Data Terms and Conditions

Fundraising and marketing Data Policy


This Policy describes the information we process to support YMCA Trinity Group fundraising and marketing activities, events and programmes offered by YMCA Trinity Group.


What kinds of information do we collect?


To provide the YMCA Trinity Group events, activities, support and services we must process information about you. The type of information that we collect depends on how you interact with YMCA Trinity Group and how you use our support and services.


Things that you and others do and provide


Information you provide. We collect the information you provide when you work with or support the YMCA and how you use our support and services or if you attend one of our events or fundraising activities. This can include information including and events or fundraising activities you have taken part in, any donation or other support you have provided as well as information such as your address and contact details.

Data with special protections: YMCA Trinity Group does not collect store or profile information or data about your religious views, political views or your health. This and other information (such as racial or ethnic origin, philosophical beliefs or trade union membership) is subject to special protections under EU law.

We collect information about how you work and support the YMCA and our support services, such as the types of programmes you access or the events you attend including any time or money donated to the charity, such as when you make a donation, we collect information about the transaction. This includes payment information, such as your credit or debit card number and other card information, other account and authentication information, and billing, delivery and contact details.


How do we use the information we collect?


We use the information that we have (subject to your permission) as described below, and to provide and support YMCA Trinity Group Products, related services and support described in the YMCA Trinity Group Terms. Here’s how:


  • Provide, personalise and improve our support and opportunities.

We use the information that we have to deliver our support and services and to offer our supporters with information on opportunities to get involved, including to personalise information and content and make suggestions for you (such as events and activities you may be interested in)


  • Provide measurement, analytics and other business services

We use the information that we have (including your activity off our Products, such as the websites you visit and ads you see) to help us measure the effectiveness and distribution of our marketing and promotional activity and services, and understand the types of people who use our services and who is supporting the charity. It also allows us to know how people interact with our website, social media and services.


  • Communicating with you

We use the information that we have to communicate with you about our services, events and support activities and let you know about our Policies and Terms. We also use your information to respond to you when you contact us.


Is this information shared?


Your information is held on a single secure server and is not shared with any other parties, either internal to YMCA or externally:


  • New owner

If the ownership or control of all or part of our services and support or our assets change, we may transfer your information to the new owner.


  • Law enforcement or legal requests

We share information with law enforcement or in response to legal requests in the circumstances outlined below:


What is our legal basis for processing data?


We collect, use and share the data that we have in the ways described above:


  • As necessary to fulfil our YMCA Trinity Group Terms of Service
  • consistent with your consent, which you may revoke at any time as detailed below
  • As necessary to comply with our legal obligations
  • To protect your vital interests, or those of others
  • As necessary in the public interest
  • As necessary for our legitimate interests, including our interests in providing an innovative, personalised, safe and profitable service to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.


Learn more about these legal bases and how they relate to the ways in which we process data.


How can you exercise your rights provided under the GDPR?


Under the General Data Protection Regulation, you have the right to access, rectify, port and delete your data. Learn more about these rights and find out how you can exercise your rights. You also have the right to object to and restrict certain processing of your data. This includes:

The right to object to our processing of your data for direct marketing, which you can exercise by using the “unsubscribe” link in our marketing communications, and the right to object to our processing of your data where we are performing a task in the public interest or pursuing our legitimate interests.


Data retention, account deactivation and deletion


We store data until it is no longer necessary to provide our services or support and YMCA Trinity Group Products or until you request that your data is deleted– whichever comes first. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs.

When your data is deleted, we delete all records, the exemption of any legal obligation to retain relevant information and data is required, and you won’t be able to recover this information later.


How do we respond to legal requests or prevent harm?


We access, preserve and share your information with regulators, law enforcement or others:

In response to a legal request, if we have a good-faith belief that the law requires us to do so. We can also respond to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction and is consistent with internationally recognised standards.

When we have a good-faith belief that it is necessary to: detect, prevent and address fraud, unauthorised use of the services and support, breaches of our Terms or Policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or Products), you or others, including as part of investigations or regulatory enquiries; or to prevent death or imminent bodily harm. For example, if relevant, we provide information to and receive

Information that we receive about you (including financial transaction data related to purchases made with YMCA Trinity Group) can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation or investigations of possible breaches of our Terms or Policies, or otherwise to prevent harm. We also retain information from accounts disabled for term breaches for at least a year to prevent repeat abuse or other term breaches.


Does YMCA Trinity transfer data as part of our global services?


We do not transfer any transfer any data collected for the purpose of marketing and fundraising.


How will we notify you of changes to this Policy?


We’ll notify you before we make changes to this Policy and give you the opportunity to review the revised Policy before you choose to continue using our support or services.


How to contact YMCA Trinity Group with questions


You can learn more about how privacy works on YMCA Trinity Group If you have questions about this Policy, you can contact us as described below. We may resolve disputes that you have with us in connection with our Privacy Policies and practices.


Contact us


The data controller responsible for your information is YMCA Trinity Group, which you can contact online or by post at:


YMCA Trinity Group
Queen Anne House


Contact the Data Protection Officer for YMCA Trinity Group


You also have the right to lodge a complaint with YMCA Trinity Group’s lead supervisory authority, the Data Protection Commissioner, or your local supervisory authority.


Date of last revision: April 2018