Youth 2000 Charitable Trust Privacy and Data Protection Policy
1. Introduction
1.1 We are Youth 2000 (charity number 1000371). We operate as Youth 2000 Charitable Trust and our registered office is ELMHAM HOUSE, Friday Market Place, Walsingham, Norfolk, NR22 6EG. We are committed to protecting and respecting your privacy.
1.2 This Privacy and Data Protection Policy (and any other documents referred to in it) sets out the basis on which we will process and use any personal data about our donors, potential donors, retreat attendees, patrons, and volunteers (together “individuals”) to our website www.youth2000.org that we collect from them, that they provide to us, or that we collect from third parties. Please read this Privacy and Data Protection Policy carefully to understand our practices regarding these individuals’ personal data and how we will treat it.
1.3 For the purpose of the Data Protection Act 1998, (the “DPA”) and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (the “GDPR”), we are the data controllers and are located at elmham house, Friday Market Place, Walsingham, Norfolk, NR22 6EG.
1.4 We comply with the DPA and will comply with the GDPR once this becomes applicable from 25 May 2018 in respect of the collection, holding, storage, use, and processing of personal data about our individuals (such personal data is held in both manual and electronic records).
1.5 We may make changes to this Privacy and Data Protection Policy from time to time. If we do so, we will post the changes on this page and they will apply from the time we post them. Individuals should check back frequently to see any updates or changes to this Policy. This Privacy Policy was last updated on 23 May 2023.
2. What we collect
2.1 Personal data
(a) We collect and use the following types of personal data about our
individuals:
(i) personal information such as
• name;
• postal address;
• phone numbers (home, work and mobiles as applicable);
• email address(es);
• contact preferences;
• information given when registering to use or completing forms on our
websites;
• information given when registering for a ‘My ChurchSuite’ account;
• information given when registering for any Youth 2000 event;
• information on donations made;
• information that our individuals give us – for example when making
donations, such as bank account details for setting up regular direct
debits, credit card details for processing credit card payments,
employer details for processing a payroll gift, or taxpayer status for
gift aid purposes;
• information given when using our websites; and
functions or on our websites.
(ii) the marketing preferences of our individuals and whether and when
consent to receive marketing communications has been given or
withdrawn.
(iii) correspondence between individuals and ourselves (whether by
telephone, e-mail or otherwise).
(b) We also collect and use certain technical information about our
individuals’ visits to our websites which may include, for example, internet
protocol (“IP”) addresses, login information, browser type and version,
pages accessed, files downloaded, full Uniform Resource Locators,
(“URLs”), clickstream to, through and from the websites (including date and
time), products viewed or searched for, page response times, download
errors, length of visits to certain pages and page interaction information
(such as scrolling, clicks and mouse-overs).
(c) We collect some of the personal information set out above directly from
individuals and some from third parties (for example, we may receive
personal information from individuals when they make a donation to us
through a third-party website, such as Just Giving or GoCardless, and the
individual has given the third-party website permission to share information
with us).
(d) We collect some of the personal information set out above directly from
event attendees and some from third parties (for example, we may receive
personal information from event attendees when they register to attend an
event through a third-party website, such as Eventbrite or JotForm, and the
event attendee has given the third-party website permission to share information with us).
(e) Individuals don’t have to disclose personal data to us to browse the
websites or to use our social media sites, but individuals do need to provide
us with certain personal data in order for us to provide them with certain
services.
(f) The safety of children is very important to us. We do not knowingly
collect the personal data of those who are under 16 years old without the
consent of their parent or guardian. If you are under 16 please call us on
07393 738198 for further information.
3. Website Cookies
What are cookies?
3.1 A cookie is a small file which is placed on your computer by a site when you visit it. Basic cookies contain the site name and a unique user ID. The next time you visit that site, your browser checks to see if it has a cookie for it and sends the information contained in that cookie back to the site. The site then ‘knows’ that you have been there before, and can, for example, tailor your experience of the site. More sophisticated cookies allow you to do other things, like create accounts on a site or use an online shop.
3.2 Our websites use cookies to distinguish an individual from other users
of the websites and to help us to provide individuals with a good experience
when they browse our websites. Cookies also allow us to improve our
websites.
Essential cookies
3.3 Some of the cookies we place on your computer allow you to do important things on our site, like create an account, log in and out, use our online shop and post contributions. These facilities will not work without cookies.
Google re-marketing cookie
3.4 We use a cookie to track you on other sites and show adverts to you based on where you have visited on our site. We do this to remind you of our services in case you wish to come back and buy them. We only use these cookies for 30 days after your last visit to our website. We do not control these cookies, so these will be unaffected by the choice you make today. You may opt out of the use of cookies by visiting Google advertising opt-out page. Find out more about Google and its policies and principles as regards advertising.
Non-essential cookies
3.5 Google Analytics cookies help us to improve your experience of our site but are not essential to its basic functioning. We use these cookies to collect non-personal information about your computer, including, where available, your IP address, operating system and browser type, for system administration purposes and to measure our effectiveness. They also enable us to estimate our audience size and usage patterns. This is statistical data about our users' browsing actions and patterns and does not identify any individual.
3.6 We use also cookies to help us deliver a better and more personalised service. If you are a registered member and you log in, they allow us to:
store information about your preferences, enabling us to customise our site according to your individual interests
speed up your searches
recognise you when you return to our site.
Third party cookies
3.7 Facebook, Twitter and LinkedIn cookies are examples of ‘third party’ cookies on our site. If you click a function on our website that is associated with these parties (e.g. to share or tweet a piece of information), they will place cookies on your computer. We do not take responsibility for these cookies, as to make use of these functions you will have already accepted the terms and conditions of use with the relevant party.
3.8 We embed videos on our site using Youtube, which sets cookies on your computer once you click on the video player. As you do not have to sign up to Youtube first in order to play these videos, you will not have accepted their terms and conditions. We do not take responsibility for these cookies; to find out more please visit Youtube's privacy policy
Can I refuse cookies?
3.9 Yes. You can use a setting on your browser which allows you to refuse to accept cookies. However, if you select this setting you will be unable to use certain parts of our site and it may not work smoothly.
3.10 Different browsers have different instructions for managing cookies and you may also be able to accept certain cookies and not others. For example, you may be able to refuse third party cookies.
3.11 If you'd like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.
Beyond this, we will only share individuals’ personal data if:
(a) we are working with partners whom we have carefully selected to carry
out work on our behalf, such as service providers and sub-contractors (for
example, IT services providers and providers of technical, payment and
delivery services) to perform any contract we enter into with them. The
kind of work we may ask them to do includes processing, packaging,
mailing and delivering purchases, answering questions about us and any
services we provide, carrying out research or analysis to assist us in our
mission and processing credit card payments.
We only choose partners we trust and only pass personal data to them
where they have undertaken to keep your personal data secure. We do not
allow these partners to use your data for their own purposes or disclose it
to other third parties and we will take all reasonable care to ensure that
such partners keep your data secure; or
(b) we are legally required to do so e.g. by law or by an order of a court of
competent jurisdiction; or in order to enforce or apply our terms of use or terms and conditions of sale and supply and other agreements; or to protect the rights, property, or safety of Youth 2000, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction or
(c) there is a medical emergency in which an individual’s personal
information must be shared for the their health and/or wellbeing.
(d) Youth 2000 is acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
We will not sell individuals’ information. We will not share individuals’
information with other organisations other than as stated above.
6. Legal basis for processing
We rely on various legal bases to justify our processing of individuals’
personal data. Further details of these are set out below.
(a) The individuals have given their consent to the processing of their
personal data for the specific purposes mentioned above. The individuals
may withdraw their consent to this processing at any time by contacting us
using the contact details set out in the “Contact and complaints” section of
this Privacy and Data Protection Policy below, but this will not affect the lawfulness of any processing of their personal data which was carried out before they
withdrew their consent.
(b) The processing is necessary for our legitimate interests. These
legitimate interests include processing, packaging, mailing and delivering
purchases, answering questions about us and any services we provide,
carrying out research or analysis to assist us in our mission and processing
credit card payments.
(c) The processing is necessary to perform a contract to which the relevant
individuals are parties or to take steps that they have asked us to take
before entering into a contract, such as registering for an event which we
are hosting or purchasing an item of Youth 2000 merchandise.
(d) The processing is necessary for us, as the data controller, to comply
with our legal obligations, such as sharing personal data where we are
legally required to do so e.g. by law or by an order of a court.
7. Where we transfer and store
7.1 The personal data that we collect from individuals may be transferred to
and/or stored at destinations outside the UK, but within the European
Economic Area, (the “EEA”). As such, adequate protection for such
personal and sensitive personal data will be ensured. We will take all steps
reasonably necessary to ensure that individuals’ personal data is treated
securely and in accordance with this Privacy and Data Protection Policy and applicable law.
7.2 All information that individuals provide to us is stored on our secure
servers and/or on the servers of our suppliers who we have engaged to
host various IT systems for us. Any payment transactions will be encrypted
using TLS technology. Where we have given individuals (or where they
have chosen) a password which enables them to access certain parts of
our websites, they are responsible for keeping this password confidential.
We ask them not to share this password with anyone.
7.3 Unfortunately, the transmission of information via the internet is not
completely secure. Although we will do our best to protect individuals’
personal data, we cannot guarantee the security of data transmitted to our
websites; any transmission is at individuals’ own risk. Once we have
received personal information, we will use strict procedures and security
features to try to prevent unauthorised access.
7.4 Our mission is to provide opportunities of growth and deepening in the
Catholic faith for young adults. These opportunities include prayer,
friendship, formation, fellowship, music, and entertainment. These
opportunities require people to offer money, goods, skills, time, or prayer,
and through this, enable us to deliver our mission with consistency and
growth. We will keep individuals’ information only for as long as they
engage with us in any of the above ways, and only as long as we need it:
(a) to administer their relationship with us;
(b) to comply with the law; or
(c) to ensure we do not communicate with individuals who have asked us
not to.
To assist us in this process we will review on a regular basis the personal
data of individuals that we collect and hold to ensure that such data is only
kept for an appropriate length of time.
8. Individuals’ rights
8.1 Individuals have certain rights in respect of the personal data that we
hold about them. To exercise any of the rights set out below, please contact
us using the contact details set out in the “Contact and complaints” section
of this Privacy and Data Protection Policy below:
(a) Access. We will confirm to individuals whether or not we are processing
and using personal data about them, at their request and, if so, provide
them with access to and a copy of such personal data and the other details
to which they are entitled.
(b) Rectification. We will correct any inaccurate personal data and complete
any incomplete personal data (including by providing a supplementary
statement) that we hold about individuals without undue delay at their
request.
(c) Prevention of processing likely to cause damage or distress. We will
respect our individuals’ rights to require us to cease or not to begin
processing their personal data for a specific purpose, or in a specific way,
that is likely to cause unwarranted damage or distress, either to the relevant
individual or a third party.
(d) Erasure. We will erase personal data concerning an individual at their
request without undue delay in certain circumstances, (for example, among
other things, if their personal data is no longer needed for the purposes for
which it was collected or otherwise used).
(e) Restriction. We will restrict the processing of individuals’ personal data
in certain circumstances (for example, among other things, if they believe
that their personal data held by us is inaccurate), if requested by them to
do so.
(f) Data portability. We will respect the rights of individuals to receive
personal data about them that they have provided to us in a structured,
commonly used and machine-readable format and to transmit such
personal data to another data controller without hindrance from us in
certain circumstances.
(g) Right to object. We will respect the general rights of individuals to object
to the processing of their personal data in certain circumstances.
(h) Right to object to marketing. We will respect individuals’ rights regarding
use of their personal data for direct marketing purposes. In particular, we
will not begin or we will cease processing any personal data of individuals
for direct marketing purposes if at any time individuals ask us not to do so.
(i) Automated individual decision-making, including profiling. Where
requested, we will not make decisions based on automated processing, including profiling and we will ensure that you can always obtain a review by one of our staff members of any automated decisions and are able to express your point of view and contest any such decisions. We will not make any automated decisions based on sensitive personal information unless we have obtained your explicit consent to do so, or this is otherwise necessary for substantial public interest reasons based on applicable law.
8.2 We will process all personal data in line with individuals’ rights in each
case to the extent required by and in accordance with applicable law only
(including, without limitation, in accordance with any applicable time limits
and requirements regarding fees and charges).
8.3 We will respect individuals’ rights regarding use of their personal data
for direct marketing purposes. In particular, we will not begin or we will
cease processing any personal data of individuals for direct marketing
purposes if at any time an individual asks us to stop.
8.4 individuals can exercise their rights by contacting us using the contact
details set out below in the “Contacts and complaints” section of this
Privacy and Data Protection Policy.
8.5 The DPA gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
Disclaimer
8.6 Our site may contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that
they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
9. Contact and complaints
9.1 Questions, comments, requests or complaints regarding this Privacy and Data Protection Policy and/or our use of individuals’ personal data should be addressed to
9.2 If individuals have any complaints regarding this Privacy and Data Protection Policy, they may also contact the UK Information Commissioner by telephone on 0303 123 1113 or at www.ico.org.uk/
9.3 We are not a ‘public authority’ as defined under the Freedom of
Information Act 2000 and we will not therefore respond to requests for
