Your data will be controlled by YMCA Thames Gateway which is providing services to you or communicating to you and is therefore regarded as the data controller of your personal information. The contact address of YMCA Thames Gateway is: 29 Rush Green Road, Romford, Essex RM7 0PH.
We may revise this Policy at any time by amending this page. You are expected to check this page from time to time to take notice of any changes we make or request an updated copy of this document from the Quality & Compliance Department, as they are binding on you.
This Policy covers the following:
- Explanation Of Applicable Data
- The Information We Collect And Where We Get It
- How We Use The Information We Collect
- Grounds For Using Your Personal Information
- How We Share Information With Third Parties
- Retaining Your Information And How We Secure It
- Your Choices And Rights
- YMCA Thames Gateway Cookies Policy
- How Long Will Cookies Remain On My Computer?
- Third Party Cookies
For the purpose of this policy, personal data refers to information that relates to an identifiable living individual, including information such as an online identifier for example an IP address. The General Data Protection Regulations (GDPR) applies to both automated personal data and to manual filing systems, where personal data is accessible according to specific criteria, as well as to chronologically ordered data and pseudonymised data.
Data referred to in the GDPR as ‘special categories of personal data’ (previously termed ‘Sensitive Personal Data’) specifically includes the processing of race; ethnic origin; religion; trade union membership; genetics; biometrics (where used for ID purposes); health or sexual orientation.
“Personal information” is therefore any information that can be used to identify you or that we can link to you and which we at YMCA Thames Gateway have in our possession or control.
If you are under 13 years of age you must get permission from a parent/guardian before you provide any personal information to us.
YMCA Thames Gateway collects and therefore processes the following personal information about you:
Information that you provide to YMCA Thames Gateway
We will process personal information that you give to YMCA Thames Gateway including when you email us or contact us through various methods as follows:
- Signing up for YMCA Thames Gateway services: when you register to become a member with us, or seek support and assistance from us, or sign up for our newsletters, events or obtain any of our services, or when you contact us with queries, or respond to our communications, the personal information you provide may include your full name, title, telephone number, email address and additional content, date and time of your email correspondence, date of birth, marital status, bank details, photograph, national insurance number, criminal convictions and offences, and information about your current or previous employment, education or your business.
- When providing charitable services to YMCA Thames Gateway: you may provide us with personal data including name, address, bank details or contact information when you provide us with a donation, when you allow us to claim Gift Aid on your donation, or when you volunteer on our behalf, when you fundraise on our behalf, or register for one of our charitable events.
- When providing YMCA Thames Gateway with services: if you are a corporate client, partner or preferred supplier of YMCA Thames Gateway you will provide us with personal information when you, or the company you represent, become a client, partner or preferred supplier with us. If you are not a client, partner or preferred supplier we may still collect or receive your personal information because you are involved in a business relationship with us.
- When participating in recruitment activities: when you apply for any role with us you may provide us with your full name, date of birth, nationality, education and qualification details, your gender, your CV, photograph, passport details, marital status, home address and home telephone number, mobile telephone number and other details set out in your communications to us. We may also require information about your criminal record.
- To enable processing of payments and fraud prevention: Financial and Payment Data Including bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information.
- To enable equality and monitoring: When using, applying or joining YMCA Thames Gateway then your sensitive personal data (that is, information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences, or genetic or biometric data) may be collected in order to carry out opportunities monitoring and comply with the legal obligations.
- Applying for placements and work experience: When you apply to us for any potential work placement you may provide us with details such as your name, email address, postal address and employment details.
Other information YMCA Thames Gateway collect about you
YMCA Thames Gateway may also collect information from other sources such as a guardian or family member or friend or representative that contacts us on your behalf or names you as their emergency contact.
YMCA Thames Gateway uses CCTV on premises and understands that recording images of identifiable individuals constitutes as processing personal information. CCTV is used in line with data protection principles and YMCA Thames Gateway notifies staff and visitors of the purpose for collecting CCTV images via notice boards, letters and email.
YMCA Thames Gateway will always indicate its intentions for taking photographs or video of individuals for business use and will retrieve permission from individuals before publishing them. If YMCA Thames Gateway wishes to use images/video footage of individuals in a publication, such as on YMCA Thames Gateway website or social media, or recordings of events, reasonable written permission will be sought and retained for the particular usage from the individual.
Information YMCA Thames Gateway obtains from other sources
- If you apply for a position or a volunteer opportunity with any part of YMCA Thames Gateway we may collect personal information relating to past employment, qualifications and education, opinions from relevant third parties about you, past employment history and other details about you, which may be provided to us by a third party that provides background screening services on our behalf. We may also collect information relating to your criminal records.
- If we collect or receive your personal information in the relation to our provision of any of YMCA Thames Gateway services we might also receive information from third parties such as your employer, other parties relevant to the services we are providing (e.g. other parties involved on your behalf) and others such as representatives, regulators and authorities. That information could include your name, contact details, personal, education or work details and other information relevant to the services that we are providing.
We may do the following with your personal information that we have gathered:
- Use it to provide YMCA Thames Gateway services to you
- Use it to engage in marketing and business development activity in relation to our services. This may include sending you newsletters, communications and other information that we believe may be of interest to you
- Where you have applied for a position with us to review and process your application
- To comply with legal and regulatory obligations that we have a duty to discharge
- Use it to establish, exercise or defend our legal rights or for the purpose of legal proceedings
- To record and monitor your use of our websites, social media or our other services for YMCA Thames Gateway business purposes. This may include analysis of usage, measurement of website performance and generation of marketing reports
- Use it for our legitimate business interests, such as for undertaking business research and analysis, managing the operation of our business and improving our websites and interfaces
- Use it to look into any complaints, concerns or issues you may have raised
- Use it to prevent and respond to actual or potential fraud or illegal activities.
YMCA Thames Gateway may also collate, process and share any statistics based on an accumulation of information held by us, provided that any individual is not identified from the resulting analysis and the collation, processing and dissemination of such information as permitted by law.
We rely on the following legal basis to process your personal information:
- Consent: YMCA Thames Gateway may in some circumstances need your consent to use your personal information. You can withdraw your consent by contacting us.
- Obligations of a contract: YMCA Thames Gateway may need to collect and use your personal information to enter into a contract with you or to perform our obligations under a contract or agreement with you.
- Legitimate interest: YMCA Thames Gateway may use your personal information for what we identify as our legitimate interests.
- Compliance with the law: we may use your personal information as necessary to comply with applicable laws and regulations.
We share personal information internally with the various entities that make up our organisation and provide our services to you. We may also share your personal information outside YMCA Thames Gateway. This may include:
- Third party agents/suppliers or contractors, bound by obligations of confidentiality, in connection with the processing of your personal information for the purposes described in this Policy. This may include, but is not limited to, our IT and communications service providers, and insurance, pension or benefit providers if you are employed by us.
- Third parties relevant to the services that we provide. This may include, but is not limited to, other professional service providers, counterparties to transactions or litigation, regulators, authorities, governmental institutions.
- To the extent required by law, regulation or court order, for example, if we are under a duty to disclose your personal information in order to comply with any legal obligation.
Your personal information may in some circumstances be transferred to locations outside of the European Union/European Economic Area (EU/EEA) as well as within it for the purposes previously described above. We do not transfer your personal information outside the Europe as a matter of course however, where we have a requirement to transfer your personal information outside the EU/EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information by for instance:
- The country to which we send the personal information may be approved by the European Commission
- The recipient may have signed a contract based on “contractual clauses” approved by the European Commission, obliging them to protect the personal information, or
- Where the recipient is located in the US, it may be a certified member of the EU-US Privacy Shield scheme.
In other circumstances, the law itself may permit us to otherwise transfer your personal information outside Europe. In all cases, however, any transfer of your personal information will be compliant with the applicable data protection law in place.
How long YMCA Thames Gateway keeps your personal information will vary and will depend primarily on:
- The purpose for which we are using your personal information – we will need to keep the information for as long as is necessary for the relevant purpose
- Legal obligations – laws or regulation may set a minimum period for which we have to keep your personal information
YMCA Thames Gateway will retain your personal data for as long as necessary to fulfil the purposes that we collected it for and for YMCA Thames Gateway to assert or defend against legal claims. The appropriate retention period is determined by the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process and whether we can achieve those purposes through other means, and the applicable legal requirements.
Upon expiry of the applicable retention period we securely destroy your personal data in accordance with applicable laws and regulations. YMCA Thames Gateway ensures that the personal information that we hold is subject to the appropriate security measures.
You have a number of rights in relation to the personal information that YMCA Thames Gateway hold about you and you can exercise your rights by contacting us directly. These rights include:
- Obtaining or accessing your data: Regarding the processing of your personal information and access to the personal information which we hold about you. Please note that there may be circumstances in which we are entitled to refuse requests for access to copies of your personal information. In particular, information that is subject to legal professional privilege.
- Correcting your data: Requesting that we correct your personal information if it is inaccurate or incomplete.
- Erasure of your data: Requesting that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information but we are legally entitled to retain it.
- Objecting/Restricting us processing: Requesting that we restrict our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request.
- Portability/Moving your data: In some circumstances, receiving some personal information in a structured, commonly used and machine-readable format and/or requesting that we transmit that information to a third party where this is technically feasible. Please note that this right only applies to personal information which you have provided to us.
- Withdrawing your consent: In certain circumstances it may be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so.
- Lodging a complaint about processing: Complaining to the relevant data protection supervising authority (e.g. The Information Commissioners Office (ICO) in the UK), if you think that any of your rights have been infringed by us.
How to contact us and other important information
If you would like further information on the collection, use, disclosure, transfer or processing of your personal information by YMCA Thames Gateway, or the exercise of any of the rights listed above, please contact us. You can do this by:
- Writing to us: 29 Rush Green Road, Romford, Essex, RM7 0PH
- Telephone: 01708 766211
- Email: firstname.lastname@example.org
You can also help by providing us with the right information about yourself and/or your children, where the service is provided to a child, and by letting us know when any of these details change. To inform us of any change in these details please contact:
- In writing: 29 Rush Green Road, Romford, Essex, RM7 0PH
- Telephone: 01708 766211
Please find further information on individual privacy policies by clicking on the links below:
- Children’s Services: https://ymcatg.org/privacy-notice-childcare/
- Housing: https://ymcatg.org/privacy-notice-residents/
- Fitness: https://ymcatg.org/privacy-notice-fitness-member/
- Youth: https://ymcatg.org/privacy-notice-youth/
- Fundraising: https://ymcatg.org/privacy-notice-donors-sponsors/
- Staff and volunteers: https://ymcatg.org/privacy-notice-employees-volunteers/
YMCA Thames Gateway websites (“Sites”) use a number of different cookies to improve the user experience and help it see what is popular with users:
- Single session cookies. These enable the Sites to keep track of your movement from page to page in order to ensure that you will not be asked for the same information you have previously given during your visit to the Sites. Cookies allow you to proceed through the Sites quickly and easily without having to authenticate or reprocess each new area you visit. We may use the cookies to analyse user behaviour, such as which pages have been visited during the session, in order to improve your overall experience, for example enabling us to determine and display more relevant content.
- Remember me cookies. These cookies enable the Sites to remember your personal preferences such as log in details in order to improve the user experience for example by avoiding you having to re-enter these details on each visit to the Sites.
- Remember my language cookies. These enable the Sites to retain your language preference for future visits in order to improve the user experience. In addition, this cookie will set the language in which the non-content aspects of emails received from the Sites will be displayed in.
- Persistent cookies. These cookies enable us to collect information such as number of visitors to the sites and pages visited in order to analyse user behaviour. This information is collected in an anonymous form and will be collated with similar information received from other users to enable us to compile reports in order to develop and improve user experience by displaying more tailored and relevant content for example.
Cookies remain in the cookies file of your browser after the closing of the browser, and will become active again when the Site is reopened, until removed. The cookie(s) can be deleted at any time by you. The cookie(s) will not collect any information when you are not accessing the Site.
The single session and persistent cookies are provided on our behalf by a trusted third party service provider to aid in the reporting of user behaviour on the Sites. This behaviour is analysed to provide an improved user experience. The information collected is not linked to personally identifiable information.
Date issued: 10 July 2018.