Website Privacy Notice
Thank you for using southendymca.org.uk. Here, we explain what personal information we may hold about you, and how we might use that information.
Please note that where our website contains links to other websites, we are not responsible for the privacy policies of other organisations and websites and this policy applies solely to any personal information collected on southendymca.org.uk
For the purpose of data protection legislation, including the UK Data Protection Act 2018, the EU General Data Protection Regulation (GDPR), the UK Privacy and Electronic Communications Regulations 2003 (PECR), and other applicable legislation, the controller is:
Southend-on-Sea Young Men’s Christian Association (Southend YMCA) Registered Charity Number: 1102837 (registered in England); Limited Liability Company number 5051166; Non-profit, private registered provider of social housing: Number 4853.
85 Ambleside Drive,
Southend On Sea,
WHAT INFORMATION DO WE COLLECT?
Personal information is any information that can be used to identify a living individual such as a name, email address, and telephone number. Any personal information that you provide us via our website is stored securely. We may collect this personal information when you contact us, or otherwise give us personal information.
HOW DO WE USE THIS INFORMATION?
We use your personal information to provide you with the information you ask for. We may also use your information in our legitimate interest to administer our sites and for internal operations, project delivery, as well as troubleshooting, data analysis, research, statistical and survey purposes, including notifying you about changes to our service. We will also use your personal information to ensure that content from our site is presented in the most effective manner for you and for your computer and to carry out our obligations arising from any contracts entered into between you and us including event and project participation and fundraising activities. In addition, we may handle any non-sensitive personal data for our legitimate purposes. We will not sell your details to any third parties or use your data in any other way than those listed above.
When you engage with us for any of our various projects, we may ask you for basic personal data such as name, contact details. In certain instance, we may ask for your consent to process and publish any video or images that you provide us and in line with the specific purposes of those particular projects.
We may use third party platforms and providers to facilitate our projects and certain engagements with you, such as Microsoft, our marketing and PR agencies and our project sponsors.
Southend YMCA regards the lawful and correct handling of personal information as important to the success of our work and to maintaining the confidence of those with whom we deal. We will ensure that anyone working for us uses personal information lawfully and correctly. To this end, we will ensure we fully comply with the General Data Protection Regulations.
RIGHTS FOR INDIVIDUALS
The Data Protection Act 2018 gives individuals rights relating to the processing of their personal information, which are:
1. Right to be informed – obligation to provide ‘fair processing information’ through privacy notices. There must be transparency at the point of collection on how the information will be used and there is an emphasis on providing you with a clear and concise notice.
2. Right of access – individuals must be able to access their data to ensure that it is being processed lawfully. This is commonly referred to as a Subject Access Request. If you wish to have access to your personal data you can submit a request in writing, email or verbally and the company will respond within 30 days. We may seek clarification as to your identity before proceeding and importantly there is no fee for this service.
3. Right to rectification – GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete. This right is closely linked to the controller’s obligations under the accuracy principle, article (5)(1)(d). An individual can make a request for rectification verbally or in writing, in certain circumstances this request can be refused. A response should be actioned within one month of the request.
4. Right to be forgotten (is not absolute and only applies in certain circumstances) erasure or rectification of personal data – the data subject has the right for the controller to erase all personal data concerning the data subject without undue delay where the following apply; personal data is no longer necessary in relation to the original purpose for processing; data subject withdraws consent; data subject objects to processing and lawful basis for original processing was under legitimate interest; the personal data was unlawfully processed; personal data needs to be erased due to legal obligations.
5. Right to Restrict processing – Individuals have the right to request the restriction or suppression of their personal data, this is not an absolute right and only applies in certain circumstances. An individual can make the request verbally or in writing and the request needs to be actioned within one calendar month. When processing is restricted you care permitted to store the personal data, but not use it.
6. Right to data portability – this is a new right enabling individuals to reuse and transfer their personal data (held in electronic format only and carried out by automated means) for their personal use to another data controller without hindrance or affecting its usability. This right is however only applicable when personal information is captured under the lawful basis of consent or performance of a contract. This right will not apply to processing necessary for the performance carried out in the public interest.
7. Right to object – the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on points (e) public interest or (f) legitimate interest of article 6(1), including profiling based on these provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data is transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards in place relating to the transfer.
You can exercise your rights at any time by contacting us at email@example.com
Our Data Protection Officer can be contacted at firstname.lastname@example.org
If you wish to make a complaint about how we have handled your personal data, please email: email@example.com and we will investigate the matter.
If you are not satisfied with our response or believe we are not processing your data in accordance with the law, you can contact the UK’s Information Commissioner’s Office.