PRIVACY STATEMENT – YMCA SCOTLAND
The new General Data Protection Regulation (GDPR) gives you more control over how your personal information is used. And it makes it quicker and easier for you to check and update the information we and other organisations we work with, hold about you.
This statement outlines:
- What data we collect
- How we may use it
- How we keep your data safe
WHO WE ARE
YMCA is a youth work organisation which works with 29 autonomous local YMCAs across Scotland and each YMCA is affiliated to YMCA Scotland. These YMCAs will have their own data protection policies and procedures. We are a charity SCO13792 and our registered office is 1 Chesser Avenue, Edinburgh, EH14 1TB.
YMCA Scotland is a data controller in respect of personal information that we process in connection with our activities.
We are committed to protecting both your data and your privacy and we want you to feel assured that any information you give us is held securely and safely, whether you are working for us, supporting us through campaigning, donations, volunteering, fundraising or events.
GETTING IN TOUCH
You have the right to ask for a copy of the information we hold about you and to have any inaccuracies in your information corrected. You also have the right to ask us to delete any personal information we hold about you. In some cases, we may be unable to delete data, such as if it is required for tax or Gift Aid purposes. In these cases, we will ensure that you are removed from future communications and processing. You can access your personal data held by us or request to receive your information in part or its entirety in machine readable format.
For all questions or concerns regarding the processing of your personal information, please do get in touch. You can write to:
Data Protection Lead
1 Chesser Avenue
Edinburgh EH14 1TB
You can email on firstname.lastname@example.org or call 0131 228 1464.
The Information Commissioner’s Office is the regulator for such activity and further information can be found at https://ico.org.uk
WHY AND HOW WE COLLECT YOUR DATA
When you give it to us directly
The vast majority of personal data we hold is given to us directly by our staff, campaigners, supporters, and volunteers in the course of them interacting with our services, websites or activities.
When we are working with a third party
We may work with other independent parties such as life assurance companies for staff, fundraising sites such as Just Giving or Virgin Money Giving. These independent third parties will only share your data with us when you have given permission for YMCA Scotland to contact you.
When your information is available publicly
We may combine information that we already have about you with information available publicly or information available from external sources to gain a better understanding of you. This includes the use of profiling and screening techniques to ensure communications are relevant and timely, and to provide an improved experience for our staff and supporters. Profiling also allows us to target our resources effectively, which supporters consistently tell us is a key priority for them. We do this because it allows us to understand the background of the people who support us and helps us to make appropriate requests to supporters who may be able and willing to give more than they already do. Importantly, it enables us to raise monies for the work YMCA undertakes with young people and their communities.
When building a profile of donors and supporters, we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. We also undertake this to help us identify potential donors and supporters.
In some situations, we may update our supporters, clients and volunteers’ personal information using external organisations, for example, to check we have a valid and deliverable postal address, or to check if you are registered with the Telephone Preference Service (TPS) or Fundraising Preference Service (FPS).
Depending on your settings or the privacy policies for social media and messaging services like Facebook or Twitter, you might give us permission to access information from those accounts or services.
You can opt out of your data being used in any of the above-mentioned ways at any time by contacting us at email@example.com or calling 0131 228 1464.
WHAT DATA WE COLLECT
Personal information is any data that can be used to identify you. It can include, but is not limited to, any of the data listed below.
Data protection law recognises that there are sensitive categories of personal information, such as health information, racial or ethnic origin, or religious beliefs or other beliefs. We would only collect sensitive personal information where there is a clear need to do so.
Before we collect any sensitive personal information, we will make it clear what information we are collecting and the purpose we are collecting it for.
Information we collect from you directly or from third parties with whom we work may include:
- full name
- email address
- telephone number
- contact preferences
- bank account or credit card details where required
- in relation to fundraising, employer details for processing a payroll gift and taxpayer status for claiming Gift Aid
- National Insurance number
- marital status
- health history where required
- date of birth, age, and/or gender
We may also collect and process information about your interactions with us, including details about our contacts with you through email, SMS, post, on the phone or in person. This might include the date, time, and method of contact, details about donations you make to us, events or activities that you register for or attend or any request for support.
We may also collect and record other relevant information you share with us about yourself, such as your interests or your affiliations with other charities, including local YMCAs, community or campaign groups.
HOW WE USE YOUR DATA
Delivering the services we do is something we cannot do without the help of people who share our passion for working with young people to enable them to truly belong, contribute and thrive. Supporting the work of YMCA Scotland such as being employed by us, supporting us in a variety of ways including raising funds, running campaigns and involving as wide a range of people as we can in our activities is hugely important to us.
We will only use and share your information where it is necessary for us to lawfully carry out our work.
The law allows personal data to be legally collected and used by an organisation if it is necessary for a legitimate business interest of the organisation – as long as its use is fair and balanced and does not unduly impact the rights of the individual concerned.
Where you give us your consent, we will also use your personal data in order to send you marketing and fundraising communications in connection with marketing and fundraising activities and services. This includes supporter newsletters and updates, plus appeals and fundraising activities.
Data sharing with third parties
We will not share your information with anyone outside YMCA Scotland except:
- Where we have your permission
- Where we are required by law and by law enforcement agencies, judicial bodied, government entities, tax authorities or regulatory bodies as required.
- To protect YMCA Scotland, for example in cases of suspected fraud or defamation
- Where we have legitimate situations with third parties, including fundraising agencies, whom we have contracted to fulfil specific services for us such as direct communication.
In all of these situations we set up a written contractual agreement that will ensure that those organisations can only use the data provided for the specific purposes we direct them to do, and that they have in place strict security requirements in order to protect your personal information and comply with GDPR.
To deliver services or manage our relationship with you, it is sometimes necessary for us to share your Personal Data outside the European Economic Area (EEA), e.g. – when your or our service providers are located outside the EEA; or if you are based outside the EEA.
Many non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, take reasonable steps to ensure any such supplier has in place appropriate measures to protect your information and any contract includes appropriate clauses about the use of data e.g. if the company is based in the USA, we will confirm whether it is accredited under the EU-US Privacy Shield.
Keeping your personal information safe
We take appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and up to date.
We also have procedures in place to deal with any suspected Data Security Breach. We will notify you and any Professional Regulators or other applicable regulator of a suspected Data Security Breach where we are legally required to do so.
How long will we keep your data?
We remove personal data from our systems in line with our data retention policy. The length of time each category of data will be retained will vary on how long we need to process it, the reason it is collected, and in line with any statutory requirements.
After this point the data will either be deleted or rendered anonymous. In certain specific situations, for example where a supporter has kindly pledged a legacy to us in their Will, we will maintain their details up to the time when we need to carry out the legacy administration and communicate effectively with their family.
Where we believe data might be relevant to a future safeguarding enquiry we reserve the right to retain data securely for up to 50 years to comply with our insurance and safeguarding guidance.
To find out more about our data retention policy, please contact us using the details above.
‘Cookies’ are small pieces of information sent by a web server to a web browser, which enables the server to collect information from the browser. Essentially it takes the form of a small text file deposited on your computer’s hard drive.
If you want to prevent our cookies being stored on your computer in future, you may do so by referring to your internet browser’s instructions. You can do this by clicking on the “Help” menu. Please note however that if you disable our cookies you may not be able to access certain services or facilities on our sites and your use of our sites may be restricted.
Cookies used on our website
Facebook and Twitter cookies, used on our website, help us to understand the effectiveness of our online advertising on those social platforms. Links to their privacy policies provided below:
The site also makes use of session cookies. Those cookies are necessary for site functionality and contain no personally identifiable information. They are deleted when the browser is closed.
Additionally, some of the pages on our website have embedded content and / or share buttons that enable users to easily share our content with their friends via a number of social networks. Those websites might set their own cookies when you log into their services. We do not control those cookies and suggest you check their websites on information on how manage them.
Our website also has links to other organisations who will have their own data protection privacy statements.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those services, for example when you publicly tag us in an event photo.