YARDO Privacy notice
YARDO CIC is a locally focused, Community Interest Company, run by a small core of staff and volunteers. YARDO values and respects your privacy and aims to go beyond legal requirements to protect your information, while giving you maximum opportunities to participate in your community.
Please read the following sections to understand the circumstances in which we collect your information, store it, who has access to it, and how it is deleted or amended.
If you would like to contact YARDO to discuss any aspect of how we manage your data, including deletion or ammendment, it is quickest to do so by email. firstname.lastname@example.org or alternately 07743 184 509.
Registration for services with YARDO, and with third parties
When you register with us for our services, we will collect basic information, including your name, postcode and contact details, because we have a ‘legitimate interest’ to do so, to provide those services. If you would rather we did not have your details you are welcome to withhold these. You are also welcome to ask us to delete your details at any time.
Some of our online services are group based and rely on peer support, for example meditation. This may mean sharing basic information such as your name with other members of the group as you would if you were supporting each other in a room together. If there is anything you are uncomfortable sharing, please let us or your facilitator know beforehand.
When we collect your details, we will ask you if you would like to be added to our mailing list, and if you mind participating in our evaluation, which is part of our legitimate interest in delivering your services. You are welcome to ask us to remove your details from these lists at any time.
The majority of our Mental Wealth programme is provided through partnership with different counselling providers, who have their own detailed policies in respect of your privacy, particularly around information about your health.
When you register with these organisations we do not receive a copy of your information. This means that you may be asked to provide the information more than once if you register for different services.
Headstrong Counselling Data Protection Policy.
Dr Caroline Hoffman and Samia Nelson and other freelance providers will direct you to their Data Protection Policy by email when you register with them.
Our partner councillors will provide us with an anonymised report of participants, demography, and health outcomes. We do not have access to your health data, and where you tell us about this, we do not store information on our system.
Our website may include embedded content (e.g. videos, images, articles, etc.) and links to other pages. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Email, and online documents
We use password-protected Google accounts as email provider and a basis for online documents. Google is listed under the EU-US Privacy Shield scheme. Google has a high level of privacy and encryption detailed here in its Privacy Shield listing.
If you are in communication with us over any issue, we understand we have a legitimate interest to reply to your queries, and to progress matters you have raised. We do not normally delete email addresses and correspondence in case we need to return to it, if you would like to be sure your email address and correspondence is deleted after your query is answered, please tell the person at YARDO who you are communication with.
Purchase related transactions
At present we use Paypal and Eventbrite for purchase related transactions i.e. making payment for membership, courses, workshops and other events or making donations.
By buying a ticket in this way you are giving consent for us Institute to process your personal information as outlined above in accordance with current data protection legislation.
By paying for your ticket or making a donation using the Paypal payment service you also consent to us receiving your name, address, email and sometimes a contact number. We will store this data in our electronic and hard copy filing systems and process it in accordance with current data protection legislation.
Your data will not be passed on to any third parties, unless it is a shared event. In this instance we ask you upon registration if we have your consent to share your data in this way.
If you do not wish your data to be used in any of the ways listed above, would like your data to be removed from our systems, or have questions about how we use your data to process transactions, please contact us directly.
Third party partner privacy policies
Please also see our Terms and Conditions for website and ticketing advice.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
YARDO does not currently undertake any activities with young people under 18.
If you are accessing any of our online services, please ensure none of your children are in the screen.
Your Legal Rights
A new data protection law (GDPR), came into force on 25th May 2018. It gives every UK/EU citizen a number of very important rights. These are the rights to:
Transparency over how we use your personal information (right to be informed)
Request a copy of the information we hold about you, which will be provided to you within one month (right of access)
Update or amend the information we hold about you if it is wrong (right of rectification)
Ask us to stop using your information (right to restrict processing)
Ask us to remove your personal information from our records (right to be ‘forgotten’)
Object to the processing of your information (right to object)
Obtain and reuse your personal data for your own purposes (right to data portability)
Not be subject to a decision when it is based on automated processing (automated decision making and profiling)
If you wish to exercise any of the rights set out above, please contact us.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you would like to know more about your rights under the data protection law see the Information Commissioners Office website.