VOLUNTEER PRIVACY POLICY


We, Code Your Future (“CYF”), ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you have a query or complaint.

CYF’s acting Data Protection Officer can be contacted at sally@codeyourfuture.io.

CYF's role

CYF is the ‘data controller’. We collect and use personal information to carry out the services that the charity provides. CYF is committed to protecting your data and being transparent about how we use your data, in line with the current Data Protection Act (2018), the General Data Protection Regulations (GDPR) and any resulting legislation.

What information does CYF collect about you?

CYF will collect information about you as a current volunteer in the course of providing its services. This includes details when you apply to volunteer for CYF, when you join as a volunteer at CYF and as you progress through our volunteering scheme. This will also include data received from external sources such as external referees.

These details will include, but are not limited to, the following:

  • Your name, marital status, gender, address, phone number, date of birth, contact details and other information submitted during the volunteer application process
  • Details of previous employment and educational background
  • Bank details to repay for any expense you may encounter
  • Photographs
  • Video recordings for publicity purposes
  • Criminal convictions either before or during the time you are a CYF volunteer
  • Information related to the prevention and detection of crime and the safety and security of staff and students

In certain circumstances special category personal data may be collected. These are more sensitive categories of identifying information including but not limited to the following: racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health or data concerning a natural person’s sex life or sexual orientation and data relating to criminal
convictions.

How does CYF obtain your personal data?

We may collect your personal data in a number of ways, for example:

  • From information provided to us by yourself when joining. This would include any applications you complete when joining us.
  • Through communication to or from you by telephone, email, or via the website. For example, when you call to make enquiries about CYF or when you are raising concerns.
  • We may also gain your personal data from third parties, for example, from references.

How will your information be used?

During the course of its activities, CYF will use your data to carry out its functions and to provide services to you as part of your volunteer journey. CYF is committed to ensure your data is only used in carrying out CYF’s business.

Lawful bases for processing your personal data under the GDPR and DPA 2018

Personal data will only be processed when the law permits this to happen. Most commonly personal data will be processed in the following circumstances:

  • Where you have given us your consent
  • In order to fulfil CYF’s obligations to you as part of your volunteer agreement
  • Where CYF needs to comply with a legal obligation (for example, the detection or prevention of crime and financial or charity regulations)
  • Where it is necessary for CYF’s legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • To protect the vital interests of the data subject or of another person (for example, in the case of a medical emergency)
  • In order to perform a task carried out in the public interest

CYF will only use personal data for the purposes for which it was collected unless it is considered reasonable that it is needed for another purpose and the reason is compatible with the original purpose. If CYF needs to use your personal data for an unrelated purpose, it will notify you and will explain the legal basis that permits it to do so. CYF may process your personal data without your knowledge or consent, in compliance with this policy and procedure,
where this is permitted by law. The below provides examples of how we use your information:

  • To correspond with you in connection with your application and role as a volunteer
  • To administer financial aspects such as expenses
  • To provide or offer facilities and services to you (for example access to our teaching platform and learning resources for students)
  • To operate security, disciplinary, complaint and quality assurance processes and arrangements
  • To review trends and patterns in learning and teaching analytics
  • To produce management statistics and to conduct research into the effectiveness of our study and volunteer programmes, as well as produce statistics for statutory purposes
  • To monitor our responsibilities under equal opportunities policies
  • Dealing with complaints and disciplinary matters
  • Carrying out our legitimate functions as an educational charity

Sensitive Personal Data

Some of your personal data processed by us may be classified as "sensitive". This includes any disabilities and any associated medical conditions that you have chosen to declare to us. It also includes any criminal convictions you may hold either before or during the time you are registered as a volunteer with CYF, and the commission or alleged commission by you of any offences during the time you are registered as a volunteer with CYF.

If you disclose sensitive personal information to us you expressly consent to us using that information for the purpose(s) given to you at the time the information was collected as well as
for our equal opportunities monitoring.
You also expressly consent for us to:

  • use information you provide to us relating to a medical condition, disability or learning support needs you may have for the purposes of evaluating what suitable support may be available to you and to share this information with CYF staff if necessary. Please note that this information has no bearing on the assessment of your application as a volunteer; and
  • use information relating to any criminal conviction you may have for the purposes of evaluating your admission to CYF or for evaluating whether to allow you to continue to volunteer with CYF and to share this information with CYF’s staff for such purposes if necessary.

Who is your information shared with?

Where necessary, personal information will be shared internally within and across other teams at CYF. The list below outlines the major organisations and most common circumstances in which CYF will disclose your personal information. Where this is outside of the EEA, CYF will only transfer information if it meets the conditions under the GDPR.

  • Organisations CYF works alongside to provide graduation ceremony services to students or other events you may attend as a volunteer
  • Systems used for teaching purposes by the students in their studies, which are not managed directly by CYF

How long will your information be held?

CYF will hold your information in line with CYF’s internal records management policy.

After you have finished volunteering with CYF, we are required to retain some of your information to provide statutory analytical data and for our records.


Keeping your information secure

CYF is required under data protection legislation to keep your information secure, and measures are in place to prevent unauthorised access and disclosure of your information. Only
relevant members of staff or volunteers who require access to your records will be authorised to do so.

Systems and electronic files are subject to password restrictions and other security measures. Paper files will be stored in secure areas with controlled access. Some processing of your information may be undertaken on CYF’s behalf by third party organisations. Organisations processing personal data on CYF’s behalf are also bound by the GDPR and CYF has sought assurances from these organisations they ensure they are aware of their obligations under the GDPR and resulting legislation.


Your rights

Under the GDPR and DPA 2018 you have a number of important rights, without charge.

You have the right to:

  • Be informed of how we collect and use your personal data;
  • Access your personal data;
  • Require us to correct any mistakes in the data we hold on you;
  • Require the erasure of personal data concerning you in certain situations;
  • Restrict our processing of your personal data in certain circumstances;
  • Receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
  • Object in certain situations to our continued processing of your personal data or at any
    time to processing of your personal data for direct marketing; and
  • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.

Any requests or objections should be made in writing to: Sally McGrath,
sally@codeyourfuture.io.

If a subject access request is made and the request for access is clearly unfounded or excessive, CYF reserves the right to refuse to comply with the request in these circumstances.

Your responsibilities

Throughout your time volunteering with CYF, you have a responsibility to keep your personal details up to date. During your time as a volunteer, you may have access to other individuals' personal data and you are legally obliged to handle this in a confidential, professional and responsible manner in line with data protection legislation and any other codes of conduct or ethics.

If you are made aware of an individual’s personal information then you are expected to keep this confidential and to not tell anyone without the individual’s prior consent (unless there is an exceptional circumstance). You should also not seek to actively obtain another individual's personal information to which you are not entitled.

In the instance where data protection legislation or a duty of confidence has been breached, disciplinary action will be considered.

Changes to this notice

This privacy notice is reviewed annually or when required to ensure compliance with data protection legislation. If significant changes are made to this notice and the way we treat your personal information we will make this clear and may seek to communicate this directly to you.