Privacy Notice

At Central YMCA we are committed to keeping your personal data safe and secure and handling it in accordance with our legal obligations.

This Privacy Notice sets out in detail the purposes for which we process your personal data, who we share it with, what rights you have in relation to that data and everything else we think it’s important for you to know.

If your company enlists our services, your company and our services may enter into a separate agreement that will govern the processing of all information and data collected in connection with the service, including some data collected through our websites. Such agreement takes precedence over any conflicting provision in this policy.

Who we are

Central YMCA is an education and wellbeing charity (registered charity number 213121). Central YMCA is made up of: Central YMCA Club, YMCA at One KX, YMCAfit, YMCA Awards and YMCA Training.

It is also a company registered in England and Wales (company number 119249), registered address 112 Great Russell Street, London, WC1B 3NQ.

Central YMCA owns and operates the following websites:

• www.ymca.co.uk
• www.ymcaclub.co.uk
• www.ymcaonekx.co.uk   
• www.ymcafit.org.uk
• www.ymcaawards.co.uk

Central YMCA is registered as a data controller with the Information Commissioners Office (ICO) (ICO registered number Z670975X).

We collect and process a range of personal data in order to provide our services. This includes name, postal address, email address, date of birth, gender, specific learning difficulties, disabilities and IP address depending on the type of enquiry or service.

What is personal data?

Under the Data Protection Act 2018 ('the Act') and General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') personal data is defined as 'any information relating to an identified or identifiable natural person ('data subject'), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.

The data controller

A data controller is the individual or legal person who exercises overall control over the purposes and means of processing of the personal data in paper or electronic files. Central YMCA is the data controller as defined by relevant data protection laws and regulation.

Lawful processing

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:      

(a) Consent: you have given Central YMCA freely, specific, informed or unambiguous consent for your personal data to be processed for a specific purpose.

(b) Contract performance: the processing is necessary for the performance of a contract you have with Central YMCA, which had asked you to take specific steps before entering into a contract.

(c) Compliance with legal obligation: the processing is necessary for Central YMCA to comply with the law for the tax, social security obligation and employment purposes (not including contractual obligations).

(d) Protection of vital interests: the processing is vital to an individual's survival.

(e) Public interest: the processing is necessary for Central YMCA to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for Central YMCA’s legitimate interests, or the legitimate interests of a third-party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

Data rights

Your data subject rights are listed below:

• the right of access.
• the right to rectification.
• the right to erasure or right to be forgotten.
• the right to restriction of processing.
• the right to be informed.
• the right to data portability.
• the right to object.
• the right not to be subject to a decision based solely on automated processing.

Under the Act and the GDPR, you may ask for a copy of the information we hold about you and you may request rectifications be made to this information if it is inaccurate or not up to date. You may also ask (in certain circumstances) for all the personal data we hold about you to be deleted. If you want to exercise any of these rights please write to data protection officer ('DPO'), at data.protection@ymca.co.uk.

What type of personal data is collected?

Information that you provide by completing forms in writing, email, through our web site or social media. This includes information provided at the time of registering with us, to use our website to become a member, to join Central YMCA, to enter into a contract for our services, to request materials or to request further services, when you respond to a survey and/or when you report a problem with any of our communication channels or services or when you apply for a job at Central YMCA..

We collect the following classes of information:

• name(s) and address(es), email, phone number(s) and other relevant (e.g. age group, interests, subscriptions, and etc.) personal details and preferred (e.g. activities, events, news, and etc.);
• staff details relevant to their employment status with us;
• records of donations;
• records of volunteering;
• photographs, recordings (audio and video)
• information about our relationship with you, correspondence, meeting notes, attendance at events etc.;
• occupation, skills and professional activity, network(s) and interests where relevant to our needs; and
• Financial information (e.g. bank details) where they may be relevant to our needs.

If you contact us, we may keep a record of that correspondence.

We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

We will keep details of transactions you carry out and of the fulfilment of your orders.

We may also keep details of your access to our databases or other materials.

To help us improve our services, if you send us personal information which identifies you via email, we may keep your email, your email address and 'screen' name. We may also collect information that is available from your browser.

We may also collect cookies during your visits to our website. Please refer to our Cookie Policy here.

How we collect your personal data

We collect information if you:

• subscribe to our newsletter
• submit an enquiry on one of our website forms, one of our events, on in person at our venues
• join as a member
• register or get certificated on our courses, programmes or qualifications
• book onto a class or event
• deliver our qualifications
• apply for job vacancies
• engage with us on social media
• enter prize draws or competitions
• choose to complete any surveys we send you
• use our free WiFi at any of our sites
• visit one of our sites which have CCTV systems operating for the security of both members, learners, customers and staff
• visit one of our sites that may have photography, recording or filming taking place that may be used for promotional material.

Why we collect personal information

Central YMCA collects and processes your personal data to:

• provide you with access to our services
• provide access to our assessments, learning materials and qualifications
• improve our websites and services
• ensure the security of our websites

Beyond these purposes, we process your data only if you have granted express consent for its stated purposes.

Contacting you using your data

When you submit your data, you are requesting a service from Central YMCA.

Typically, the provision of information is to help you decide on training and education to support your future study or career, further advice, guidance or information regarding services provided by Central YMCA, or booking classes, trials or tours to our health clubs.

We will use your data to contact you in order to fulfil this service request. This may include initial phone calls from our Course, Careers or Membership Advisers and emails informing you about the career, membership or information you are interested in, including course or career information, career opportunities, membership or health club information as well as offers and discounts.

As it can take up to 12 months to get from enquiry to enrolment, membership or booking a course, we may continue to communicate under legitimate interest for this period of time. Your Course, Career or Membership Adviser may get in touch with information that may be relevant and useful to you. 

You can request for us to stop these forms of communication at any time by contacting our Data Protection Officer.  

Sharing your personal data

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property, or safety of the organisation, or other individuals.

Central YMCA may engage third parties to help us provide you with a service, such as providers of cloud software, mailing houses and independent contractors. Therefore, Central YMCA has Data Processing Agreements in place with those parties to ensure that they use your personal data in accordance with the GDPR and the Act and in line with service requirements.

Third party websites

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Protecting your personal data

Central YMCA implements commercially reasonable technical and organisational measures to protect your personal data against abuse and loss. We store such data in secure environments. We provide training to our employees on data protection best practices and require them to enter into a confidentiality agreement. 

The data that we collect from you will be processed at our servers in the UK. It may also be processed by organisations operating in the EEA that Central YMCA has instructed.

If personal data is transferred outside the UK or EEA to a country without a designated adequacy rating, Central YMCA will request the data subject's consent before processing the data. Consent will not be sought where the processor's Binding Corporate Rules, Standard Contractual Clauses or adhoc contractual clauses stipulate that the data will be processed in accordance with the GDPR.

Security of your information

To help protect the privacy of data and personally identifiable information you transmit through use of this our website, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

How long we store your personal data for

We store your personal data in accordance with our data retention policy. This policy is reviewed and updated internally to ensure we do not store your data for longer than is necessary. We also review how and where we store any data to ensure that we meet our obligation to store data securely.

In addition, some of the data we hold may be subject to certain legal and regulatory obligations, which provide a minimum retention period for different types of data. The retention period varies depending on the data we hold.

Changes to this privacy notice

This privacy notice was last updated on 14 October 2020. Central YMCA reserves the right to vary this privacy notice from time to time. Such variations become effective on posting on this website. We recommend that you regularly revisit this privacy notice to check for any changes

Complaints

For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns.

Contact details

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate)