This policy is intended to inform you how and why Solent Youth Action uses personal information from our members and other members of the public. When we refer to “we” or “us” in this policy we are referring to Solent Youth Action (SYA).
Information we collect and hold about you
SYA will collect personal information about you when you contact us about providing any of our services to you (for example, your name, address, email contact details, telephone number. SYA may require further information before we can provide support for you (for example, next of kin, medical information) in order to comply with our requirements.
During the course of providing services to you, SYA may collect information about you and/or any other individuals you tell us about. Depending on the nature of the work SYA carries out for you, SYA may collect and use special categories of personal data about you or a third party you tell us about (for example, information about health, ethnic origin, education status etc).
When you become a member of SYA, or when you enter into discussions to become a member, we may add your personal data to our marketing database in order to send you information about events, legal updates, and other similar services you are entitled to access. We will always give you the opportunity to opt-out of this marketing.
If you are not a member of SYA and you are a consumer (i.e. you are not representing a business or organisation), we will only send you marketing communications by letter or email or other electronic means with your consent. If you consent to receive email marketing from us, we will add your personal information (your name and email contact details) to our marketing database.
You can contact us at any time at firstname.lastname@example.org to opt out, change your contact details or to update your communication preferences.
SYA may also send information by post if we are satisfied that we have a legitimate reason to do so, for example, a survey for clients to help improve our services.
Visitors to our website
People who contact us via social media:
If you send us a private or direct message via social media, SYA aims to deal with your enquiry in-house. SYA will not share messages with any other organisations without your prior consent.
Queries and complaints
If you send a query or complaint to us, we will use the personal information you provide to us (for example, your name and the name(s) of any other individuals involved) in order to process your query or complaint and respond to you.
How we use your information
SYA only ever uses your personal data if we are satisfied that it is lawful and fair to do so because:
- You have given your consent to us using your information for the specific purposes described in this privacy notice
- It is necessary to enter into, or perform, a service with you
- In order to comply with a legal obligation
- For our own (or a third party’s) legitimate interests provided your rights don’t override these interests. SYA may use your anonymised data to identify usage trends and for data analytics as this information will help us review and improve our products, services and offers and under reasonable expectation to provide you with information you would expect to receive or that would benefit and enhance our relationship.
SYA will only use special categories of personal data relating to you or to third parties you tell us about when we have your explicit consent and/or where it is necessary to use the information for the establishment, exercise or defence of legal claims.
SYA will never sell your personal data or share it with third parties who might use it for their own purposes.
Sharing your information
SYA will not disclose any information you provide to any third parties other than:
- Where you have given us consent to share the information
- Where we instruct professional advisors on your behalf e.g. Childrens Servcices
- Other third parties where necessary to carry out your written instructions.
- In order to enforce any terms and conditions or agreements between us
- To protect our rights, property and safety, or the rights, property and safety of others including the Safeguarding Partnership or other partnerships as required.
SYA may share results of research that we carry out into the use of our services with third parties but this information will always be anonymised and will not contain your personal information.
SYA has appropriate security measures in place to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
SYA holds data electronically in our secure document management system and on our on-site file servers. Network infrastructure is protected using firewalls and anti-malware software. SYA also has off-site back-up servers in secure locations.
SYA stores papers in lockable cabinets in our offices when not being actively used and we have a secure off-site document storage facility for archived papers. Our offices are secure and only personnel holding appropriate security passes can access areas where personal data is stored.
When necessary, we dispose of or delete your data securely.
SYA ensures that our employees and volunteers are aware of their privacy and data security obligations and we take reasonable steps to ensure that employees of third parties working on our behalf are aware of their privacy and data security obligations.
SYA limits access to your personal information to those employees, agents, contractors and other third parties who have a need to know. Access to client data is restricted to the appropriate team within the organisation.
The transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, SYA cannot guarantee the security of your electronic information transmitted to us and any transmission is at your own risk.
SYA has put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where SYA is legally required to do so.
SYA will hold the information for as long as required by law or our regulatory obligations. Each service will have a stipulated time, depending on how that service is funded. Please ask for details. Our default retention period for personal data is seven years from the date of our service to you or in the event that you or SYA need to re-open our support from the date on which the reopened matter came to an end, unless otherwise specified by law.
Please note that personal data held on our client files may be retained for longer periods as it may be necessary to retain this data in order to allow our clients or third parties to protect their legal rights.
These retention periods may be extended or reduced if we deem it necessary.
SYA reviews the personal data (and the categories of personal data) we are holding on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this data as may be required.
You have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- Ask us to correct any information that we hold about you which is incorrect, incomplete or inaccurate
- Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it
- Object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your personal information for direct marketing purposes
- Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it
- Ask us to transfer your personal information to another person or organisation
If you have given your consent to us processing your personal information (for example, consent to receive information about our events), you have the right to withdraw your consent at any time. To withdraw your consent, please contact email@example.com Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely.
Queries and complaints
Our CEO oversees compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact firstname.lastname@example.org.