CYE-CYL
CYE-CYL
  • Home
  • What We Do
    • Summer Challenge
    • Travel with a Purpose
    • Innovation Hub
  • Blog
  • Meet the Team
  • Sponsors
  • Contact Us
  • DONATE
  • Privacy Policy

Privacy Policy

THIS PRIVACY NOTICE APPLIES ONLY TO SITUATIONS WHERE THE GENERAL DATA PROTECTION REGULATION (GDPR) AND RELATED EUROPEAN DATA PROTECTION LAWS GOVERN THE WAY CYE-CYL HANDLES, OR “PROCESSES”, YOUR PERSONAL DATA. THESE LAWS ARE MOST LIKELY TO APPLY WHENEVER A COMPANY IS ESTABLISHED IN EUROPE OR HANDLES THE PERSONAL DATA OF INDIVIDUALS WHO ARE LOCATED IN EUROPE.

THIS NOTICE DOES NOT APPLY TO OUR HANDLING OF YOUR PERSONAL DATA IN THE HUMAN RESOURCES CONTEXT. A SEPARATE PRIVACY NOTICE APPLIES TO THESE SITUATIONS AND IS AVAILABLE FROM THE CYE-CYL HUMAN RESOURCES DEPARTMENT.

IF THIS NOTICE DOES APPLY TO HOW CYE-CYL HANDLES YOUR PERSONAL DATA, PLEASE READ IT CAREFULLY BECAUSE IT PROVIDES IMPORTANT INFORMATION AND EXPLAINS YOUR RIGHTS. IF THIS NOTICE DOES NOT APPLY TO HOW WE PROCESS YOUR PERSONAL DATA AND YOU HAVE RELATED QUESTIONS OR CONCERNS, WE INVITE YOU TO CONTACT US BY ANY OF THE METHODS LISTED AT THE BOTTOM OF THIS DOCUMENT.

Who are we?

We, CYE-CYL Ltd., Registered Charity No: 299
We use your information as further explained in this Privacy Notice and will be the “controller” of the personal information you provide to us.

Our website may link to other websites operated by third parties, which will have their own privacy notices and terms.

What does this Privacy Notice cover?

We at CYE-CYL take your personal data seriously. This policy:

  • sets out the types of personal data that we collect about you;
  • explains how and why we collect and use your personal data;
  • explains how long we keep your personal data for;
  • explains when, why and with who we will share your personal data;
  • sets out the legal basis we have for using your personal data;
  • explains the effect of refusing to provide the personal data requested;
  • explains where we store your personal data and whether we transfer your data outside of the European Economic Area;
  • explains the different rights and choices you have when it comes to your personal data; and
  • explains how you can contact us.

What personal data do we collect about you?

We will collect certain personal information about you in the course of your relationship with us.

This information may include your name, date of birth, contact and financial details and service preferences, how you use our websites, and, if you visit one of our facilities, information collected using CCTV cameras.

In exceptional cases, we may also collect and process sensitive personal data about you, in the form of health information, but only where you have given your explicit consent or doing so is necessary for the provision of medical care as determined by your medical care provider.

Where do we collect personal data about you from?

We may collect personal data about you from the following sources:

  • Directly from you. This is information you provide to us.
  • From a guardian or third party acting on your behalf.
  • Through publicly available sources such as LinkedIn, The Meta Group, TikTok, X (Twitter), or even by word of mouth.
  • Using CCTV cameras. We may have cameras on premises, in which case your image and movements will be recorded while you are on our sites or premises.

How and why do we use your personal data?

We use your personal data for the following purposes:

  • to contact you to discuss the services you receive from us and any changes to them;
  • to contact you following a competition you entered;
  • to respond to any questions or concerns you have raised;
  • to deal with administrative matters such as invoicing and renewal;
  • to otherwise carry out our obligations arising under our contract with you and to enforce the same;
  • to provide you with training and education;
  • to carry out anti-money laundering and other compliance checks and controls;
  • to verify your identity; and
  • for purposes of safety and security while you enrol one of our programmes.

We will not use your information for any other unrelated purposes unless we are required to do so by law.

How long do we keep your personal data?

How long we keep your information will depend on the purpose for which we use it.

We only keep your information for as long as is reasonably necessary for the purposes set out in this Privacy Notice and to fulfil our legal obligations.  We have internal rules that set out how long we retain information. 

Who do we share your personal data with?

Your personal data may be shared with third parties who perform functions on our behalf and who also provide services to us, such as professional advisors and function co-ordinators.

Where required we share your personal information with third parties:  to comply with a legal obligation; when we believe in good faith that an applicable law requires it; at the request of governmental authorities conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, visitors to the our website, our charity or the public.

These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.

No other third parties have access to your information unless we specifically say so in this Privacy Notice or the law requires it.

What legal basis do we have for using your personal data?

We process your information:

  • to be able to provide you with services in line with our CYE-CYL policies.
  • as is necessary for the performance of the contract with you or to take steps at your request prior to entering into this contract.
  • to comply with the legal obligations applicable to us.
  • to protect your vital interests or the vital interests of a third party.
  • as is necessary for us to carry out any official functions or tasks carried out in the public interest.
  • as is necessary in pursuit of our legitimate interests in operating our charity and providing services, and this may include profiling activities on the personal data we maintain. Although there is some risk with this type of activity, we’ve implemented protections and on balance conclude that the risk to an individual’s data protection rights is outweighed by the significant benefits in the personal data processing carried out in pursuit of our legitimate interests. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests. More information on this right and on how to exercise it is set out below.

If we are notified of any health or disability details, then this may involve the processing by CYE-CYL of more detailed personal data including sensitive data such as the health information that you or others provide about you. In that case we may rely on additional legal bases to process this type of personal data and may ask for your consent before undertaking such processing.  You have the right to withdraw your consent at any time. More information on this right and how to exercise it is set out below.

If there are any circumstances where we feel we need to process data in a way that is not consistent with these bases, we will provide you with an updated notification or seek your express consent if necessary.

What happens if you do not provide us with the information we request or ask that we stop processing your information?

We have statutory and contractual obligations that require us to process your information. If you don’t provide the information requested, we may not be able to perform our services for you.

Do we make automated decisions concerning you?

No, we do not carry out automated decision making or automated profiling.

Do we use Cookies to collect personal data on you?

To provide better service to you on our websites, we and our service providers use cookies to collect your personal data when you browse. When you visit our web site for the first time you will be able to learn more about the types of cookies we use and the choices you can make about them.

What about marketing?

CYE-CYL may like to contact you from time to time about our new programmes.  You can always unsubscribe or opt out of these communications at any time, and instructions for doing so will be included within each message you receive.

Where do we store your personal data? Do we transfer your personal data outside the EEA?

All information you provide to us is stored securely on the servers of our service providers, which are located within the European Economic Area (EEA) or in the U.S. and other countries.  Where possible, we try to process your information only within the EEA.

If we or our service providers transfer personal data outside of the EEA, we always require that appropriate safeguards are in place to protect the information when it is processed.

As we do have operations based outside of the EEA, we will put in place safeguards to protect personal data processed in or accessed from these locations. You can obtain a copy of the safeguards in place for such transfers by contacting us using the details at the end of this Privacy Notice.

How do we keep your personal data secure?

We ensure the security of your personal data by processing it in accordance with appropriate technical and organizational measures. We also take steps to ensure all our agents and partners provide adequate levels of security.

What rights do you have in relation to the personal data we hold on you?

By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.


What does this mean?

1. The right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Notice.

2. The right of access

You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Notice).

This is so you’re aware and can check that we’re using your information in accordance with data protection law.

3. The right to rectification

You are entitled to have your information corrected if it’s inaccurate or incomplete.

4. The right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.

5. The right to restrict processing

You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

6. The right to data portability

You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.

7. The right to object to processing

You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).

8. The right to lodge a complaint

You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.

9. The right to withdraw consent

If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.

How can you make a request to exercise your rights?

To exercise any of the rights above, or to ask a question, contact us using the details set out at the end of this Privacy Notice.

How will we handle a request to exercise your rights?

We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request, but if the request is going to take longer to deal with, we’ll come back to you and let you know.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

  • baseless, excessive, or repeated requests, or
  • further copies of the same information.

Alternatively, the law may allow us to refuse to act on the request.

How can you contact us?

If you have questions on the processing of your personal data, would like to exercise any of your rights, or are unhappy with how we’ve handled your information, please contact us info@cyecyl.org 

If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the data protection regulator in your country.

The UK’s supervisory authority for data protection issues is the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Copyright © 2024 CYE-CYL - All Rights Reserved.

Registered Charity No: 299

  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept