Who are we?
Norfolk Youth Projects is a charity and company limited by guarantee which is registered in England and Wales (number 1154242) with its registered office at The Phoenix Centre, 132a Mile Cross Road, Norwich, NR3 2LD.
Basis for processing personal data
We may use any one of the following as the lawful basis for processing your personal data:
- You have consented to us processing your data
- In the performance of a contractual relationship with you
- If we are legally obliged to process your data
- If we have a legitimate interest to process your data
- If we need to process your data to safeguard your health
What personal data do we collect?
Personal data is information that can be used to identify you. Depending on the ways in which we engage with you, this may include one or more of the following items:
- date of birth
- email address
- phone number
- postal address
- your place of work or education
- your CV
- photographs and videos taken at our events
- a record of events or activities that you participated in or may be interested in
- bank account or payment card details
- passport and visa application details
- feedback you have provided about events and activities
- minuted records of your attendance and contributions to meetings
- correspondence with you
- details of your emergency contacts
- details of your dietary or health requirements (to the extent that these are necessary for us to facilitate your attendance at our events and activities)
How we collect personal data
We collect information about you in the following ways:
- when you ask about our services
- when you apply for volunteering or paid work with us
- when you sign up to join our organisation
- when you register to participate in a youth exchange or other event
- when you donate or participate in fundraising activities
- when you engage with us on social media or our website
- when you voluntarily give us your personal information
- when you subscribe to our newsletters or other information updates
- when you enter a raffle or competition
We often take photographs and videos at our events and activities to use for the purpose of recording memories for attendees and to promote future events and activities. We will ask you for consent to use any photographs taken where you are the focus of the image or film. Permission will be requested either prior, during or after the event. You can change your mind about future use at any time by contacting firstname.lastname@example.org
How do we use your personal data?
With your consent, we use your information as follows:
- to provide you with information about our work and the activities we provide
- to ask for your help to raise money for our good causes
- to promote our organisation through photographs and videos
On the basis of legitimate interest, we collect and use your information as follows:
- to process any donation(s) we may receive from you
- to book, arrange and run events and activities that you are involved in
- to consider your application to volunteer or work for us
- for internal record keeping, such as to manage feedback or complaints
- to apply for grant funding
- to evaluate and improve our services
Marketing and communication preferences
We use marketing communications to keep you up to date with news which we feel will be of interest to you. This may include newsletters, surveys, emails and postal correspondence.
You can stop receiving communications at any time by contacting email@example.com
Please note we may retain your details on a suppression list so that we remember not to contact you.
We also use social media (such as Facebook) to share information about what we do. We do this by posting content on our own social media pages. You can cease following us at any time.
We don’t sell or swap your information with any third party for their marketing purposes.
Some third party processors may have incidental access to your personal data in the course of their provision of services to us, such as IT service providers.
If you attend events with us, we may share your attendance details with the organisations to whom we apply for funding and with travel agencies and insurance providers.
We may also share information with third parties where we require professional advice, are legally required to do so, or need to enforce or defend our legal rights, such as accountants, lawyers, police officers, courts and regulatory bodies.
We aim to ensure that all information we hold about you is accurate and kept up-to-date. If you believe any of the information we hold is inaccurate or your circumstances change, please advise us via firstname.lastname@example.org and we will ensure our records are updated as soon as possible.
We keep personal information until it is no longer required for the purpose for which it was collected, unless we are required to keep it longer in accordance with any legal requirements, compliance, tax or accounting rules. When we no longer need to retain your information, we will dispose of it securely.
If you are aged 16 or under, and would like to participate in an event, donate or get involved with us, please make sure that you have your parent/guardian’s permission before giving us your personal data.
You have the following data protection rights:
- You can access, delete or request portability of your personal data
- You may ask us to correct or update your personal data, object to processing of your personal data, or ask us to restrict processing of your personal data
- You can opt-out of marketing communications we send you at any time
- If we process your personal data with your consent, you can withdraw your consent at any time (this will not affect the lawfulness of any processing we conducted beforehand or any processing on grounds other than consent)
- You have the right to complain to a data protection authority about our collection and use of your personal data.
You can exercise any of these rights at any time by contacting email@example.com
This policy was last updated in October 2019 and replaces all previous versions. We will regularly review and update this document. Changes will be notified through an announcement on our website.
Data Protection Policy
Our data protection policy sets out our commitment to protecting personal data and how we implement that commitment with regards to the collection and use of personal data.
We are committed to:
- meeting our legal obligations as laid down by the Data Protection Act 2018
- ensuring that personal data is collected transparently, and used fairly and lawfully
- processing personal data only to the extent required for the specified purpose or to fulfill legal requirements
- taking steps to ensure that personal data is up to date and accurate
- establishing appropriate retention periods for personal data and not keeping personal data longer than necessary for the required purpose
- ensuring that data subjects’ rights can be appropriately exercised
- providing adequate technical and organisational security measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage
- ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues
- ensuring that all staff are made aware of good practice in data protection
- providing adequate training for all staff responsible for personal data
- ensuring that everyone handling personal data knows where to find further guidance
- ensuring that queries about data protection, internal and external to the organisation, are dealt with effectively and promptly
- ensuring that personal data are not transferred to a country or territory outside the UK and the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
- regularly reviewing data protection procedures and guidelines within the organisation.