Data Protection Privacy Statement and Cookies Policy
This statement outlines:
What data we collect
How we keep your data safe
How we may use your data
YMCA Mendip is a Charity (No 1074660) working across Mendip and South Somerset and is a Private Limited Company (No 3719773). YMCA Mendip affiliates to YMCA England and is part of the worldwide movement of YMCAs.
egistered office is The Old Glasshouse, South Street, Wells, Somerset, BA5 1SL.
The vast majority of personal data we hold is given to us directly by our staff, service users, partner agencies, supporters and volunteers, in the course of them interacting with our services, website, social media platforms or activities.
YMCA Mendip collects personal information on staff and clients due to the nature of the services we provide and to help us develop those services. We also collect data to give us a greater understanding of our supporters, so that we can help more people access our services, fundraise more effectively and provide information about appropriate opportunities to support us.
Data protection law recognises that there are sensitive categories of personal information, such as health information, racial or ethnic origin, or religious beliefs or other beliefs. We would only collect sensitive personal information where there is a clear need to do so. Before we collect any sensitive personal information, we will make it clear what information we are collecting and the purpose we are collecting it for.
We are committed to protecting both your data and your privacy and we want you to feel assured that any information you give us is held securely and safely; whether you are working for us, using our services, or supporting us through campaigning, donations, volunteering, fundraising or events.
YMCA Mendip are committed to protecting your privacy and processing your personal data with sensitivity. We aim to be clear with why we collect your information, what data we hold and how we store it; and we promise not to use it in any way you wouldn’t reasonably expect.
This policy has been written in accordance with the Data Protection Act 1998 and to comply with the General Data Protection Regulation Act 2018.
If you have any questions about the following policy please contact our
Data Protection Compliance Officer at YMCA Mendip, The Old Glasshouse, South Street, Wells, Somerset, BA5 1SL telephone 01749 679553 or email
Where we collect your personal information
We will collect your information when:
You register your interest for/or at an event
• You send us your story or endorsement
• You make a one off, or regular non-monetary/monetary donations; either by cheque, cash, BACS, CAF, or via an online platforms such as BT My Donate
- You make a monthly donation via our Friends of YMCA Mendip membership
• You request to receive our newsletter
• You complete an “interested in…” form i.e. volunteering
• Information is available publicly (i.e. your business card, your website or your social media profile)
• You fundraise on our behalf
• You request information about our services
- A family member or friend contacts us on your behalf
What data do we collect?
The personal information we may collect about you can include:
- your name
- email address
- postal address
- telephone numbers
- bank or credit card details, where required
- tax payer status (for Gift Aid claiming purposes)
- national insurance number, where required
- health history, where required
- date of birth/age, where required
- gender, where required
- information required for DBS checks
We may also collect and process information about your interactions with us, including details about our contacts with you through email, SMS, post, on the phone or in person. This might include the date, time, and method of contact, details about donations you make to us, events or activities that you register for, or attend; or any request for support.
Where your personal information is held
Any paper records with your personal information are kept in locked cupboards and only accessible by authorised YMCA Mendip staff and volunteers. We never sell your data to any third party organisations and where your data is held on Mailchimp servers (for the purpose of email marketing) it is in compliance with the EU-U.S privacy Shield Framework. Your information is accessible by trained staff and volunteers at YMCA Mendip on a need to know basis only.
How long will your information be retained?
YMCA Mendip will not retain information for longer than is necessary and reasonable. From the moment you ask us to stop using your personal information, we will store it securely for administrative purposes only.
Where we believe data might be relevant to a future safeguarding enquiry, we reserve the right to retain data securely for up to 50 years to comply with our insurance and safeguarding guidance.
We remove personal data from our systems in line with our data retention policies. The length of time each category of data will be retained will vary on how long we need to process it, the reason it is collected, and in line with any statutory requirements.
After this point the data will either be deleted or rendered anonymous.
In certain specific situations, for example where a supporter has kindly pledged a legacy to us in their Will, we will maintain their details up to the time when we need to carry out the legacy administration and communicate effectively with their family.
We take appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and up to date.
We also have procedures in place to deal with any suspected Data Security Breach. We will notify you and any Professional Regulators or other applicable regulator of a suspected Data Security Breach where we are legally required to do so.
How we use your information
Delivering the services we do is something we cannot do without the help of people who share our passion for working with young people to enable them to truly belong, contribute and thrive.
Supporting the work of YMCA Mendip such as being employed by us, supporting us in a variety of ways including raising funds, running campaigns, volunteering and involving as wide a range of people as we can in our activities is hugely important to us.
We will only use and share your information where it is necessary for us to lawfully carry out our work.
The law allows personal data to be legally collected and used by an organisation if it is necessary for a legitimate business interest of the organisation – as long as its use is fair and balanced and does not unduly impact the rights of the individual concerned.
The data you provide us with is used in the following ways:
- To provide you with information about our services, including changes to delivery and amendments to policies
- To be responsive to our communities needs
- To provide marketing and fundraising communications to you, with opportunities to support us, including volunteering and/or fundraising
• For internal administration, including accounting and gift aid claims
• To respond effectively to complaints
- For other purposes in which we would specifically notify you and obtain consent
We will not share your information with anyone outside YMCA Mendip, except:
To deliver our services or manage our relationship with you, where there is a requirement by law, law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies that requires us to hold and share your data with them.
In all of these situations we set up a written contractual agreement that will ensure that those organisations can only use the data provided for the specific purposes, and that they have in place strict security requirements in order to protect your personal information and comply with GDPR.
Accessing your information
You have the right to ask for a copy of the information we hold about you and to have any inaccuracies in your information corrected. You also have the right to ask us to delete any personal information we hold about you.
Under GDPR you have the following rights (unless subject to an exemption):
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
In some cases, we may be unable to delete data, such as if it is required for legal, safeguarding, tax or Gift Aid purposes. In these cases, we will ensure that you are removed from future communications and processing. You can access your personal data held by us, or request to receive your information in part or its entirety in machine readable format.
For all questions or concerns regarding the processing of your personal information, please do get in touch. You can write to:
Data Protection Compliance Officer
The Old Glasshouse,
Telephone 01749 679553
or email email@example.com.
The Information Commissioner’s Office is the regulator for such activity and further information can be found at https://ico.org.uk
At each of our data collection points (i.e. online form or paper flyer) we will provide you with the opportunity to “opt in” to communications which have a particular fundraising purpose (this is called Direct Marketing).
If you provide us with your consent by “opting in” to receive such communications, we will add you to our newsletter mailing list and occasionally contact you to let you know about upcoming ways to support us.
We want to communicate in a way that suits you, so we will only ask you to fill in the contact details of your preferred means of communication. We will make it easy for you to opt out of Direct Marketing communications, but you can also contact us at firstname.lastname@example.org to change your preferences at any time.
Third party websites
The site also makes use of session cookies. Those cookies are necessary for site functionality and contain no personally identifiable information. They are deleted when the browser is closed.
Please note, that you can delete any cookies that are already stored on your computer. Please refer to the instructions for your browser or file management software on how to do so.
For more information about cookies, including how to block or delete them, visit www.AboutCookies.org
When visiting the YMCA Mendip website you have the right to choose whether to accept cookies but as cookies help the website run more efficiently, if you choose to deny cookies you may not be able to make use of the full functionality of the website.
Changing cookie preferences
You can change your individual cookie preferences by accessing the “help” menu in most web browsers. More information about cookies is available at www.allaboutcookies.org
There are two type of cookies, “first party cookies” and “third party cookies”.
• First party cookies are served directly by the website operator to your computer, and are often used to recognise your computer when it revisits that site and to remember your preferences as you browse the site.
• Third party cookies are served by a service provider on behalf of the website operator, and can be used by the service provider to recognise your computer when you visit other web sites. Third party cookies are most commonly used for web site analytics or advertising purposes.
List of main cookies used on our website
The __utma Cookie
This cookie is a “persistent” cookie and keeps track of the number of times a visitor has been to the site, when their first visit was, and when their last visit occurred. Google Analytics uses this information to calculate things like which days had a lot of traffic and which pages are more popular than others.