Privacy Policy

March 2023

1. Scope:

All data subjects whose personal data is collected via our website, in line with the requirements of the GDPR.

2. Responsibilities:

The Data Officer is responsible for ensuring that this notice is made available to data subjects prior to the Charity collecting/processing their personal data via their website.
The Digital/ Marketing team are responsible for ensuring that this notice is available on their website and easily accessible to the data subject and their consent to the processing of their data is secure.

3. Legal Compliance:

It is required to adhere to the requirements of the Data Protection Act 2018, the General Data Protection Regulations 2018 (GDPR), all other related privacy laws and any codes of practice issued by the Fundraising Regulator (FR) or the Information Commissioners Office (ICO). YAA’s intention is to be compliant, user friendly and to ensure its supporters only receive information in which they are interested. Unless stated otherwise, YAA is the data controller in respect of all data it collects on this website or otherwise. This means that YAA is responsible for full legal compliance.

4. Privacy Notice

The Charity collects and processes personal data relating to its supporters with permission through the use of cookies to manage the supporter relationship and for certain mandatory communications. The Charity is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

What information does the Charity collect?

YAA always strives to provide a clear, honest and transparent approach regarding how and when it may collect and use your personal data. The overview below summarises the different types of data YAA collects and some of the reasons why it does this. YAA may not use your personal information for all of these purposes – it will depend on the nature of the Charity’s relationship with you, and how you interact with its services, websites, and fundraising activities. Data protection law and GDPR guidelines recognises that certain categories of personal information are more sensitive. This is known as sensitive personal data and covers areas such as health information, race, religious beliefs and political opinions (this is not an exhaustive list). YAA does not usually collect special categories of data about its supporters unless there is a clear and legal reason for doing so.

PURPOSE:	EXAMPLES OF PERSONAL DATA YAA MAY COLLECT:
Fundraising & Marketing	YAA undertakes a range of fundraising and marketing activities which are designed to raise income or promote the aims and objectives of the charity. The type and quantity of personal data collected and how it is used depends on why you are providing it. Where it is appropriate YAA may ask and record information about: · Event specific information, in order to cater for your needs and ensure events are safe and legal. Examples include, but are not limited to: – Requesting sensitive personal information such as health information if you are participating in a “high risk” event such as a Skydive or an event involving physical activity. – Dietary requirements if you are attending an event where a meal is supplied. – Your t-shirt size, for example, so that YAA can provide you with a running or cycling vest for an appropriate event. – Your date of birth if there is an age restriction on an event or activity you have chosen to take part in, such as the YAA Lottery. · Why you have decided to donate. YAA understands that you may have private reasons for doing so and you only need to supply this information if you are comfortable doing so. · Your bank or credit card details for donations, Lottery plays (any that are used for a single transaction only will be destroyed after use) · Information for Gift Aid – Information is collected regarding your status as a UK tax payer so that YAA can claim Gift Aid on appropriate donations. Please rest assured that no information about your actual tax payments is collected, but simply whether you are a tax payer, or not · Photo/Film Consent – Prior to the use of any images of you (still or moving), we will obtain your written consent to ensure we have the authority to use these images. Consent will not be obtained for the use of images obtained at public events where these images do not also include your personal, identifiable information (for example at a fair, public run or cycle event). · Sensitive personal information. If you make the information public or if you tell YAA about your experiences of the Charity (for example, by taking part as a patient case study); the Charity will make it clear when collecting this information from you what sensitive personal information is being collected, why it is being collected and the ways in which it may be used. · YAA may also need to use your personal information for the prevention of fraud, to identify any misuse of services, or for debt recovery.
Management of Volunteers	YAA volunteers may be asked to provide the following information: · Your name and contact details · Emergency contact information · Contact details for referees · Your interests, experience and relevant qualifications · Your driving licence record · Any previous convictions · Your DBS check · Relevant medical information Personal information may be used to ensure that the Charity gives you a volunteer role that is suitable to you, to manage and support you in your volunteering role, deliver training, involve and update you on YAA projects and campaigns and to ensure your safety. This may include sending you newsletters or information about fundraising activities so you can advise the public about the Charity’s work.
Retail trading and e-commerce activity	YAA operates an e-commerce website. If you interact with this service, we will use your personal information to support your purchase, for example credit/debit card information and home address for delivery. However, financial information will not be retained following completion of the transaction. YAA may also use your personal information for the recovery of Gift Aid (where you have completed a Gift Aid declaration and it is applicable to the transaction).
Wealth screening & financial profiling	YAA does not undertake routine wealth screening or financial profiling of its supporters. Any such profiling would only be undertaken with the explicit consent of the supporter.
Cookies	Please refer to our ‘Cookies Policy’ with regards to how we use Cookies on our website.
External website links	The YAA website may include links to other sites, not owned or managed by the Charity. These links are provided for your convenience. YAA is only responsible for its own privacy practices and security. It is recommended that you check the privacy, cookies and security policies and procedures of each and every other website that you visit and each organisation that holds your personal data.

Why does the Charity process personal data?

When YAA collects and uses your personal information, it will ensure this is only done in accordance with at least one of the legal grounds available to us under Data Protection/ GDPR law. YAA may use your information to understand your needs and interests and to provide you with the best service possible.

Where YAA has a legal/contractual obligation to use your data;

to claim Gift Aid (this involves sharing your information with HMRC)
to fulfil sales made online
to fulfil your membership to the YAA Lottery, raffles or prize draws
for fraud prevention, credit risk reduction or otherwise as required by law or regulation

Where it is in YAA’s legitimate interest to use your data;

to process any donation(s) received from you
to make contact with you for administration purposes
for internal record keeping, such as the management or feedback of complaints
to analyse and improve YAA’s work, services, activities, products or information (including our website) or for its internal records
to check on your preferences from time to time to ensure they are up to date
to register and administer your participation in events for which you have registered or which you are holding to raise money on behalf of the Charity
to confirm memberships and subscriptions (such as playing in the YAA Lottery) The legal basis for the collection and use or your personal data is that you have given your consent and/or that it is in YAA’s legitimate interest to do so in order to support the Charity’s needs within Yorkshire. Your rights and freedoms are not prejudiced by this.

Your credit and debit card information:

If you use your credit or debit card to donate to YAA, or buy something online, the Charity will pass your card details securely to its payment-processing partner as part of the payment process. This is done in accordance with the Payment Card Industry Security Standard. YAA will not store these details on its website or database.

5. Data Sharing

YAA will not exchange or sell your personal information to another organisation for their own marketing purposes. However, there are legitimate situations where the Charity may share data with trusted third parties, subcontractors, regulators or with law enforcement authorities. All trusted partners are required to comply with Data Protection/ GDPR laws and YAA’s high standards. In these circumstances, YAA will always ensure appropriate contracts and controls are in place and will regularly monitor all partners to ensure their compliance. YAA will ensure that your personal data is properly protected and that it is only used in accordance with this Privacy Policy. YAA uses third party electronic payment providers to administer some transactions. They have their own privacy policies and the Charity encourages you to read them

The Charity will not transfer your data to countries outside the European Economic Area, unless specified in the privacy notice or explicit consent has been gained.

6. How does the Charity protect data?

The Charity takes the security of your data seriously. The Charity has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. All emails are encrypted and measures are put in place for the safe storage of emails.

Personal data stored in the YAA database is only accessible by appropriately trained staff who need to access your personal data as an essential part of their role. All access is tracked through individual login credentials.

Where the Charity engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and Charity measures to ensure the security of data.

Under 18s:

YAA is committed to protecting the privacy of the young people who engage with the Charity. If you
are under 18 please let YAA know when you contact us and ensure that you have the consent of a
parent or guardian before providing your details. YAA will ensure that your information is only used
for the purposes it has been provided and, in some circumstances, may refuse certain services,
products or events.

Vulnerable supporters:

YAA is committed to protecting vulnerable supporters and follows the guidance issued by the
Fundraising Regulator and Institute of Fundraising regarding treating donors fairly. YAA believes this
helps to support staff and volunteers who come into contact with supporters, enabling them to
provide high-quality customer care and ensuring anyone donating to YAA is in a position to make a
free and informed decision.

7. For how long does the Charity keep data?

Information will be retained for as long as is required to enable YAA to operate its services but the Charity will not keep your information for any longer than is necessary. It will take into consideration legal obligations, tax, and accounting rules when determining how long your information will be retained. If after this point you have not supported YAA again the Charity will keep only minimal personal data to ensure it can respect your preferences in the future. If you are a donor, once 24 months has elapsed since your latest donation YAA will only retain limited personal data, although Gift Aid and other financial information are kept on file for a minimum of 6 years in order to comply with HMRC regulations.

8. Your rights

As a data subject, you have a number of rights. You can:

access and obtain a copy of your data on request;
require the Company to change incorrect or incomplete data;
require the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing.

If you would like to exercise any of these rights, please contact the Data Officer for the Charity by calling 01422 237900.

If you believe that the Charity has not complied with your data protection rights, you can complain to the Information Commissioner.

Download our privacy policy