The York Unlocked organisation collects a limited amount of data from supporters and customers to enable services to be provided and news and events information to be shared.
This policy sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used.
Please be assured that when you provide your personal data, we will keep your information confidential, will only ask for enough information to enable us to provide the service you requested and we will only do exactly what we said we would do with it. At all times, we adhere to the core principles of the Data Protection Act (DPA) 2018 and UK GDPR that the data that we collect is “Adequate, Relevant and Limited” for the purposes that we collect it. If your information is either inaccurate and you would like us to amend it or change how we use it, then please let us know and we will do so as soon as is practicable.
We never share your data with others, nor do we store it or use it outside of the United Kingdom, and at an appropriate time we will confidentially dispose of your data after fulfilling the purpose that we originally collected it for.
We may have to change the privacy policy at intervals; however, we expect to review it every 2 years. If you have queries about this policy or your personal information, then please contact the Data Protection Contact (see below).
York Unlocked has a Data Protection Contact for the purposes of the EU General Data Protection Regulation.
The Data Protection Contact is Simon Bramfitt who can be contacted via info@york-unlocked.org.uk
York Unlocked fully supports ‘the spirit and the letter’ of data protection as follows:
Data Collection Is “Adequate, Relevant and Limited”. At each point of data collection, it is our policy to advise you (the data subject) of what information we are collecting and why, what we intend to do with it, how we hold it and for how long, and how you can amend it, change its use or gain access to it as necessary.
The type and amount of information we collect depends on why you are providing it. Data Protection sets out a number of different reasons for an organisation to legitimately collect and process data, we use the following methods:
We collect personal data when you provide it to us to subscribe to information services or make bookings.
This is usually to enable us to maintain contact with you, so is typically in the form of name, address, telephone or email and if you are booking fee-based services this will include your payment information (e.g. credit and debit card details). We would also then retain this information to fulfil tax and legal requirements.
We collect personal data:
Only trained staff members or volunteers process your personal information if the Centre is contacted and enquiries and bookings are taken directly.
In today’s growing online accommodation industry, many bookings are made via third parties (e.g. eventbright.com). In these circumstances, the booking agent usually holds the primary relationship with you and York Unlocked is a secondary processor of personal data. In this circumstance your booking information is securely forwarded by the third party to York Unlocked who manages access. These bookings are received securely and processed with exactly the same care as if the booking was taken directly as outlined in this policy.
Staff members are trained to be compliant with Data Protection guidelines by adopting the following procedures:
We appreciate it if you let us know if your contact details change. Please contact the department that you originally supplied your personal data to, or if experiencing any difficulty, the Data Protections contacts.
Our approach is to hold your information for as little time as possible, however for contact and taxation reasons this is usually for as long as the relevant activity requires it. For example, for donations we have a statutory obligation to retain information for 6 years for tax purposes, however we only retain personal data for bookings for a year.
If you are unhappy with the way in which we have processed or dealt with your information then please contact your Data Protection Contact who will seek to rectify your complaint immediately. You can also complain to the Information Commissioner’s Office on 0303 123 1113.