Youth Active Logo

Youth Active – Data Protection Policy

About This Policy

Youth Active is committed to protecting the personal data of every individual we work with—including young people, staff, volunteers, partners, and supporters. This policy explains how we collect, manage, use, and protect personal data in line with our legal responsibilities under:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018

Our commitment is to handle personal data lawfully, fairly, and transparently, and to ensure the privacy and rights of individuals are always respected.

Why This Policy Exists

  • Ensure that Youth Active complies with data protection law and follows best practices
  • Protect the rights of everyone whose data we hold
  • Explain how we collect, store, and use personal data
  • Reduce the risk of data breaches and maintain trust with our communities
  • Ensure transparency and accountability in our handling of personal data

Scope of This Policy

This policy applies to:

  • All staff, volunteers, and young workers
  • The Board of Directors and management
  • All programmes and services delivered by Youth Active
  • Contractors, suppliers, and third-party service providers who work with us

It covers all personal data relating to identifiable individuals, regardless of format (electronic, paper-based, audio/video, etc.).

Types of Personal Data We Collect

We collect and process personal information for specific purposes, and we only collect what is necessary. The table below outlines the types of personal data we collect, how we use it, and the legal basis for doing so.

Personal InformationHow We Use ItLegal Basis
Name, address, date of birth, emergency contact, hobbies, and interestsTo register individuals as members, deliver youth programmes, and ensure safety and wellbeing during activitiesNecessary to perform our contract with you (or, for under-18s, our legitimate interest to run youth programmes safely and effectively)
Health and medical informationTo ensure we can provide a safe environment and respond appropriately to health needsExplicit consent or vital interest (where necessary to protect life or wellbeing)
School/education/employment detailsTo support career pathways, training, and personal development activitiesLegitimate interest and with your consent
Photos and videosTo promote our work (e.g. on our website, social media, reports)Consent (obtained separately)
Volunteer application data, DBS checksTo recruit and manage volunteers safely and responsiblyLegal obligation and legitimate interest
Contact details of parents/carers (for under-18s)To communicate regarding attendance, emergencies, or concernsLegitimate interest and safeguarding requirements

We do not sell or share personal data with third parties for marketing purposes.

Principles of Data Protection

  • Personal data is collected and used lawfully, fairly, and transparently
  • Data is used only for clear and legitimate purposes
  • Data is adequate, relevant, and limited to what is necessary
  • Data is accurate and kept up to date
  • Data is not kept longer than necessary
  • Data is stored securely, with appropriate safeguards
  • Data is not transferred outside the UK/EEA without proper protection

Our Responsibilities

  • The Board of Directors has overall responsibility for ensuring compliance.
  • Our Data Protection Officer, oversees the implementation of data protection policies and practices.
  • All staff and volunteers are responsible for protecting personal data in their care and following data protection procedures.

How We Protect Your Data

Paper-Based Data

  • Stored in locked cabinets or drawers
  • Access limited to authorised staff
  • Shredded when no longer needed

Electronic Data

  • Stored on secure, password-protected systems
  • Access controlled based on role
  • Backed up regularly
  • Regularly reviewed and deleted when no longer needed

Data Accuracy

We take steps to ensure personal data is accurate and up to date. If your information changes (e.g. new address or emergency contact), please inform us so we can update our records promptly.

Your Rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data where appropriate
  • Object to how we use your data
  • Withdraw consent at any time (where applicable)
  • Complain to the Information Commissioner’s Office (ICO) if you believe your data has been misused

Accessing Your Data (Subject Access Requests)

You can request access to the personal data we hold about you by emailing the Data Protection Officer at:

📧 info@youthactivecic.org.uk

We will respond within one calendar month. In most cases, there is no fee. However, we may charge a reasonable fee if the request is excessive or repeated.

Data Sharing and Disclosure

  • It is necessary to fulfil a legal or safeguarding obligation
  • We have your explicit consent
  • It is required to protect the vital interests of a child or vulnerable individual
  • It is required by law (e.g. for law enforcement)

We will always ensure that any third parties we work with meet our data protection standards.

How We Communicate This Policy

  • What personal data we collect and why
  • How long we keep it
  • How it is kept safe
  • What rights individuals have over their data

Questions or Concerns

If you have any questions about how your data is used, or you wish to exercise your rights, please contact:

Data Protection Team
📧 info@youthactivecic.org.uk
📞 +44 7757 100048