Yorkshire Air Ambulance (YAA) is committed to protecting the privacy of everyone who uses its
services: as patients, supporters, employees or volunteers. Please read this policy carefully and any
other documents referred to in this policy, to understand how YAA collects, uses and stores your
1. The Charity
Yorkshire Air Ambulance Ltd is registered as a charity in England and Wales (registered charity
number 1084305). Its registered office address is: Cayley House, 10 South Lane, Elland, HX5 0HQ.
2. Legal compliance
YAA takes data protection very seriously. It is required to adhere to the requirements of the Data
Protection Act 1998, the General Data Protection Regulations 2018 (GDPR), all other related privacy
laws and any codes of practice issued by the Fundraising Regulator (FR) or the Information
Commissioners Office (ICO). YAA’s intention is to be compliant, user friendly and to ensure its
supporters only receive information in which they are interested. Unless stated otherwise, YAA is the
data controller in respect of all data it collects on this Website or otherwise. This means that YAA is
responsible for full legal compliance.
As you browse the website, get in touch with the Charity, or use its services, YAA collects, processes
and stores your personal information. This deepens the Charity’s understanding of your interests,
and helps YAA to improve the efficiency of the services of the Charity and any communications.
YAA and any of its trading subsidiaries will never exchange or sell your information to another
organisation for its own marketing purposes. YAA knows that this is important to you, and wants to
reassure you that you’re always in control of how the Charity uses your personal information.
However, YAA does need to collect and use your personal information for carefully considered and
legitimate business purposes, which helps to ensure YAA is run efficiently, raises funds effectively
and delivers its charitable services. This policy sets out how your personal data will be used, what
data is collected and YAA’s legal basis for its use, together with details of your rights in respect of
3. Why the Charity collects personal data
As a registered charity, YAA relies on the people of Yorkshire for support – both financially and in
kind. Information about the local community, such as your personal information, may be used to
help YAA effectively deliver its services or to help it raise funds for those charitable services.
Ultimately, this means YAA is able to continue to provide excellent care to those who require its
Information is collected for various reasons:
- Information is collected and held about supporters in order to thank you appropriately
following receipt of a donation, or to remain in contact with you to support your fundraising
activities. This information is held on computer, paper record, or both.
- Technical data is collected from visitors to the YAA website to ensure that content from the
website is presented in the most effective manner for you and your computer.
- If you are a Lottery player data will be collected and held in order to be able to process your
4. How personal data is collected
- Information you supply to YAA. For example, when you register with the Charity to take
part in, or run, an event, make a donation, become a volunteer or otherwise provide YAA
with your personal information. This personal data may be given face to face, electronically
(via email, website or social media pages), on paper (such as any form you complete) or
verbally (such as during any telephone conversations you have with YAA).
- Information received from your use of YAA’s website and services. The Charity collects
information about the services you use and how you use them, for example when you watch
a video on YouTube, visit the YAA website or social media pages (Facebook, Twitter and
Instagram) or view and interact with any ads and content.
- Information from third parties. YAA may also receive information about you from third
parties. For example, this may be from online fundraising sites such as Just Giving or Virgin
Money Giving. This can include information such as your name, postal address, email
address, phone number, your geographic location, credit/debit card details and whether you
are a tax payer so that YAA is able to claim Gift Aid on your donations.
- Information about other people. If you provide YAA with personal data relating to any
person other than yourself, you must ensure, before you do so, that they understand how
their personal data will be used and that you are authorised to disclose it to YAA, and to
consent to its use on their behalf.
5. The type of personal data collected
YAA always strives to provide a clear, honest and transparent approach regarding how and when it
may collect and use your personal data. The overview below summarises the different types of data
YAA collects and some of the reasons why it does this. YAA may not use your personal information
for all of these purposes – it will depend on the nature of the Charity’s relationship with you, and
how you interact with its services, websites, and fundraising activities. Data protection law
recognises that certain categories of personal information are more sensitive. This is known as
sensitive personal data and covers health information, race, religious beliefs and political opinions.
YAA does not usually collect special categories of data about its supporters unless there is a clear
reason for doing so.
6. How YAA will use your information
When YAA collects and uses your personal information, it will ensure this is only done in accordance
with at least one of the legal grounds available to us under Data Protection law. YAA may use your
information to understand your needs and interests and to provide you with the best service
Where YAA has a legal/contractual obligation to use your data;
- to claim Gift Aid (this involves sharing your information with HMRC)
- to fulfil sales made online
- to fulfil your membership to the YAA Lottery or Raffles
- for fraud prevention, credit risk reduction or otherwise as required by law or regulation
Where it is in YAA’s legitimate interest to use your data;
- to process any donation(s) received from you
- to make contact with you for administration purposes
- for internal record keeping, such as the management or feedback of complaints
- to analyse and improve YAA’s work, services, activities, products or information (including
our website) or for its internal record
- to check on your preferences from time to time to ensure they are up to date
- to register and administer your participation in events for which you have registered or
which you are holding to raise money on behalf of the Charity
- to confirm memberships and subscriptions (such as playing in the YAA Lottery)
The legal basis for the collection and use or your personal data is that you have given your consent
and/or that it is in YAA’s legitimate interest to do so in order to support the Charity’s needs within
Yorkshire. Your rights and freedoms are not prejudiced by this.
Your credit and debit card information
If you use your credit or debit card to donate to YAA, or buy something online, the Charity will pass
your card details securely to its payment-processing partner as part of the payment process. This is
done in accordance with the Payment Card Industry Security Standard. YAA will not store these
details on its website or database.
7. Data sharing
YAA will not exchange or sell your personal information to another organisation for their own
marketing purposes. However, there are legitimate situations where the Charity may share data with
trusted third parties, subcontractors, regulators or with law enforcement authorities. All trusted
partners are required to comply with data protection laws and YAA’s high standards. In these
circumstances, YAA will always ensure appropriate contracts and controls are in place and will
regularly monitor all partners to ensure their compliance. YAA will ensure that your personal data is
YAA uses third party electronic payment providers to administer some transactions. They have their
own privacy policies and the Charity encourages you to read them.
8. Your choice – accessing and updating your preferences
It is not YAA practice not send unprompted communications. Even if you are an existing supporter
of the Charity you will not directly receive subsequent requests for further donations, marketing
materials or other communications.
YAA will not use your personal information for marketing purposes unless you have provided explicit
consent for the Charity to do so (for example, by offering to tell your story as a patient or relative for
YAA marketing purposes).
However, notwithstanding the above, should you wish to specifically request no contact from YAA
you can e-mail the Charity at email@example.com , following which YAA will retain your details on a
suppression list to help ensure that we do not contact you. Alternatively, you can make a request
not to be contacted by registering with the Fundraising Preference Service (FPS). Registration with
the FPS will remove the necessity for YAA to retain your information on its own suppression list as
any mailing would be automatically screened against this list.
9. Updating and correcting personal data
YAA aims to ensure that all the information held about you is accurate and kept up to date. If any of
the information is inaccurate and either you advise YAA, or the Charity becomes otherwise aware, it
will be amended and updated as soon as possible.
Where appropriate, in order to maintain the accuracy of the Charity’s database, YAA may use data
cleansing services to keep information current. If you have registered a change of address with the
Post Office’s National Change of Address database, YAA will update your details through this
10. Under 18s
YAA is committed to protecting the privacy of the young people who engage with the Charity. If you
are under 18 please let YAA know when you contact it and ensure that you have the consent of a
parent or guardian before providing your details. YAA will ensure that your information is only used
for the purposes it has been provided and in some circumstances may refuse certain services,
products or events.
11. Vulnerable supporters policy
YAA is committed to protecting vulnerable supporters and follows the guidance issued by the
Fundraising Regulator and Institute of Fundraising regarding treating donors fairly. YAA believes this
helps to support staff and volunteers who come into contact with supporters, enabling them to
provide high-quality customer care and ensuring anyone donating to YAA is in a position to make a
free and informed decision.
12. Data security
YAA takes the security of personal data and privacy seriously. Appropriate technical measures are
maintained to safeguard personal data and procedures are in place to ensure that paper and
computer systems and databases are protected against unauthorised disclosure, use, loss and
Any sensitive information you send to YAA (such as credit card details) will be encrypted. Nonsensitive details (such as your email address, etc) are transmitted normally over the internet, and
this can never be guaranteed to be 100% secure. As a result, whilst YAA strives to protect your
personal information, it cannot guarantee the security of any information you transmit to the
Charity and you do so at your own risk.
Personal data stored in the YAA database is only accessible by appropriately trained staff and
volunteers who need to access your personal data as an essential part of their role. All access is
tracked through individual login credentials.
Third party service providers are only used where YAA is satisfied that the security they provide for
your personal data is at least as stringent as that maintained by YAA.
13. Data retention
Information will be retained for as long as is required to enable YAA to operate its services but the
Charity will not keep your information for any longer than is necessary. It will take into consideration
legal obligations, tax, and accounting rules when determining how long your information will be
retained. If after this point you have not supported YAA again the Charity will keep only minimal
personal data to ensure it can respect your preferences in the future.
If you are a donor, once 24 months has elapsed since your latest donation YAA will only retain
limited personal data, although Gift Aid and other financial information are kept on file for a
minimum of 6 years in order to comply with HMRC regulations.
14. Use of your personal data outside of Europe
YAA does not currently transfer personal data outside of the United Kingdom or the European
Economic Area. If this changes and YAA does need to transfer your personal data to other territories,
15. Your rights
Where YAA is using your personal information on the basis of your consent, you have the right to
withdraw that consent at any time.
- Right of Access – You are entitled by law to request a copy of the personal information YAA
holds about you. The same right applies to any other person whose personal data you provide
to the Charity. YAA will require proof of identity and proof of authority if the request comes
from someone other than the person whose data YAA is asked to provide. This will ensure that
the Charity only provides information to the correct person. YAA expects to respond to requests
within 30 days of receiving them.
- Right to be Informed – You have the right to be told how your personal information will be
used. This policy document, and shorter summary statements used in the Charity’s
communications, are intended to be a clear and transparent description of how your data may
- Withdraw consent to other processing – Where the only legal basis for processing your personal
data is that YAA has your consent to do so, you may withdraw your consent to that processing
at any time and YAA will have to stop processing your personal data. Please note, this will only
affect a new activity and does not mean that processing carried out before you withdrew your
consent is unlawful.
- Right to Object – You have an absolute right to stop the processing of your personal data for
direct marketing purposes. You can exercise this right at any time and can update your
preferences yourself or ask YAA to do it for you. See section ‘Updating and correcting personal
data’ above for details.
- Right of Rectification – If you believe YAA’s records are inaccurate you have the right to ask for
those records concerning you to be updated. See section ‘Updating and correcting personal
data’ above for details.
- Right to restrict processing – In certain circumstances you may be able to require YAA to restrict
its processing of your personal data. For example, if you consider the data YAA holds to be
inaccurate and YAA disagrees, then processing may be restricted until the accuracy of the data
has been verified.
- Right of Erasure – Where YAA has no lawful basis for holding onto your personal data you may
ask that it is deleted under your right to be forgotten. In many cases YAA would recommend
that it suppresses you from future communications, rather than data deletion.
- Right to Data Portability – In limited circumstances you may be entitled to have the personal
data you have provided to YAA sent electronically to you for you to provide to another
- Complaints – see section ‘How to lodge a complaint’ below for more details.
If you wish to find out more about these rights, please contact us using the details below:
Louise Shorrock, Office Manager, Yorkshire Air Ambulance, Cayley House, 10 South Lane, Elland,
HX5 0HQ or by e-mail at firstname.lastname@example.org or by calling 01422-237900
16. How to lodge a complaint
If you believe YAA has breached your privacy in any way, it is requested, in the first instance, that
you contact its Office Manager (details above). If you remain unsatisfied, you have the right to lodge
a complaint with the Information Commissioner’s Office:
Information Commissioner’s Office
Tel: 0303 1231113
Privacy laws and practices are constantly developing and YAA aims to meet high standards. Its
policies and procedures are, therefore, under continual review. The Charity may, from time to time,
amend or update security and privacy policies.
YAA’s website will include its most up to date policy and it is suggested that you check this page
periodically to review the latest version.
This policy was last updated May 2018.
18. How to contact us