Mahdlo Youth Zone (“we“, “our” and “us”) are committed to protecting and respecting your privacy.Please read the following carefully to understand how we may use and store your personal data.
Who we are and how to contact us
We are Mahdlo (Oldham Youth Zone), a company registered in England and Wales with company number 6946098 and a registered charity with charity number 1134427. You can contact us in writing at Mahdlo (Oldham Youth Zone), Egerton Street, Oldham, OL1 3SE or emailing firstname.lastname@example.org. We are registered with the Information Commissioner’s Office, with registration number: ZA354633
Any changes you make to your communication preferences will be processed by us within ten working days of our receipt of your instruction; however, you may still receive non-essential communications in the intervening time between the submission of your change and when we process that change.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance by following our Complaints Procedure.
- “Member” means a young person who is a member, or applies to be a member, at Mahdlo (Oldham Youth Zone). “Membership” shall be construed accordingly;
- “Personal data” means any personal data relating to an identified or identifiable natural person;
- “Process” or “Processing” means anything that we do with your personal data, including collecting, sharing, storing, using and/or deleting the personal data;
- “Services” means the sport, art and enterprise activities and other services provided for Members at Mahdlo (Oldham Youth Zone), and the services provided in relation to your Membership; and
- “You” refers to: an individual who visits our website; a Member and/or the parent/guardian of a Member; a supporter; funder; or member of staff or volunteer of Mahdlo (Oldham Youth Zone), in respect of whom we process personal data.
Why do we process your personal data?
Privacy is very important to us. We will only use your personal data in a way that is fair to you and in a clear, honest and transparent way. We will only collect your personal data where it is necessary for us to do so and if it is relevant to our dealings with you.
We may need to process personal data about you for many essential purposes. We could give lots of examples, but we have set out below a list of the main reasons that we may need to collect and use your personal data. We may not use your personal data for all of these purposes; it will depend on the nature of your relationship with us, and how you interact with Mahdlo (Oldham Youth Zone).
- Delivery of core charitable services: Delivery of our core charitable activities may require us to record your contact details, eligibility for our charitable services, records of financial transactions and other communications with you.
- Communication about, and administration of, your Membership: Where you are a Member (or the parent/guardian of a Member) we will need to process your personal data in order to send you essential information about your Membership and/or the Services and to help us effectively carry out our charitable activities. For example, we may need to use your personal data to keep you updated about your Membership, to send you information generally relevant to the Services (including informing you about developments or changes to the Services) and to identify any misuse or abuse of our Services.
- Due diligence on donations: Our trustees have a duty to ensure that there is no reputational or financial risk to accepting a donation or other kind of support. Where you are a supporter or potential supporter, we may therefore use publicly available sources to carry out due diligence on you to ensure that we are fundraising within the law. For more information on the circumstances this may apply in and the type of information required please visit https://www.gov.uk/government/publications/charities-due-diligence-checks-and-monitoring-end-use-of-funds. If we cannot process your personal data for these purposes, then we may be unable to accept your donation or other support.
- Research: We may collect data to carry out research on our supporter base. This is in order to improve our communications and ensure that we understand how best to interact with our valued supporters. Information we gather from individuals as part of this process is only used for our internal research purposes.
- Profiling: In some circumstances we may combine the personal data a supporter gives to us with information available in the public domain to create a profile of a supporter’s interests and preferences where they are relevant to that individual’s engagement with Mahdlo (Oldham Youth Zone). Information collected for these purposes may include information about your corporate directorships, shareholdings, published biographical information, employment, philanthropic interests and networks, charitable giving and relevant media coverage. We do this to help us understand the ways in which our supporters can support our work sooner, and more cost effectively. The use of publicly available sources helps us determine what support we should ask you for and helps us engage you in activities that are relevant to your areas of interest and influence.
- Management of volunteers: If you are one of our valued volunteers we may need to use your personal data to manage your volunteering activities, deliver training, involve and update you on our projects and campaigns and to ensure your safety. This may include sending you newsletters or information about our fundraising appeals so that you are best equipped to perform your role and advise the public about our work. If we cannot process your personal data for these purposes, then we may be unable to involve you in our volunteering activities.
- Staff administration: Mahdlo (Oldham Youth Zone) employs staff who are crucial to both delivering our projects and raising the funds to provide our charitable services as well as providing a range of professional and technical support. We process the personal data of our staff for recruitment, staff administration, remuneration, pensions and performance management purposes.
We may also process personal data about you for other optional purposes. We have set out a list of examples below. This usage of your personal data is on an opt-in basis. If you have opted in, you can choose to opt out of your personal data being used for any of these purposes by contacting us on 0161 624 0111 or emailing email@example.com.
- Fundraising, campaigning and marketing: We have a range of fundraising and marketing activities that are designed to raise income or promote the aims and objectives of the charity. Where you have opted-in to receive such communications, we may use your personal data to contact you about projects, campaigns, competitions, commercial trading activities, sponsorships, events or volunteering opportunities, which we think you may be interested in. We may also ask if you are able and prepared to Gift Aid any of your donations.
- Analysis, targeting and segmentation: In order to fund our charitable work giving young people somewhere safe and inspiring to go in their leisure time, we have to communicate our aims and objectives and ask people for financial support. Efficiency is very important to us, as we value every single donation. Therefore, we only want to send communications that are genuinely interesting and relevant to you. We will make use of information you have given us and your interactions with our Services, to help us predict your interests and tailor and personalise our communications in the future. This may also involve the use of focus groups to understand our supporters better.
Lawfulness of our Processing
It’s lawful for us to process personal data where the following conditions apply:
- Consent: This applies where you have given your consent to the processing of your personal data for one or more specific purposes.
For example, we will always ask for your consent to contact you for the purpose of direct marketing by email or SMS text message. Also, should we ever ask you to provide any special categories of personal data (or “sensitive personal data”) about yourself (for example, information about any health condition that may be relevant if you are participating in our activities) we will always seek your explicit consent to process this data. We will always ask for your consent to process your personal data as stated above at the time that we collect the relevant personal data.
Where we are relying on consent to process your personal data and you are aged under 16, we will ask your parent or guardian to give their consent to such processing.
Where you (or your parent or guardian, as applicable) have given us consent to use your personal data in any way, you (or your parent or guardian, as applicable) have a right to withdraw that consent at any time by contacting us on 0161 624 0111 or firstname.lastname@example.org. In some cases, withdrawing your consent may impact on our ability to provide the Services to you.
- Contractual Necessity: This will apply where you are a Member, our staff and/or in some cases a volunteer and the processing of your personal data is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into a contract with us. Where you are a Member, we process personal data about you in order to make the Services available to you. We cannot provide the Services without access to this personal data.
- Legal Obligation: This will apply where the processing is necessary in order for us to comply with a legal obligation which applies to us. This might include, for example, where we have a legal obligation in relation to a safeguarding issue or in relation to our statutory reporting requirements.
- Your Vital Interests: This will apply where the processing of your personal data is necessary in order to protect your vital interests. For example, this would apply if you were ill and we needed to share your personal data with the emergency services.
- Legitimate Interests: This will apply where the processing of your personal data is necessary for the purposes of the legitimate interests of Mahdlo (Oldham Youth Zone) (or a third party), provided that such processing is fair and balanced and does not have a disproportionate impact on your rights of data privacy. We have set out below a list of the legitimate interests that we may rely upon.
What are our legitimate interests?
We may rely on the following legitimate interests in order to process your personal data:
- Delivery of our charitable purposes as set out in our charitable objects, including providing information about your Membership to our suppliers, funders and/or sponsors as required for the purposes of the development, coordination and support of Mahdlo (Oldham Youth Zone);
- Reporting criminal acts and compliance with the legal instructions of law enforcement agencies;
- Internal and external audit for financial or regulatory compliance purposes; and/or
- Statutory reporting.
Publicity and income generation
- Direct marketing by post and other forms of marketing, publicity or advertisement which are not directed at an individual;
- Personalisation to tailor and enhance the supporter experience in our communications.
- Analysis, targeting and segmentation to develop fundraising strategy and improve communication efficiency;
- Processing for research purposes; and
- Profiling, including the use of publicly available information.
- Employee and volunteer recording and monitoring for recruitment, safety, performance management or workforce planning purposes;
- Provision and administration of staff benefits such as pensions;
- Physical security, IT and network security;
- Maintenance of suppression lists; and
- Processing for historical, research or statistical purposes.
Financial management and control
- Processing of financial transactions and maintaining financial controls;
- Prevention of fraud, misuse of services, or money laundering; and
- Enforcement of legal claims.
Purely administrative purposes, which may include (without limitation)
- Responding to any solicited enquiry from any of our stakeholders;
- Delivery of requested products, resources or information packs;
- Administration of direct debits and other existing financial transactions;
- Administration of Gift Aid;
- Provision of ‘thank you’ communications and receipts; and
- Maintenance of ‘do not contact’ suppression lists.
When we use your personal data for the purposes of our legitimate interests (as set out above), we will always consider if it is fair and balanced to do so and whether it would be within your reasonable expectations that we would use your data in this way.
We will balance your rights and our legitimate interests to ensure that the way in which we use your data never goes beyond what you would expect and is not unduly intrusive or unfair.
Personal data that we collect
Who do we collect it about?
We may collect and use various personal data about:
Members, Members’ parents and/or guardians, enquirers, employees, volunteers, suppliers, customers, supporters and/or funders, participants at events, job applicants, and other professional contacts as required to carry out the operation of the charity.
What do we collect?
We may collect and use some or all of the following types of personal data, which may include information that you provide to us, information that we collect about you, for example, in relation to your use of the website and/or the Services, and information that we collect from third parties:
- Full name;
- Contact information (address, telephone number, email address etc.);
- Contact names and contact information of your emergency contact, spouse/partner, assistant and/or referee;
- Images (print and digital photographs, moving images, CCTV recordings);
- Personal and demographic information (date of birth, age, gender, nationality etc.);
- Professional information (organisation, title, board memberships, connections, employment records etc.);
- Support services (Looked After Children, support/ key workers etc.);
- Safeguarding records (concerns, disclosures, meetings etc.);
- Identification numbers;
- Biometric data;
- Financial information;
- Information relating to a Member’s use of their Membership and activities at Mahdlo (Oldham Youth Zone); and/or;
- With regard to your visits to our website, we may collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit to the website, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
Special Categories of Personal Data relating to you that we may process may include (without limitation):
- Racial or ethnic origin;
- Religious or other beliefs of a similar nature;
- Physical or mental health or condition;
- Sexual health and relationships;
- The commission or alleged commission by you of any offence; and/or
- Any proceedings for any offence committed or alleged to have been committed by you, the disposal of such proceedings or the sentence of any court in such proceedings.
Who do we share information with?
We may share your personal information within our funders and/or sponsors and with OnSide Youth Zones, where it is necessary for the provision of the Services or the delivery of our core charitable services or where you have asked us about a project.
We may also share your personal data with statutory and regulatory bodies (for example, the Charity Commission, Companies House, Health and Safety Executive, Information Commissioner’s Office) where there is a legal requirement to do so. This might include, for example, for the purposes of registration and maintenance of statutory information.
We may also pass personal data to various third parties who provide various goods and/services to us, or on our behalf, which we require in order to provide you with the Services. In all of these situations we ensure that we always have a written contractual agreement in place that will ensure that those organisations can only use the personal data provided for the specific purposes we direct them to do, and that they have in place strict security requirements in order to protect your personal data.
|Cloud based database systems (Salesforce, Kronos)||Storing data|
|Database system and application developers and consultants||Development of data storing systems including migration of data from one system to another|
|Website developers||Development of website and linked functionality such as online payment systems|
|Website analytics (Google Analytics)||Analysis of website activity|
|Social media analytics||Analysis of social media activity|
|Wifi tracking system provider (Purple Wifi)||Analysis of centre usage using location tracking and targeting delivery and communications based on this usage|
|Marketing, communication and PR consultants||Marketing, communication and PR support|
|Consultants and evaluators||Assessment of the impact of charitable services, projects, needs assessments or research reports|
|Recruitment services with applicant recommendation or tracking systems||Targeted recruitment of staff|
|DBS checking service (uCheck)||Vetting of potential employees and volunteers in line with Safer Recruitment Practice|
|HMRC||Calculation and payment of Tax and National Insurance|
|Payroll bureau||Payment of employee wages|
|Pension and employee benefit providers||Provision of workplace pension and employee benefits such as childcare vouchers|
|Insurance providers||Provision of adequate insurance cover and resolution of policy queries or claims|
In addition to the above, we may exchange information with third parties for the purposes of fraud protection and credit risk reduction. We may also transfer our databases containing your personal data if we transfer our business or part of it.
Where we store your personal data
We have in place appropriate technical and security measures to prevent unauthorised or unlawful access to or accidental loss of or destruction or damage to your information. We store your personal details on a secure server. We use firewalls on our servers.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We do not routinely transfer or store your personal data outside the European Economic Area (“EEA”).
However, some of our third-party data processors may transfer data outside the EEA. Whenever your personal data is transferred out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will allow the transfer of your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- We may allow the transfer of personal data to third party providers in the USA if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the USA; or
- In respect of the transfer of personal data to other countries outside the EEA, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Please contact us on 0161 624 0111 or email@example.com if you want further information on the specific mechanism used if your personal data is transferred out of the EEA.
You have the following rights in respect of your personal data:
- A right to request from us access to your personal data;
- A right to request rectification of your personal data
- A right to request erasure of your personal data;
- A right to ask us to restrict processing of your personal data and a right to object to our processing of your personal data;
- A right to ask us for a copy of any personal data that we hold in respect of you; and
- A right to lodge a complaint about how we treat your personal data with the Information Commissioner’s Office.
Please contact firstname.lastname@example.org for further information about any of your rights
Please note if you ask us to erase your data and/or restrict processing of your data, we may not be able to provide you with the Services.
How long we keep personal data
We will only keep personal data for as long as we are either required to by law or as is relevant for the purposes for which it was collected in line with our Data Retention policy, a copy of which is available on request by contacting us on 0161 624 0111 or email@example.com. After this point the data will either be deleted or rendered anonymous.
Retention of data will normally be in line with statutory requirements, except where legitimate interest or best practice recommendations relevant to on-going provision of the charitable services dictate alternative periods, for example where an insurance company requires the retention of Member information for a period of 50 years in the event of an abuse claim.
We will keep a record of your name and email address on our ‘do not contact’ suppression list if you request that we do not send you direct marketing.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Social Media Platforms (e.g. Facebook or Twitter)
Any communication through external social media platforms that we participate on are subject to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. We will never ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact us by telephone or email.
Our website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
Through our social media platform accounts we may share web links to relevant web pages. By default some social media platforms shorten lengthy URLs (web addresses), this is an example: http://bit.ly/2GGZh1E. Users are advised to take caution and good judgment before clicking any shortened URLs published on social media platforms by us. Despite the best efforts to ensure only genuine URLs are published, many social media platforms are prone to spam and hacking and therefore we cannot be held liable for any damages or implications caused by visiting any shortened links.