YMCA Birmingham is a registered charity and parent company of YMCA Birmingham and Solihull Enterprises Limited a private limited company. These two companies operate as a Group with a common policy in respect of data privacy and reference in this policy to Birmingham YMCA includes all the activities of the Group including YMCA Birmingham and Solihull Enterprises Limited.
We take your privacy very seriously and we ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and how to contact us and the supervisory bodies if you have a complaint.
Who are we & What do we do?
YMCA Birmingham is a Group with a registered office at Will Steel House, 109 Grosvenor Road, Aston, Birmingham B6 7LZ. We are regulated by the Regulator for Social Housing, Ofsted and the Charities Commission.
YMCA Birmingham is the data controller in relation to the processing activities described below. This means that we decide why and how your personal information is processed.
Our mission is to inspire young people to discover their potential so that they can live life in all its fullness. We provide accommodation and support to help vulnerable people towards independent living whilst also providing employment, training and work place experience through our social enterprises and employability projects. We also provide childcare through our nurseries and offer conference facilities and training services for businesses and individuals and run a café open to members of the public
Registered Company Details
Birmingham YMCA Charity No. 218808, Company No. 170981, Homes England No. 4783.
Birmingham and Solihull Enterprises Limited, Company No 07306415.
Get in Touch
You have the right to ask for a copy of the information we hold about you and to have any inaccuracies in your information corrected. You also have the right to ask us to delete any personal information we hold about you. Please refer to your rights section for further details.
You can access your personal data held by us or request to receive your information in part or its entirety in electronic format. There may be a charge for this service.
For all questions and concerns regarding the processing of your personal information, please do get in touch. You can write to:
Data Protection Lead
109 Grosvenor road, Aston, Birmingham
You can e-mail: BYMCA.GDPR@ymcabirmingham.org.uk or call 0121 477 4644.
The information Commissioner’s Office is the regulator for such activity and further information can be found on their website: https://ico.org.uk
YMCA Birmingham is registered with the ICO and our registration number is: Z2680262.
The personal data we collect and use
We collect your personal data where there is a statutory or contractual requirement to do so. To enter a contract and receive our services you are obliged to provide us with your details and consent, failure or refusal to provide consent or your details may lead to withdrawal of our services and cancellation of any agreements or contracts already in place.
While providing our services to you we may collect the following personal data when you provide it to us or from third party agencies to whom you have already given consent.
- Contact information
- Identity Information
- Financial Information
- Transaction data
- Dietary Information
- Health Information
- Profile data
- Marketing and communications data
- Children’s data provided by you.
- CCTV data – we retain CCTV data for the purposes of monitoring, crime prevention and community safety. This data is held in accordance with our data retention policy.
Please contact us should you require more information, the details of how to contact us are in the above section of this document.
Children need protection where their data is collected and processed. We may collect and process Children’s data as described below:
- For enquiring and attending at nurseries, play schemes and before/after school clubs for the provision of childcare. When filling out data forms in respect of these, it will include the provision of personal information relating to the child to fulfil our duty of care under the contract and any statutory duties.
- For enquiries and making bookings for Children’s parties and events. When filling out forms relating to the event you may choose to provide us with the children’s names, ages, dietary and other requirements.
- Referral information from third party agencies.
We can process Children’s data where it is required for our legitimate interests, the provision of childcare and hosting Children’s events, dealing with feedback and complaints based on consent, from the holder of parental responsibility. In those circumstances, we make reasonable efforts to verify such consent.
How we use your personal data
The table below sets out how we use your personal data
The lawful basis upon which we collect personal data and
Who we routinely share your personal data with
Reason for Processing
Lawful Basis for Processing
Third Party recipients linked to that activity
To provide you with access to housing and support services
Consent obtained via contractual agreement between both parties
Referral agencies and local authorities
To provide you with childcare services
Consent obtained via contractual agreement between both parties
Local authorities and funding bodies
To provide you with training services, conference facilities and other commercial activities
Consent obtained via contractual agreement between both parties
Employers and other contractual agencies
To market services or publicise our activities or to raise funds
Consent obtained from previous contract with the data subject
Special Category Data
Certain types of personal data are considered more sensitive and so are subject to additional levels of protection under data protection legislation:
- Racial and Ethnic Origin
- Political Opinions
- Religious Beliefs
- Philosophical beliefs
- Trade Union Membership
- Genetic data
- Biometric data
- Health data
- Sexual Orientation
Data relating to criminal convictions or offences is also subject to additional levels of protection.
We may use personal data we hold about you to help us identify, tailor and provide you with details of products and services from us that may be of interest to you. We will only do so where we have obtained your consent and will do so in accordance with any marketing preferences you have provided to us.
In addition, where you have provided your consent, we will provide you with details of products and services of third parties where they may be of interest to you.
You can opt out of receiving marketing at any time. If you wish to amend your marketing preferences, please contact us
By phone: 0121 477 4644
By email: BYMCA.GDPR@ymcabirmingham.org.uk
By post: Will Steel House, 109 Grosvenor Road, Aston, Birmingham B6 7LZ.
YMCA Birmingham will never sell your data to any third party.
Keeping your personal information safe
We will take appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and relevant. We also have procedures in place to deal with any unsuspected data security breach. We will notify you and any professional regulators or other applicable regulator of a suspected data security breach where we are legally obligated to do so.
How long your personal data is kept
We will hold your personal data for differing periods dependent upon the reason we have for processing it, the general policy is set out below and further detail is set out in our data retention policy.
Type of Record
Paper or digital capture of data for the performance of a contract, legitimate interest, compliance with a legal obligation, or consent
We will only keep information for as long as it is necessary in order to discharge our statutory and legal obligations. As a rule, we will retain records for a period of six years following the termination of the contractual relationship between us unless there are circumstances which mean we must keep records for longer time periods under statutory obligations
Transferring your information outside of Europe
Birmingham YMCA does not transfer your information outside the EEA, all our systems servers are located within the EEA and data transferred between servers is encrypted and protected. Birmingham YMCA is also working towards a cyber essentials certification.
You have legal rights under data protection regulation in relation to your personal data. All requests relating to these rights must be in writing. Please refer to the get in touch section should you wish to contact us.
Your rights are set out below;
- Right of access – you can ask us to confirm whether we have and are using your personal data, you can also ask us to send a copy of your personal data to you and information on how we process it.
- Right of rectification – you can ask that we rectify any information that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – you can ask that we erase your personal data if you think we no longer need to use it for the purposes for which we collected it from you.
You can also ask that we erase your personal data if you have withdrawn your consent to us using your information, or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal data.
If you excise your right to be forgotten, please note that this will affect the services we provide to you and may lead to them being withdrawn.
- Right to restriction of processing – You have a right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can also ask that we restrict use of your personal data in certain circumstances, for example:
- Where you think, the information is inaccurate and we need to verify it.
- Where our information is no longer required for the purpose it was collected for but we need it to establish, exercise or defend legal claims.
- Where you have objected to our use of personal data but we still need to verify if we have overriding grounds to use it.
We can continue to use your personal data following a request for restriction where we have your consent to use it, or we need to use it to stablish, exercise or defend legal claims, or we need it to protect the rights of another individual or a company.
- Right of portability/data transfer – you can ask us to provide your personal data to you in a structured commonly used, electronic format or you can ask to have it transferred directly to another data controller.
You may only exercise this right where we use your personal data to perform a contract with you or where we have asked you for consent to use your personal data.
- Right to object – you can object to any use of your personal data which we have justified based on our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate business interest. If you raise an objection we may continue to use the personal data if we can demonstrate that we have compelling legitimate interest to use the information.
- Right to object to automated processing, including profiling – If we make a decision about you based solely on automated means (i.e. without human intervention), and the decision made by us produces a legal effect concerning you or significantly affects you, you may have the right to contest the decision and ask for a human review. These rights do not apply where we are authorised by law to make such decisions and have adopted suitable safeguards in our decision-making processes to protect your rights and freedoms
- Right to judicial review: if Birmingham YMCA refuses your request under rights of access, we will provide you with a reason as to why.
We may ask for proof of identity when you make a request to exercise any of these rights. We do this to ensure we only disclose information or change your details where we know we are dealing with the right individual.
We will not ask you for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary we will inform you before proceeding with your request.
We aim to respond to all valid requests within one month, it may take us longer however if the request is particularly complicated or you have made several requests. We will always let you know if your response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.
16 or under?
We are committed to protecting the privacy of children aged 16 or under. If you are aged 16 or under, please get your parent or guardians permission before providing us with your personal information.
Cookies, Links & Wi-Fi
Birmingham YMCA, like most organisations has a website and like most websites we also use ‘Cookies’. These are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. We do this in order to make a user’s experience more efficient and to provide us with the basic visitor statistics for analysis.
The site also makes use of session cookies. Those cookies are necessary for site functionality and contain no personally identifiable information. They are deleted when the browser is closed.
Please note, that you can delete any cookies that are already stored on your computer. Please refer to the instructions for your browser or file management software on how to do so.
For more information about cookies, including how to block or delete them, visit AboutCookies.org
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.
We offer Wi-Fi to our clients and customers at certain locations. We do not use these access points to collect any personal data. It is the user’s responsibility to ensure that they have adequate anti-virus and firewall protection.
This Policy statement was last updated in May 2018.
From time to time it may be necessary to change this statement so please check our website https://ymcabirmingham.org.uk/ where a current version will always be available. By using our services, you are consenting to the collection of your personal information and are agreeing to be bound by this Policy.
If you have any questions regarding this Policy and our privacy practices or if you have a complaint about how your data is being handled , please contact us via e-mail to BYMCA.GDPR@ymcabirmingham.org.uk or by writing to YMCA Birmingham, Data Protection Lead, Will Steel House, 109 Grosvenor Road, Aston, Birmingham, B6 7LZ. Alternatively, you can telephone 0121 477 4644.
We are a registered Data controller with the Information Commissioner’s Office our ICO registration number is: Z2680262
You have the right to lodge a complaint directly with the supervisory authority. In the UK this is the Information Commissioner’s Office www.ico.org.uk
Information Commissioner’s Office