For the purposes of this Privacy Notice, references to "YUAF", "we", "us", or "our" refer to The Young Urban Arts Foundation Limited. References to "the Website" refer to https://www.yuaf.org/ and related Websites and applications, and “Personal Data” means all information relating to an identifiable person who can be directly or indirectly identified by reference to the information.
YUAF is committed to respecting and protecting the accuracy, confidentiality and security of your Personal Data. We want you to feel secure when using the services we offer and when visiting the Website. This Privacy & Cookies Notice sets out our policies concerning the collection, use, disclosure and protection of Personal Data we receive, as well as the types of cookies that we use on our Website.
Purposes and Legal Bases for Collecting Personal Data
YUAF collects, uses and discloses Personal Data for the following purposes:
to develop, manage, and deliver our programmes
to ensure high standards of service to beneficiaries
to respond to enquiries and fulfil requests – such as sign-ups for programmes, donations, competition entries, participation in campaigns and research, and provision of information
to process sales transactions, donations, or other payments and verify financial transactions
to comply with charity law and other regulations
to identify visitors and contributors and ensure that facilities and practices are maintained
to communicate with our supporters and customers, including marketing and promotion (where this is in accordance with applicable law)
to carry out research and analysis on the demographics, interests, behaviour, responses and feedback of our users and supporters to help us gain a better understanding of them and to enable us to improve our service
to provide a personalised service to you when you visit our Websites – this could include customising the content and/or layout of our pages for individual users along with email personalised to an individual’s interests or location, where appropriate
YUAF’s legal basis for collecting, using and disclosing Personal Data will depend on the Personal Data concerned and the specific context in which we collect it, including:
Where you have given us consent. YUAF collects, uses and shares your Personal Data for the purpose of marketing to you, where you have given YUAF consent to do so. At any time you can easily withdraw your consent to YUAF marketing to you by emailing email@example.com or by following the unsubscribe instructions provided in the email or other communication that you receive from YUAF.
Where the processing is necessary. We collect, use and share your Personal Data where such information is essential to provide the services to you. You are under no obligation to provide such Personal Data to us. However, you might not be able to use access and/or use some or part of the services if you choose to withhold Personal Data that is required for those services. In other circumstances, we may be legally required to collect, use and share your Personal Data. For example, in connection with the prevention, detection or investigation of a crime or fraud. Where we process your Personal Data in order to comply with our legal obligations, we may need to retain such information in order to demonstrate that we have complied with our legal obligations.
Where we have legitimate interests in the processing. We collect, use and share your Personal Data where such processing is necessary for our legitimate interests, unless we determine that those interests are overridden by your interests or your fundamental rights and freedoms. By way of example, YUAF has determined that it has legitimate interests in improving and modifying the services that we provide.
SHARING PERSONAL DATA
We will only share your information if:
we’re legally required to do so, for example by a law enforcement agency legitimately exercising a power or if compelled by an order of the court;
we believe it’s necessary to protect or defend our rights, property or the personal safety of our people or visitors to our premises or Websites;
we’re working with carefully selected partners that are carrying out work on our behalf, such as our funders, our partners, mailing houses, marketing agencies, IT specialists and research firms.
We will only pass Personal Data to a third party if we have signed a contract or agreed to terms of service that require them to abide by the requirements of the UK retained EU law version of the General Data Protection Regulation and successive legislation and treat your information as carefully as we would only use the information for the purposes for which it was supplied.
STORING YOUR INFORMATION
Information is stored by us on computers located in the UK. In addition, we may process your data in other countries both within and outside the European Union and the European Economic Area but only where tightly controlled by appropriate contractual arrangements. We may also store information in paper files.
We place great importance on the security of all information. We have security measures in place to protect against the loss, misuse and alteration of data under our control. Unfortunately, the transmission of data across the internet is not completely secure. Whilst we do our best to try to protect the security of your information, we encourage the safe sharing of data across the internet and advise that care is taken when sending personal, or sensitive data over a public connection.
HOW LONG WE KEEP YOUR PERSONAL DATA
We will keep your information only for as long as we need it to provide you with the goods, services or information you have required, to administer your relationship with us, to inform our research or the preferences of our supporters or to comply with the law. When we no longer need information, we will always dispose of it securely.
Some Personal Data we hold is retained to fulfil statutory obligations, for example there is an HMRC requirement to retain of Gift Aid declarations for a set period of 6 years. In these instances, the legal obligation is our lawful reason for continuing to retain the data and this cannot be overridden by an objection from you. However, for processing which we carry out on the basis of consent you have given us, you have the right to withdraw your consent to any particular usage of your data at any time.
The UK retained EU law version of the General Data Protection Regulation gives you certain rights over your data and how we use it. These include the right to:
access to the Personal Data we hold about you, known as a subject access request
object to our processing (automated or otherwise) of your Personal Data
object to your information being used for marketing purposes
restrict the processing of your Personal Data
obtain a copy of your Personal Data in a portable format so that you can reuse it
rectify your Personal Data if you believe it is incorrect – we want to ensure that all information we hold about you is accurate and up-to-date so please do let us know if anything changes
request the erasure of your Personal Data (please note that in certain circumstances we may need to retain your data for a specified period to comply with our legal obligations).
If you make a request relating to any of the rights listed above, we will consider each request in accordance with all applicable data protection laws and regulations. No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be excessive in nature.
If you wish to exercise any of these rights please contact YUAF in writing at YUAF, Railway Arches, Concordia Business Enterprise, 420-421 Burdett Rd, London E3 4AA, United Kingdom or by emailing firstname.lastname@example.org
You can find more information about your rights under data protection legislation from the Information Commissioner’s Office at www.ico.org.uk.
You also have the right to make a complaint to the ICO (www.ico.org.uk/concerns/) about the manner in which we process your Personal Data.
If you are located in the European Union
Please note that in the event that we process personal data relating to individuals in the European Union we will also be subject to the General Data Protection Regulation (not just the UK retained EU law version of the General Data Protection Regulation). In those cases you would also have the right to make a complaint regarding our processing of your Personal Data to another GDPR supervisory authority.
Cookies are used on our site to ensure that we give you the best experience on our Website. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies on our Website.
Some cookies are essential so you can move around the Website and use its features. Without these cookies, some services you’ve asked for can’t be provided. These cookies don’t gather information about you that could be used for marketing or remembering where you’ve been on the internet.
What are cookies and how do they work? Cookies are small bits of text that are downloaded to your computer or mobile device when you visit a Website. Your browser sends these cookies back to the Website every time you visit the site again, so it can recognise you and can then tailor what you see on the screen.
Necessary cookies Certain cookies are necessary in order for you to use our Websites. These are used ‘in-session’ each time you visit and then expire when you leave the site. They’re not stored on your computer and they don’t contain any Personal Data. However, you can delete them via your browser if you wish to, but this will restrict the functions that you’re able to carry out on our sites.
Session cookies These enable you to carry out some essential functions on our sites, such as maintaining log in details for the session or a transaction. They also help by minimising the need to transfer information across the internet. They are not stored on your computer and they expire when you terminate your browser session or logout of certain areas.
Secure cookies A secure cookie is only used when a browser is visiting a server via HTTPS, ensuring that the cookie is always encrypted when transmitting from client to server. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
Persistent cookies These are used to persist a user’s preference across e.g. setting items such as the open status of the carousel, and remain until the expiry date and time set by the web server (or otherwise manually deleted by the user).
Analytics We like to keep track of what pages and links are popular and which ones don’t get used so much to help us keep our sites relevant and up to date. It’s also very useful to be able to identify trends of how people navigate (find their way through) our sites and help us provide a more friendly solution.
Managing your cookies You’ll find more information about cookies at www.allaboutcookies.org, which gives details on how to delete cookies from your computer. For information on how to do this on your mobile phone browser, please see your handset manual.
YUAF may update this Privacy & Cookies Notice from time to time.
Version 1.2 March 2021