell your personal data to a third-party organisation for its marketing, fundraising or campaigning purposes

You are able to withdraw your consent to marketing materials or update your preferences for marketing materials at any point using the details in the ‘contact us’ section.

Electronic communications such as emails will always include a link to unsubscribe from future electronic communications, so you can manage your own communication preferences.

When you make changes to your consent for marketing materials YMCA will aim to update your record within one month (unless you have unsubscribed to email marketing which occurs immediately). We will still be required to send you updates surrounding transactions and service-based communications such as; the administration of your leisure membership, booking, use of our housing service and youth services.

Sharing information with third party providers

If in the course of receiving a YMCA service where deemed necessary we may agree to refer you to a third party provider, this may require us to share relevant information such as (but not limited to); contact details, background information, information about the service we are providing to you, health and medical information.

For corporate client memberships, this may require us to share relevant information to local authorities and businesses to manage your membership such as (but not limited to); contact details, background information, information about the service we are providing to you, health and medical information. Corporate clients include Fylde Council, Wyre Council, AXA Insurance, BiU, RNLI.

For our housing service YMCA Fylde Coast feel that it is important and highly beneficial to service users if we adopt a Multi-Agency approach to the support and guidance which we are able to offer you. The staff may work in liaison with other outside agencies to offer an integrated level of support, guidance and training opportunities to benefit you such as local authorities, the police, social care, education and anyone else who may be relevant in assessing a request for accommodation. Any request for information will be discussed with you before we contact the relevant agencies.

We may also need to discuss your level of income whilst residing at the scheme with agencies who determine any benefit which you may be entitled to, this includes Housing Benefit.  This may be necessary to support your claim for, and continued entitlement to benefit.

If you do not provide information requested to enable an appropriate decision regarding suitability for accommodation, then YMCA Fylde Coast may not be able to grant a tenancy agreement.

All information collected will only be used for the purpose for which it was collected unless there is reasonable reason for it to be used for another purpose.

All information will be held only for as long as necessary. Under the data storage policy information relating to all tenants will be professionally disposed of seven years after the ending of a tenancy. Any information given by unsuccessful applicants will be held for one year before being disposed of.

Any information shared with third parties is done only when required by law, where it is required as part of the service installation or accommodation responsibilities or where there is a legitimate reason in doing so, this may include but is not limited to-

  • Professionals including solicitors and accountants
  • Letting agents
  • Existing or previous landlords
  • Existing or previous employers
  • Credit referencing agencies
  • Debt collectors
  • Local authorities or government public bodies
  • Ombudsman
  • Professional body
  • Courts/ tribunals
  • Police
  • Internet service providers
  • Bank and building societies
  • Tenants next of kin in the case of an emergency
  • Tenancy deposit schemes
  • Benefit administrator’s
  • HM revenue and customs
  • Council tax
  • Contractors and tradesman attending the property
  • Other landlords where you may apply for accommodation
  • KPI reporting methods to demonstrate the impact of our services g. YMCA England & Wales. When published this will be anonymised, but YMCA England & Wales may have access to personal data initially such as name, DOB etc

 

No information will be transferred outside of the European Economic Area

This privacy notice should provide you with sufficient information to understand this, if you have any queries please get in contact with our Data Protection Officer the information is located in ‘Contact Us’.

Our policy is to ensure where possible we have sought permission from the individual, parent, guardian or carer to do so, all associated personal data that is shared will be suitably protected.

Social media/digital

Depending on your settings or the privacy policies for social media messaging services like Facebook, Twitter, and Instagram, you may receive targeted advertisements through our use of social media audience tools. For example, Facebook’s ‘Custom’ and ‘Lookalike’ Audiences’ programmes enable us to display adverts to our existing supporters or leisure centre members when they visit Facebook, or other people who have similar interests or characteristics to our supporters or leisure centre members. We may provide your data (including your email address) to Facebook, so it can determine whether you are a registered account holder with them, or so that Facebook create a ‘lookalike’ audience. Our adverts may then appear when you access Facebook. We only work with social media networks that provide a facility for secure and encrypted upload of data, and immediately delete any records not matching with their own user base. For more information, or to manage your social media ad preferences, please see Facebook’s Data Policy.

Our legal basis for processing personal data

We need a lawful basis to collect and use your personal data under data protection law. There are six legal justifications for processing personal information and eight additional ways for processing special category personal information. 4 number of these are relevant to the types of processing that we carry out. This includes information that is processed on the basis of:

  1. A person’s consent (to direct marketing by email or SMS)
  2. A contractual relationship (to provide you with an annual leisure centre membership, or goods and services that you have purchased from us)
  3. Processing that is necessary for compliance with a legal obligation
  4. Activities falling within our legitimate interests as a non-profit organisation

Legitimate interests

Charity Governance: including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes

Administration and operational management: responding to solicited enquires, providing information and services, research, event management, the administration of volunteers, employment and recruitment requirements.

NHS Track and Trace

Due to the COVID-19 pandemic we all need to work together to slow the spread of COVID-19 and part of this process means we have to work with the government and NHS as part of their contact tracing system, NHS Track & Trace. We will not use your information for any other purpose other than to provide your details to the NHS and/or the government as part of the Track & Trace Programme should an outbreak of COVID-19 occur locally. We will ask you before we do.

Retention of your personal data

Whatever your relationship with us, we will only store your information for a specified amount of time, as set out in our internal data retention policy. The type of data kept by us will depend upon laws and regulations that the personal information falls within such as financial regulations, Limitations Act, Health and Safety Regulations or Contractual obligations we may have with local government. We have a retention schedule for all the information we possess, once the retention period has expired the information will be confidentially disposed of and or permanently deleted from our software and digital systems.

Security of your personal data

Our organisation takes the security of your personal information very seriously, we use appropriate technical and organisational measures to protect your personal data and to prevent the loss, misuse, damage or alteration of your personal data.

Our organisation takes all reasonable precautions to ensure that information received from third parties is processed and stored safely, however, we cannot take responsibility for the actions of third parties before the information is transferred to our organisation.

Cookies

We use cookies to collect browser data when you visit our website. A cookie is a small text file that is transferred from a website to your computer, phone or tablet. It allows information to be passed back and forth between your device and our website. For example, it may store details that you submit on the site — like your personal settings, location, or what you have in a shopping cart etc. — so you don’t need to enter information more than once.

We don’t use cookies to identify users personally. We only store information that you’ve specifically given us permission to store.

Our website uses a small number of cookies to give us a better overall picture of how people interact with the site, and how we can improve our services for our clients and supporters. The information we gather through this process is completely anonymous, and we cannot identify visitors to our site.

We use cookies to:

(a) ensure content on the website is relevant to you

(b) remember your choices so we don’t have to ask you every time you visit

(c) improve your experience on our website by providing statistical data on overall usage, and anonymised trend data from website visitors

(d) continually improve our services and website

  • ASP.NET_SessionId This cookie is automatically created by ASP.NET and is required for functionality of the website. More details about this cookie are available on http://support.microsoft.com/kb/899918
  • Google Analytics (4 cookies: _utma, _utmb, _utmc, _utmz) If invoked in the Connect configuration, these third party cookies are created and used by Google to collect information about how visitors use a website. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
  • currentTheme Some old versions of Connect may use this cookie to store the current visual theme selected by visitor.

Your Rights

Right to be informed

You have the right to understand how your personal data will be used. For corporate client memberships, this may require us to share relevant information to local authorities and businesses to manage your membership such as (but not limited to); contact details, background information, information about the service we are providing to you, health and medical information. Corporate clients include Fylde Council, Wyre Council, AXA Insurance, BiU, RNLI.

For our housing service YMCA Fylde Coast feel that it is important and highly beneficial to service users if we adopt a Multi-Agency approach to the support and guidance which we are able to offer you. The staff may work in liaison with other outside agencies to offer an integrated level of support, guidance and training opportunities to benefit you such as local authorities, the police, social care, education and anyone else who may be relevant in assessing a request for accommodation. Any request for information will be discussed with you before we contact the relevant agencies.

We may also need to discuss your level of income whilst residing at the scheme with agencies who determine any benefit which you may be entitled to, this includes Housing Benefit.  This may be necessary to support your claim for, and continued entitlement to benefit.

This privacy notice should provide you with sufficient information to understand this, if you have any queries please get in contact with our Data Protection Officer the information is located in ‘Contact Us’.

Right of access

You have the right to know what information we hold about you and to ask in writing to see these records. The YMCA will aim to supply any information that you request to see within 30 days but for more complex requests this may be extended to 60 days if this is occurs we will contact you to update you. We will not charge you for this other than in exceptional circumstances. Once the request has been made, before we release information to you, you will be asked for proof of identity as the staff member dealing with your request will need to verify your identity as a security measure.

Right to withdraw consent

Where we process your information based on consent such as; marketing, you can withdraw that consent at any time. If you would like to withdraw your consent you can do this by clicking unsubscribe in our marketing emails, text stop for SMS marketing, email enquiries@fyldecoastymca.org to withdraw consent or ask one of our employees to change your communication preferences.

Right to restrict processing

In certain situations, you have the right to ask for the YMCA to restrict the processing of your personal information if your personal data is inaccurate or there is a disagreement on the legitimacy of the processing.

Right of erasure

In some cases you have the right to be forgotten (i.e. have your information removed from our databases). The YMCA will inform you whether you have the right to be forgotten from our databases and we will give confirmation of deletion by email or post.

Right of rectification

If you believe that the information the YMCA holds about you is inaccurate, you have the right to ask for those records to be updated. To update your details you can contact us through the contact details provided in this privacy notice or by speaking to an employee in one of our YMCA’s.

Right to data portability

If we are processing your personal information because you have given your consent for us to collect it, you have the right to request that the data is transferred from one service provider to another.

Complaints

If you have complaints concerning the use of your personal information, please get in touch with us using the information provided in the contact us section. We would be happy to help and discuss your concerns.

If you are not satisfied with how we handle your request, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website http://www.ico.org.uk