The new General Data Protection Regulation (GDPR) gives you more control over how your personal information is used. And it makes it quicker and easier for you to check and update the information we and other organisations we work with, hold about you. Our data protection policy can be viewed at any time here.
Under new GDPR rules, we cannot contact you with news updates or information about our services by phone, email or post unless you explicitly give us permission. If you would like to receive updates on YMCA Derbyshire, all you have to do is ‘opt in’ by filling in your details here. If an individual does not complete this form or selects ‘unsubscribe’ to ‘opt out’, we will accept this as confirmation that they do not wish to receive communications from YMCA Derbyshire. As always, we promise not to bombard you with excessive emails or messages, and you will always have control over how much information you would like to receive from YMCA Derbyshire.
This statement outlines:
• What data we collect
• How we may use it
• How we keep your data safe
Who we are
We were formed as Derby YMCA in 1847 and our head office, known as The Campus, moved to the current location on London Road in Wilmorton in 1967. Derby YMCA became YMCA Derbyshire in 2004 to reflect our growing activities across the county. We now operate across Derbyshire – in Derby, Chesterfield, Ilkeston and we are aiming to further expand our reach within the county. We are affiliated to the National and international YMCA Movement.
YMCA Derbyshire is a data controller in respect of personal information that we process in connection with our activities.
We are committed to protecting both your data and your privacy and we want you to feel assured that any information you give us is held securely and safely, whether you are working for us, supporting us through campaigning, donations, volunteering, fundraising or events.
Getting in touch
You have the right to ask for a copy of the information we hold about you and to have any inaccuracies in your information corrected. You also have the right to ask us to delete any personal information we hold about you. In some cases, we may be unable to delete data, such as if it is required for tax or Gift Aid purposes. In these cases, we will ensure that you are removed from future communications and processing. You can access your personal data held by us or request to receive your information in part or its entirety in machine readable format.
For all questions or concerns regarding the processing of your personal information, please do get in touch. You can write to:
770 London Road
You can alternatively email email@example.com or call 01332 579550.
The Information Commissioner’s Office is the regulator for such activity and further information can be found at https://ico.org.uk
Why and how we collect your data
When you give it to us directly
The vast majority of personal data we hold is given to us directly by our staff, campaigners, supporters, and volunteers in the course of them interacting with our services, websites or activities.
When we are working with a third party
We may work with other independent parties for events, such as the Derby 10K, or fundraising sites such as BT MyDonate. These independent third parties will only share your data with us when you have given permission for YMCA Derbyshire to contact you.
When your information is available publicly
We may combine information that we already have about you with information available publicly or information available from external sources to gain a better understanding of you. This includes the use of profiling and screening techniques to ensure communications are relevant and timely, and to provide an improved experience for our staff and supporters. Profiling also allows us to target our resources effectively, which supporters consistently tell us is a key priority for them. We do this because it allows us to understand the background of the people who support us and helps us to make appropriate requests to supporters who may be able and willing to give more than they already do. Importantly, it enables us to raise monies for the work YMCA Derbyshire undertakes with young people and their communities.
When building a profile of donors and supporters, we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. Such information is compiled using publicly available data about you, such as Companies House, the Land Registry website or information that is published in articles and newspapers. We also undertake this to help us identify potential donors and supporters.
In some situations, we may update our supporters, clients and volunteers’ personal information using external organisations, for example, to check we have a valid and deliverable postal address, or to check if you are registered with the Telephone Preference Service (TPS) or Fundraising Preference Service (FPS).
Depending on your settings or the privacy policies for social media and messaging services like Facebook or Twitter, you might give us permission to access information from those accounts or services.
You can opt out of your data being used in any of the above-mentioned ways at any time by contacting us at firstname.lastname@example.org or by calling 01332 579550.
What data we collect
Personal information is any data that can be used to identify you. It can include, but is not limited to, any of the data listed below.
Data protection law recognises that there are sensitive categories of personal information, such as health information, racial or ethnic origin, or religious beliefs or other beliefs. We would only collect sensitive personal information where there is a clear need to do so. Before we collect any sensitive personal information, we will make it clear what information we are collecting and the purpose we are collecting it for.
Information we collect from you directly or from third parties with whom we work may include:
• email address
• telephone number
• contact preferences
• bank account or credit card details where required
in relation to fundraising, employer details for processing a payroll gift and taxpayer status for claiming Gift Aid
• National Insurance number
• marital status
• health history where required
• date of birth, age, and/or gender.
We may also collect and process information about your interactions with us, including details about our contacts with you through email, SMS, post, on the phone or in person. This might include the date, time, and method of contact, details about donations you make to us, events or activities that you register for or attend or any request for support.
We may also collect and record other relevant information you share with us about yourself, such as your interests or your affiliations with other charities, including other YMCAs, community or campaign groups.
How we use your data
Delivering the services we do is something we cannot do without the help of people who share our passion for working with young people to enable them to truly belong, contribute and thrive. Supporting the work of YMCA Derbyshire such as being employed by us, supporting us in a variety of ways including raising funds, running campaigns and involving as wide a range of people as we can in our activities is hugely important to us.
We will only use and share your information where it is necessary for us to lawfully carry out our work.
The law allows personal data to be legally collected and used by an organisation if it is necessary for a legitimate business interest of the organisation – as long as its use is fair and balanced and does not unduly impact the rights of the individual concerned.
Where you give us your consent, we will also use your personal data in order to send you marketing and fundraising communications in connection with marketing and fundraising activities and services. This includes supporter newsletters and updates, plus appeals and fundraising activities.
Data sharing with third parties
We will not share your information with anyone outside YMCA Derbyshire except:
• Where we have your permission
• Where we are required by law and by law enforcement agencies, judicial bodied, government entities, tax authorities or regulatory bodies as required
• To protect YMCA Derbyshire, for example in cases of suspected fraud or defamation
• Where we have legitimate situations with third parties, including fundraising agencies, whom we have contracted to fulfil specific services for us such as direct communication.
In all of these situations, we set up a written contractual agreement that will ensure that those organisations can only use the data provided for the specific purposes we direct them to do, and that they have in place strict security requirements in order to protect your personal information and comply with GDPR.
To deliver services or manage our relationship with you, it is sometimes necessary for us to share your Personal Data outside the European Economic Area (EEA), e.g. – when your or our service providers are located outside the EEA; or if you are based outside the EEA.
Many non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, take reasonable steps to ensure any such supplier has in place appropriate measures to protect your information and any contract includes appropriate clauses about the use of data e.g. if the company is based in the USA, we will confirm whether it is accredited under the EU-US Privacy Shield.
Keeping your personal information safe
We take appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and up to date.
We also have procedures in place to deal with any suspected Data Security Breach. We will notify you and any Professional Regulators or other applicable regulator of a suspected Data Security Breach where we are legally required to do so.
How long will we keep your data?
We remove personal data from our systems in line with our data retention policy. The length of time each category of data will be retained will vary on how long we need to process it, the reason it is collected, and in line with any statutory requirements.
After this point the data will either be deleted or rendered anonymous. In certain specific situations, for example where a supporter has kindly pledged a legacy to us in their Will, we will maintain their details up to the time when we need to carry out the legacy administration and communicate effectively with their family.
Where we believe data might be relevant to a future safeguarding enquiry we reserve the right to retain data securely for up to 50 years to comply with our insurance and safeguarding guidance.
You have the right to choose whether to accept or refuse these cookies by amending the settings of your browser to reflect your preferences. You can also delete any cookies that are already stored on your computer. Please refer to the help information for your browser or file management software on how to do so.
Cookies used on our website
Facebook and Twitter cookies, used on our website, help us to understand the effectiveness of our online advertising on those social platforms. Links to their privacy policies provided below:
The site also makes use of session cookies. Those cookies are necessary for site functionality and contain no personally identifiable information. They are deleted when the browser is closed.
Additionally, some of the pages on our website have embedded content and / or share buttons that enable users to easily share our content with their friends via a number of social networks. Those websites might set their own cookies when you log into their services. We do not control those cookies and suggest you check their websites on information on how manage them.
Our website also has links to other organisations who will have their own data protection privacy statements.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those services, for example when you publicly tag us in an event photo.