Carrickfergus YMCA is a voluntary organisation that provides services to people of all ages with a focus on children, young people and their families.
In order to provide these services we need to collect personal information from the users of these services.
Carrickfergus YMCA is a “Data Controller” and as such has a legal responsibility to ensure that you are aware of why it collects information and what it does with this information.
Carrickfergus YMCA seeks to comply with its obligations under the General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
What information do we collect?
Unless otherwise agreed with you, we will only collect personal data about you such as your name, address, telephone number, age and email address.
We may collect information such as medical conditions and details of next of kin.
We always ask for your consent to collect and store this information on a registration form.
In some programmes, we may ask you for your additional information such as your NI number and bank details, or Unique Learning Number.
Why we need it?
As a provider of services we need to know basic personal data in order, for example, to let you know when events take place or ensure that you are assigned to age appropriate groups.
In order to ensure your personal safety while attending a YMCA service or programme, we may collect basic medical information such as information on allergies and medical conditions.
We collect information on next of kin so that we can make contact with them in emergencies.
If we collect bank details then this is in order to process electronic payments.
We may ask for your Unique Learning Number to help with accredited learning.
We will always seek your consent to store personal information on you or your child.
What do we do with it?
All the personal data we hold about you will be processed by our staff either manually or using cloud-based computer systems. Currently Upshot software is used to process your information. No other third parties will have access to your personal data unless there is a legal obligation for us to provide them with this or unless you have given us your express consent to share this information with them.
Please be aware that your personal information may be stored on a cloud based system whose servers are located within the EU or in secured cabinets.
We take all reasonable steps to ensure that your personal data is processed securely.
How long do we keep it?
This will vary depending on the type of information that is collected. The organisation has a data retention policy which provides a basis for deciding how long we store personal data and how we delete this information. A copy of our retention policy is available on request.
What are your rights?
You have the right to request access to personal data which Carrickfergus YMCA will have collected from you.
You have the right to request Carrickfergus YMCA to correct or update or delete any of your personal data where this is based on consent.
You can withdraw or change your consent at any time by contacting firstname.lastname@example.org
Please note that all processing of your personal data will cease once you have withdrawn consent, other than where this is required by law, but this will not affect any personal data that has already been processed prior to this point.
When will consent be required?
Whilst some of the personal data provided to our organisation is required for us to comply with our legal obligations, most information is provided on a voluntary basis through consent from a parent, carer or guardian.
Note – a young person aged 13 (NI) or over is considered capable of giving consent themselves to process their personal data, and does not require express agreement from a parent/carer/guardian.
How can you find out more or make a complaint?
If you have any questions about this privacy statement or how we handle personal data, please contact email@example.com who will deal with your query.
You have the right to make a complaint at any time to the following:
Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. The ICO’s details are as follows:
The Information Commissioner’s Office – Northern Ireland
3rd Floor. 14 Cromac Place, Belfast, BT7 2JB
Telephone: 028 9027 8757 / 0303 123 1114