Horizon Youth Zone (“we“, “our” and “us”) are committed to protecting and respecting your privacy.
Please read the following carefully to understand how we may use and store your personal data.
We are Horizon Youth Zones, a company registered in England and Wales with company number 12210018 and a registered charity with charity number 1187630. You can contact us in writing at Suite Gb Atria, Spa Road, Bolton, BL1 4AG or by email at email@example.com.
Any changes you make to your communication preferences will be processed by us within ten working days of our receipt of your instruction; however, you may still receive non-essential communications in the intervening time between the submission of your change and when we process that change.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance by following our Complaints Procedure.
Privacy is very important to us. We will only use your personal data in a way that is fair to you and in a clear, honest and transparent way. We will only collect your personal data where it is necessary for us to do so and if it is relevant to our dealings with you.
We may need to process personal data about you for many essential purposes. We could give lots of example, but we have set out below a list of the main reasons that we may need to collect and use your personal data. We may not use your personal data for all of these purposes; it will depend on the nature of your relationship with us, and how you interact with Horizon Youth Zone.
We may also process personal data about you for other optional purposes. We have set out a list of examples below. This usage of your personal data is on an opt-in basis. If you have opted in, you can choose to opt out of your personal data being used for any of these purposes by contacting us on 01204 362 128 or firstname.lastname@example.org.
4. Lawfulness of our Processing
It’s lawful for us to process personal data where the following conditions apply:
For example, should we ever ask you to provide any special categories of personal data (or “sensitive personal data”) about yourself (for example, information about any health condition that may be relevant if you are participating in our activities) we will always seek your explicit consent to process this data. We will always ask for your consent to process your personal data as stated above at the time that we collect the relevant personal data.
Where we are relying on consent to process your personal data and you are aged under 16, we will ask your parent or guardian to give their consent to such processing.
Where you (or your parent or guardian, as applicable) have given us consent to use your personal data in any way, you (or your parent or guardian, as applicable) have a right to withdraw that consent at any time by contacting us on 01204 362 128 or email@example.com. In some cases, withdrawing your consent may impact on our ability to provide the Services to you.
5. What are our legitimate interests?
We may rely on the following legitimate interests in order to process your personal data:
When we use your personal data for the purposes of our legitimate interests (as set out above), we will always consider if it is fair and balanced to do so and whether it would be within your reasonable expectations that we would use your data in this way.
We will balance your rights and our legitimate interests to ensure that the way in which we use your data never goes beyond what you would expect and is not unduly intrusive or unfair.
6. Personal data that we collect
Members, Members’ parents and/or guardians, enquirers, employees, volunteers, suppliers, customers, supporters and/or funders, participants at events, job applicants, and other professional contacts as required to carry out the operation of the charity.
7. Who do we share information with?
We may share your personal information within our funders and/or sponsors and within the Youth Zone Network, where it is necessary for the provision of the Services or the delivery of our core charitable services or where you have asked us about a Youth Zone project.
We may also share your personal data with statutory and regulatory bodies (for example, the Charity Commission, Companies House, Health and Safety Executive, Information Commissioner’s Office) where there is a legal requirement to do so. This might include, for example, for the purposes of registration and maintenance of statutory information.
We may also pass personal data to various third parties who provide various goods and/services to us, or on our behalf, which we require in order to provide you with the Services. In all of these situations, we ensure that we always have a written contractual agreement in place that will ensure that those organisations can only use the personal data provided for the specific purposes we direct them to do and that they have in place strict security requirements in order to protect your personal data.
Cloud-based database systems (Salesforce, Kronos) Storing data
Database system and application developers and consultants Development of data storing systems including migration of data from one system to another
Website developers Development of website and linked functionality such as online payment systems
Analysis of website activity
Social media analytics Analysis of social media activity
Wifi tracking system provider
Analysis of centre usage using location tracking and targeting delivery and communications based on this usage
Marketing, communication and PR consultants Marketing, communication and PR support
Consultants and evaluators Assessment of the impact of charitable services, projects, needs assessments or research reports
Recruitment services with applicant recommendation or tracking systems Targeted recruitment of staff
DBS checking service
Vetting of potential employees and volunteers in line with Safer Recruitment Practice
HMRC Calculation and payment of Tax and National Insurance
Payroll bureau Payment of employee wages
Pension and employee benefit providers Provision of workplace pension and employee benefits such as childcare vouchers
Insurance providers Provision of adequate insurance cover and resolution of policy queries or claims
In addition to the above, we may exchange information with third parties for the purposes of fraud protection and credit risk reduction. We may also transfer our databases containing your personal data if we transfer our business or part of it.
1. Where we store your personal data
We have in place appropriate technical and security measures to prevent unauthorised or unlawful access to or accidental loss of or destruction or damage to your information. We store your personal details on a secure server. We use firewalls on our servers.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We may transfer or store your personal data outside the European Economic Area (“EEA”) for example a third-party e-mail service based in the US, MailChimp.
Where third-party data processors transfer data outside the EEA, we ensure a similar degree of protection is afforded to your personal data by ensuring at least one of the following safeguards is implemented:
Please contact us on 01204 362 128 or firstname.lastname@example.org if you want further information on the specific mechanism used if your personal data is transferred out of the EEA.
2. Your rights
You have the following rights in respect of your personal data:
Please contact email@example.com for further information about any of your rights.
Please note if you ask us to erase your data and/or restrict processing of your data, we may not be able to provide you with the Services.
3. How long we keep personal data
We will only keep personal data for as long as we are either required to by law or as is relevant for the purposes for which it was collected in line with our Data Retention policy, a copy of which is available on request by contacting us on 01204 362 128 or firstname.lastname@example.org. After this point the data will either be deleted or rendered anonymous.
Retention of data will normally be in line with statutory requirements, except where legitimate interest or best practice recommendations relevant to on-going provision of the charitable services dictate alternative periods, for example where an insurance company requires the retention of Member information for a period of 50 years in the event of an abuse claim.
We will keep a record of your name and email address on our ‘do not contact’ suppression list if you request that we do not send you direct marketing.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Any communication through external social media platforms that we participate on are subject to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. We will never ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact us by telephone or email.
Our website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Through our social media platform accounts we may share web links to relevant web pages. By default some social media platforms shorten lengthy URLs (web addresses), this is an example: http://bit.ly/2GGZh1E. Users are advised to take caution and good judgment before clicking any shortened URLs published on social media platforms by us. Despite the best efforts to ensure only genuine URLs are published, many social media platforms are prone to spam and hacking and therefore we cannot be held liable for any damages or implications caused by visiting any shortened links.