Introduction

This privacy notice explains how the North East Young Dads and Lads Project (“NEYDL”, “we”, “us”, “our”) collects, uses and protects your personal information. We are the data controller responsible for your personal information. This notice applies to all personal data we process during our charitable activities, whether collected directly from you or through our partners.

The type of personal information we collect:

Personal data means any information about an individual from which that person can be identified.

We currently collect from you (or a parent or carer if you are under 16 years of age) and process the following information about you :

1. Personal identifiers:

• Your name
• Date of birth
• Contact address
• Age and date of birth of your child(ren)
• Parent/Guardian contact details

2. Contact details:

• Telephone number(s)
• Email address

3. Characteristics:

• Gender
• Sexual orientation
• Disabilities
• Ethnicity
• Religious beliefs

4. Child protection/safeguarding/social services involvement

How we get the personal information and why we have it:

Most of the personal information we process is provided to us directly by you or your legal guardian for the following reasons:

• To access the services provided by the charity on a voluntary basis and ensure that the help and support you receive meets your self-identified needs.
• To evidence your progress and achievements overtime.
• To enable you to maintain contact with the charity.
• To enable you to contribute to new peer research, support and educational activities that improve outcomes for young fathers in our region.
• To support the charity in learning, evidencing, and evaluating the impact of the services we provide.
• For reasons of safeguarding, you or others from harm, or to protect against the commission/alleged commission of an offence.

We also receive personal information indirectly from other professionals (most often representing health, education, and social care services) in the following scenarios:

• To make a referral to the charity for the purpose of providing you with help and support having obtained your consent to do so.
• For reasons of safeguarding, you/others from harm, or to protect against the commission/alleged commission of an offence.

We may share this information with third parties only for reasons of safeguarding you/others from harm including to protect against the commission/alleged commission of an offence.

We may share your personal information with the following people to provide you with the services listed above or other services that you have requested to access from time to time:

• Pixel Buddy Limited
• Brown March and Bowman Ltd
• Inspired HR Group Ltd
• Thread Media (John Stafford)
• Throneware Ltd
• DGVA
• Nikki Rummer
• Funders
• Local Authorities

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may also share your personal information with the following organisations for safeguarding reasons where we consider on reasonable grounds that the disclosure is necessary to protect either you or someone else:

• Local Authorities
• NHS
• Police

How we use your personal data

Under the UK General Data Protection Regulation (UK GDPR), we must have a lawful basis to process your personal information. Depending on the circumstances, we may rely on one or more of the following lawful bases:

• Consent: where you (or your legal guardian) have given us clear consent to process your data for a specific purpose (e.g. use of imagery/audio).
• Contract: where processing is necessary for a contract we have with you, or to take steps at your request before entering into a contract.
• Legal obligation: where processing is necessary for us to comply with the law (e.g. safeguarding duties, charity law, tax obligations).
• Legitimate interests: where processing is necessary for our legitimate charitable interests, provided your rights do not override those interests.

International transfers

We do not routinely transfer your personal data outside the UK. If in future we need to transfer your data to a country outside the UK, we will ensure appropriate safeguards are in place (such as adequacy regulations or standard contractual clauses approved for UK use) so that your data remains protected to UK standards.

To access your personal information, please contact:

The Data Protection Officer
Email: dpo@neydl.uk and/or info@neydl.uk

How we store your personal information:

Your information is secured electronically on bespoke cloud-based data management system managed on the charities behalf by Throneware Ltd, and/or NEYDL’s cloud environment (Microsoft 365) protected by enterprise-grade encryption and cybersecurity controls (Sophos). Access to this data is strictly limited to authorised NEYDL staff and is protected by multi-factor authentication, via the charities work based laptops with appropriate firewalls, password protection, granular access controls and off-site database backups. People working for the charity will have security checks and suitable training before they can handle this information.

As a service beneficiary of the charity (e.g., someone who accesses support from NEYDL), once your involvement with the charity ends, the information we hold about you will be securely stored in an archive folder on the charities data management system described above. In normal circumstances, the information we hold about you and / or your child will be kept for a period of 3 years from the service end date. Where safeguarding procedures were initiated by the charity or a third party, the information we hold about you and / or your child will be kept until you / your child reaches the age of 25 (if you and / or your child were aged under 18 years when the safeguarding procedures began). However, if you and / or your children were aged over 18 years when safeguarding procedures began, the information we hold about you and / or your child will be kept for a period of 6 years from the service end date. Safe, full, and complete disposal of these records will then take place.

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, regulatory, accounting or safeguarding requirements. When deciding how long to keep your data, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use, the purposes of processing, and whether those purposes can be achieved by other means.

We limit access to your personal information to staff, volunteers and third parties who have a need to know. They will only process your information on our instructions and are subject to confidentiality obligations.

We have procedures in place to deal with any suspected personal data breach. In the unlikely event of a breach, we will notify you and the Information Commissioner’s Office (ICO) where we are legally required to do so.

Consent for Imagery (photos and video) and Audio recordings

NEYDL will review stored photos, video and voice recordings every 5 years and securely delete material that is no longer required and/or which is required to be deleted under the UK GDPR.

In accordance with the charity’s Data Protection Policy and Safeguarding Policies (Children and Vulnerable Adults), the charity will take steps to ensure that photos, video or voice recordings of children or young people are not taken without suitable prior consent and written permission. If you/the participant is under 16 years old, we will not capture and store your image and voice.

The charity will take appropriate steps to ensure that any photos, video or voice recordings collected are used solely for the purposes for which they are intended.

Where we rely on your consent to use photographs, video or voice recordings of you (or your child), you have the right to withdraw that consent at any time. To do this, you can email our Data Protection Officer as detailed above.

If you withdraw your consent, to the extent reasonably achievable we will stop using your image or recordings in any future materials. But note that copies in the hands of third parties or on websites/social media not within our control may continue to make the content available. We will also securely delete or anonymise any stored copies within a reasonable period, except where the material has already been lawfully published, used in printed publications, or is required to be retained for legal or safeguarding reasons.

Withdrawal of consent will not affect any use of your image or recordings that has already taken place before your request.

Your Rights

You have the following rights in relation to your personal data:

• Access: to request a copy of the personal data we hold about you.
• Correction: to request correction of incomplete or inaccurate data.
• Erasure: to request we delete your data where there is no good reason for us to keep it.
• Restriction: to request we suspend processing of your data in certain circumstances.
• Objection: to object to processing where we rely on legitimate interests, or to object to direct marketing.
• Portability: to request transfer of your data to you or another party in a structured, commonly used format.
• Withdraw consent: where processing is based on consent, you can withdraw that consent at any time.

If you wish to exercise any of these rights, please contact our Data Protection Officer (details above).

Complaints

If you have concerns about how we handle your personal data, please contact us in the first instance. You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection (www.ico.org.uk)

Changes to this privacy notice

We may update this notice from time to time. The latest version will always be available on our website. Please check periodically for updates. It is important that the personal data we hold about you is accurate and current, so please let us know if your details change.

Third-party links

Our websites may include links to third-party websites, plug-ins or applications. Clicking on those links may allow third parties to collect or share data about you. We are not responsible for the privacy practices of those websites. We encourage you to read their privacy notices.