Service User Privacy Notice
Wycombe Youth Action collects and processes personal data relating to its service users to manage service provision. We are committed to being transparent about how data is collected and use that data to meet our data protection obligations.
What information does Wycombe Youth Action collect?
The charity collects and processes a range of information about our young people. Some of this information is mandatory in order to use our services, for safeguarding and medical reasons.
- the name, address and contact details, including email address and telephone number, of both the young person and a parent/guardian
- date of birth and gender of young person
- registration of attendance at youth club sessions
- information about medical or health conditions, including whether or not the youngperson has a disability for which the organisation needs to make reasonable adjustmentsWe also ask for certain other information about the young person in order to provide the best possible service to our users.
None of this information is mandatory:
- details about any care that is already being received (e.g. from local authority/other agencies)
- details of doctor’s surgery and housing provision
- education/employment status
- interests and hobbies
- goals for achievement through the service provision
- additional needsWYA, as well as those third parties with which it works to provide youth services, uses a Membership Form to collect this data, which is then uploaded into the CRM, a fully GDPR compliant data management system, run by data processing company Cleartext Limited (t/a Ingenuity Systems UK). Their own data protection policies can be found here: https://www.ingenuitysystems.uk/privacy-policyWhy does the organisation process personal data?In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. For example, to comply with health and safety laws, safeguarding regulations and police/social service referrals.In other cases, the organisation has a legitimate interest in processing personal data.
Processing data allows the organisation to:
- evaluate and improve its services to ensure that the provision is always of the highest standard
- demonstrate and evidence to funders that their money is being used in an effective and prudent manner
- obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities and meet its obligations under health and safety law
- comply with insurance requestsThe information will not be used for any marketing or fundraising purposes.Who has access to data?Information may be shared internally where it is required to provide the service, including with relevant youth workers and members of the management team.In certain very limited cases the organisation shares your data with third parties in order to fulfil its safeguarding obligations.The organisation will not transfer data to countries outside the European Economic Area.How does the organisation protect data?The organisation takes the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by its employees in the performance of their duties.Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.For how long does the organisation keep data?The organisation will hold personal data for the duration of the time that the young person uses the service, plus a period of two years.Your rights. As a data subject, you have a number of rights.
- access and obtain a copy of your data on request
- require the organisation to change incorrect or incomplete data
- require the organisation to delete or stop processing your data, for example wherethe data is no longer necessary for the purposes of processing; and
- object to the processing of your data where the organisation is relying on itslegitimate interests as the legal ground for processing.If you would like to exercise any of these rights, please contact – firstname.lastname@example.org
We do not make decisions on how to process data based solely on automated decision- making.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
WYA, is firmly committed to the belief that all children and young people have a fundamental right to be protected from harm and fully recognises its responsibility for child protection and to promote the welfare of children and young people. The safety and protection of all children and young people that WYA supports is paramount and has priority over all other interests.
WYA encourages a culture of listening and engaging in dialogue with young people, seeking their views in ways that are appropriate to their age, culture and understanding.
The purpose of this Safeguarding Policy is to ensure at all times, the maximum protection from any kind of harm for all young people involved in any way with WYA. For the purpose of this policy, WYA has defined harm as:
• emotional abuse
• physical abuse
• racial abuse
• sexual abuse or sexual exploitation
• exposure to drug/alcohol misuse
• bullying–Including cyber bullying
• female genital mutilation
This policy’s purpose is to protect the personal safety of all children and young people using the facilities, resources and activities provided by WYA, by actively promoting awareness, good practice and sound procedures.
The policies laid out are in accordance with Children’s Act 1989, Children’s Act 2004 and the guidance ‘Working Together to Safeguard Children 2015’.
Read the full policy
Data Protection Policy
Data Protection Procedures
Health and Safety Manual
HR Policy Manual
Mobile Phone Policy
Social Media and Live Streaming Policy