PRIVACY STATEMENT for YMCA Dublin Service Users
Introduction: YMCA Dublin is a voluntary organisation that provides services to people of all ages with a focus on children, young people and their families. In order to provide these services we need to collect personal information from those who use them.
YMCA Dublin is a “Data Controller” and, as such, has a legal responsibility to ensure that you are aware of why it collects information and what it does with this information.
YMCA Dublin seeks to comply with its obligations under the General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
- Unless otherwise agreed with you, we will only collect personal data about you such as your name, address, telephone number, age and email address.
- We may collect information such as medical conditions and details of next of kin.
- We always ask for your consent to collect and store this information on a registration form.
- For some service users, we may ask you for your additional information such as your PPS Number or bank account details.
Why we need it?
- As a provider of services we need to know basic personal data in order, for example, to let you know when events take place or ensure that you are assigned to age appropriate groups.
- In order to ensure your personal safety while attending a YMCA service or programme, we may collect basic medical information such as information on allergies and medical conditions.
- We collect information on next of kin so that we can make contact with them in emergencies.
- We will always seek your consent to store personal information on you or your child.
What do we do with it?
All the personal data we hold about you will be processed by our staff either manually or using cloud-based computer systems. No other third parties will have access to your personal data unless there is a legal obligation for us to provide them with this (For example Pobal funding) or unless you have given us your express consent to share this information with them.
Please be aware that your personal information may be stored on a cloud-based system whose servers are located within the EU or in secured cabinets or in attendance books/sign in sheets which are kept in a designated place. We take all reasonable steps to ensure that your personal data is processed securely.
How long do we keep it?
This will vary depending on the type of information that is collected. The organisation has a data retention policy which provides a basis for deciding how long we store personal data and how we delete this information. A copy of our retention policy is available on request.