YMCA Heart of England
Menu

Close

Find a Service

Privacy Policy & Cookies

YMCA Heart of England is a registered charity. We take your privacy very seriously and we ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and how to contact us and the supervisory bodies if you have a complaint. 

Who are we & What do we do? 

YMCA Heart of England’s registered office is at The Coppice, 301 Reservoir Road, Erdington, Birmingham B23 6DF.

We are regulated by the Regulator for Social Housing, Ofsted and the Charities Commission.  

YMCA Heart of England is the data controller in relation to the processing activities described below. This means that we decide why and how your personal information is processed. 

Our mission is to inspire young people to discover their potential so that they can live life in all its fullness. We provide accommodation and support to help vulnerable people towards independent living whilst also providing employment, training and work place experience through our social enterprises and employability projects.

We also provide childcare through our nurseries and offer conference facilities and training services for businesses and individuals and run a café open to members of the public 

Registered Company Details: 

YMCA (Young Men’s Christian Association) Heart of England Charity No. 218808, Company No. 170981, Regulator of Social Housing No. 4783. 

ICO Registration: Z2680262 

The personal data we collect and use 

How do we collect this information?  

We collect your personal data only where necessary to fulfil the agreed services we provide and to meet legal, statutory or contractual requirements to do so. 

We collect personal information: 

  • Directly from residents, families and young people who use our services and facilities. 

  • Directly from other healthcare professionals, e.g. Social Services or social care 

  • From guests, contractors, or visitors. 

  • From CCTV images e.g. images from our accommodation sites. 

  • Directly from our supporters, e.g. when volunteering, donating, making a purchase, or supporting our various fundraising activities. 

  • From publicly available sources, e.g. networking, social media, internet services, exhibitions, direct referrals, other corporate bodies. 

To enter a contract and receive our services you are obliged to provide us with your details and refusal to provide this or to give consent to services where requested, may lead to withdrawal or the inability of us to deliver these services and cancellation of any agreements or contracts already in place. 

What data do we collect?  

We will only ever collect the information we need – including data that will be useful to help improve our services. We collect information as follows: 

  • Personal information, such as name, postal address, phone number, email address, date of birth (where appropriate), next of kin, your passport, driving license or other ID, dietary Information, information about your interests and hobbies. 

  • Technical information such online identifiers, IP addresses (the location of the computer on the internet) and network statistics 

  • Health information, such as doctor details (e.g. name, address and contact telephone), support or care worker details, medication, or medical support plans) 

  • Financial Information e.g. your bank account details and information on any benefits you receive, history of payments and agreements with us. 

  • Non-personal information such as pages accessed, and files downloaded. This helps us to determine how many people use our website, how many people visit on a regular basis, and how popular our pages are. This information doesn’t tell us anything about who you are or where you live. It simply allows us to monitor and improve our services 

How do we use the data we collect? 

The personal data collected is needed to: 

  • Carry out our obligations arising from any contracts or agreements entered between you and us 

  • To meet requirements of our funding or social services requirements and the needs of corporate sponsors 

  • Look into, and respond to, complaints, incidents, near misses, legal matters or any other issues 

  • Provide a personalised service to you when you visit our websites – this could include customising the content and/or layout of our website and webpages for individual users 

  • Record any contact we have with you 

  • Provide you with information about other services, events, and products we offer that are similar to those that you have enquired about. 

  • Send you information and communications about what we do and how we can help you, and how you can help us. 

  • Send you information and communication around your employment or volunteering role for the purposes of monitoring, crime prevention and community safety. 

Children’s Data 

Children need protection where their data is collected and processed. We may collect and process Children’s data as described below: 

  • When provided by you when you use our accommodation services 

  • When attending our open drop in meetings 

  • When attending our nursery 

We can process Children’s data with the approval of a parent or guardian or where it is required for our legitimate interests, for safeguarding while using our services or dealing with feedback and complaints from the holder of parental responsibility. 

Special Category Data 

We collect special category data, necessary for the services provided and to meet legal requirements as a Charity and Social Housing provider, but also to help us eliminate gender bias and developing an inclusive culture that values all. 

The special category information we collect includes: 

  • Medical records and information 

  • Ethnicity 

  • Religion 

  • Sexual Orientation 

  • Disability 

  • Details of any criminal convictions. 

Our Legal basis to process 

The personal data that is used is limited to the information we need and is processed mainly using the legal basis to perform the tasks or services we have agreed with you or as needed for legal requirements. 

Additionally, there will be instances where we will process information using our legitimate interests where for example in promoting what we do, but only where this is if interest to you; our legitimate interests will include using data in the relationship or support between us. 

Special categories of data require higher levels of protection and a separate legal basis. We process this type of personal information either with your consent or as legally permitted by UK and EU data protection legislation such as processing: 

  • necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the data subject in connection with employment, social security or social protection (GDPR article 9,2b + Data Protection Act Sch1 part 1,1) 

  • carried out by a not-for-profit body which provides support to individuals with a particular disability or medical condition (GDPR article 9,2,d + Data Protection Act Sch1 part 1, 16); or 

  • necessary for health or social care purposes (GDPR article 9,2,h + +Data Protection Act Sch1 part 1,2) 

  • necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity (DPA 2018 Sch 1 part 2, 8) 

Keeping your information safe and secure 

YMCA HofE is committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.   

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality 

To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.  

Marketing 

YMCA undertake limited marketing activity and where we do we will try to tailor and provide you with details of products and services from us that may be of interest to you. We will only do so in accordance with any marketing preferences you have provided to us. 

As a charity we do rely on your support and donations but in supporting us we will only send you information that we believe will be in your interest or where you have agreed to receive this. 

Any marketing we undertake is made in a fully compliant manner as governed by UK Data Protection regulations and PECR and with the option for you to opt out from such contact at any time. Should you wish to opt out please contact us:
By phone: 0121 477 4644
By email: dataprotection@ymcaheartofengland.org.uk
By post: YMCA Heart of England, 301 Reservoir Road, Erdington, Birmingham B23 6DF. 

Cookies, Links & Wi-Fi 

YMCA Heart of England, like most organisations has a website and like most websites we also use ‘Cookies’. These are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. We do this to make a user’s experience more efficient and to provide us with the basic visitor statistics for analysis.
 

Where you have consented, we use Google Analytics cookies to collect anonymous traffic data, such as page visit information, where the visitors to the site had come from and the browser and operating systems used. This information is stored by Google and subject to their privacy policy.
 

The site also makes use of session cookies. Those cookies are necessary for site functionality and contain no personally identifiable information. They are deleted when the browser is closed. 

Please note, that you can delete any cookies that are already stored on your computer. Please refer to the instructions for your browser or file management software on how to do so.
For more information about cookies, including how to block or delete them, visit AboutCookies.org 

Links to other websites:  

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website. 

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site. 

We offer Wi-Fi to our clients and customers at certain locations. We do not use these access points to collect any personal data. It is the user’s responsibility to ensure that they have adequate anti-virus and firewall protection. 

Disclosure and use of Third Parties 

Access to your personal information is only allowed when required by law or is required as part of fulfilling our service obligations, (for example a court order) or for the purposes of crime and fraud prevention  

We may transfer your personal information to a third party as part of any business restructuring or reorganisation or as part of a sale of some or all our business and assets.  

We may also have a duty to disclose or share your personal data to comply with any legal obligation, safeguarding concerns or to enforce our terms of use or to protect the rights, property or safety of our staff and customers. However, where possible we will aim to ensure that your privacy rights continue to be protected. 

We do make use of third-party service providers to help us fulfil our services and where we do, the third party is required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions. 

We use third party providers to: 

  • To host our databases for Accommodation and nursery services 

  • Host and administer our website 

  • For our IT security and systems 

  • Administer our staff and volunteer records 

  • To help us manage and host our marketing promotions and events 

  • For legal advice and guidance in matters related to care, data protection and employees 

International Data Transfers 

We are a UK based charity and process personal information mainly in the UK or EEA. 

Please note though that your data may be exported to as well as stored and processed in countries outside of the country in which you reside, including, without limitation the United States. 

In any circumstance where we may have to transfer your personal data out of the UK or EEA, we ensure a similar degree of data privacy and protection is afforded to it by ensuring at least one of the following safeguards is implemented: 

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK 
  • Where we use service providers who are not in territories approved by the UK or EU commission, we will look to implement additional safeguards such as a detailed review of security measures and the use Standard Contractual Clauses (SCCs) approved by the UK 

How long your personal data is kept 

We retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

Details of retention periods for other aspects of your personal information are available in our Retention Policy which is available from dataprotection@ymcaheartofengland.org.uk 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the Institute we will retain and securely destroy your personal information in accordance with our data retention policy or applicable laws and regulations. 

Your Rights 

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us. 

Under certain circumstances, you have rights under UK Data Protection Act 2018 (DPA) in relation to your personal information. 

You may have the right to: 

  • Be informed of how we will use your data as provided by this Policy. 

  • Access the information held about you. Your right of access can be exercised in accordance with data protection law; 

  • Object to us processing or ask us to restrict the processing of your personal information for any of the purposes listed in this Policy, at any time 

  • Ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge 

  • Ask us to erase or delete your personal information (in certain circumstances). We will do our best to respond to such requests, but these are subject to certain limitations such as legal requirements 

  • Request a transfer of your personal information (again in certain circumstances). 

If you wish to exercise any of the above rights or to review, verify, correct or question anything detailed in this policy or are unhappy with any aspect of how we use your data please contact us at: 

You can write to: 

YMCA Heart of England
Data Protection Lead
301, Reservoir Road
Erdington
Birmingham
B23 6DF
 

You can e-mail: dataprotection@ymcaheartofengland.org.uk or call 0121 477 4644. 

We will respond to your request promptly and look to resolve any query within 30 days and free of charge. However, we reserve the right to refuse or charge an administrative fee for the furthering of any of the above requests if they are done so in a frivolous, vexatious or excessive manner. We will always notify you if such a charge is being applied 

 

Complaints
 

You also have the right to make a complaint at any time and we appreciate the chance to deal with your concerns in the first instance.
To register a complaint about how your data is being utilised please email us at: datacomplaintsandfeedback@ymcaheartofengland.org.uk 

If you are unsatisfied by our reply then you have the right to lodge a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can contact the Information Commissioner’s Office by telephone on 0303 123 1113, or by using the live chat service which is available through the Information Commissioner’s website www.ico.org.uk

The information Commissioner’s Office is the regulator for such activity and further information can be found on their website: https://ico.org.uk 

Data Protection Officer 

We have appointed external expertise as our data protection officer (DPO). 

If you have any questions about this privacy notice or how handle your personal information,
please contact our DataProtection@ymcaheartofengland.org.uk 

Changes to our Privacy Policy 

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
This Policy statement was last updated in May 2024