This is Youth Justice Legal Centre (YJLC) privacy and data protection policy, which covers the data we either collect or process from our clients, staff, supporters or other partners. ‘We’ and ‘our’ in this notice refers to YJLC and its organisational policies. We will also explain how to contact us about the data we process which relates to you personally. YJLC is committed to protecting the personal data of our clients, supporters, staff and other partners and respecting their privacy. We have in place a robust information security management programme which relies on technical and organisational measures which are reviewed and updated regularly.
Where YJLC processes and stores any personal information, we do so in adherence to the requirements of the UK Data Protection Act (DPA) 1998 and, on implementation, the General Data Protection Regulations (GDPR) 2018.
This notice is about how we treat your personal data. Personal data is information which can be used to identify you, including name, date of birth, email address and postal addresses. This list is not intended as to be read as comprehensive, but instead is indicative of the sort of information we collect.
Under data protection regulations, there are two main reasons to process this personal data. These are:
- Consent- there are certain types of data and ways of processing which require your consent. Some types of processes will always require consent, such as direct marketing contact. Consent is always affirmative or ‘opt-in’.
- Legitimate interest- there are other categories of data which do not require consent, as after a balancing exercise, there is a legitimate interest in processing which outweighs any potential risk to your rights or freedoms. We undertake this balancing exercise for each way we process your data.
We collect personal data including names, nationalities, postal addresses, telephone numbers and email contacts. This data is collected when you contact us directly, donate through PayPal or sign up to our mailing lists via Mailchimp. Where you give your data to us through a third party (a ‘data controller’), we will process your data in line with their privacy policies and the consent you provided to them.
Where you provide us with this information directly, we are acting as the data controller. We will record your data so we are able to either provide you with support or work with you in the future. We will never contact you for direct marketing purposes without your consent to receive this correspondence. There are some reasons we might be required by law to process your data, for instance, report any suspected fraud. Any analysis of data required by statute does not require your consent. In limited circumstances, we will share this information with third parties, who will process this data on our behalf, under our direction. This will be only be done with your consent or legitimate interest and where are satisfied that the other party is compliant with GDPR and all other data regulations.
Sensitive personal data is defined by GDPR and includes the physical or mental health or condition, sexual life, racial or ethnic origin, political opinion, religious or similar beliefs, trade union membership and the commission or alleged commission by the data subject of any offence, or any proceedings for any offence that are ongoing. We do not collect this data about our supporters.
If you are working with us as a client, we may collect details of your physical and mental health, your race or ethnic origin, your sexuality and your religion. This will either be with your consent or you have a legitimate interest in us holding it. What data we collect and why will be explained to you in your client engagement letter. This data is not shared with anyone else. It may be anonymised (so it is no longer related to you as an individual) and analysed to see how we are doing at reaching different groups. This anonymised data might be shared with our funders or other evaluators.
Under data protection law, you have the right to:
- Request a copy of the information we hold about you
- Update or amend the information we hold about you if it is wrong
- Change your communication preferences at any time
- Ask us to remove your personal information from our records: in these circumstances, we would retain your name on a ‘suppression list’ of individuals with whom we will not make any future contact
- Object to the processing of your information for marketing purposes, or
- Raise a concern or complaint about the way in which your information is being held or used by us
We will respond to any such requests within a month, and where possible, sooner.
If you wish to do any of the above or find out more information, you can contact us at:
Data Protection Officer,
YJLC, 2 Fulbrook Mews, London, N19 5EN
Email: [email protected]