Privacy Policy

1. What is your personal data and how does the law regulate our use of it?

“Personal data” is information relating to you as a living, identifiable individual. We refer to this as “your data”.

The UK-GDPR and Data Protection Act 2018, (DPA 2018) requires UYA as data controller for your data to:

  • process your data in a lawful, fair and transparent way;
  • only collect your data for explicit and legitimate purposes;
  • only collect data that is relevant, and limited to the purpose(s) we have told you about;
  • ensure that your data is accurate and up to date;
  • ensure that your data is only kept as long as necessary for the purpose(s) we have told you about;
  • ensure that appropriate security measures are used to protect your data.

2. Information about you

We may collect personal information from you when you:

  • make a donation;
  • book training;
  • enquire about the website , our services or UYA;
  • request or share information through the Website
  • contact us through the Website,or any other channel.

This personal information may include but is not limited to the following information about you:

  • your name (including your first name(s) and surname);
  • your email address;
  • your address;
  • your phone number
  • your date of birth
  • other details about you that you or others provide to us.

3. How we use this information

(a) Your personal information will only be used by us to:

  • process your bookings, requests;
  • respond to your questions or comments;
  • provide or administer services, such as training materials;
  • display your comment on the website;
  • provide you with information relating to UYA, or that we feel may be of interest to you;
  • maintain our organisational records; or
  • ensure you are on the correct and most age-appropriate groups and that we have parental consent where required by law.

(b) If you do not want to receive information from us, contact us by email at with the word “unsubscribe” in the subject field.

(c) UYA will not share your personal details with third parties.

4. Your rights under Data Protection Law

You have the following rights under Data Protection Law:

  • The right to access – You have the right to request us to give you copies of the personal information we have about you.
  • The right to rectification – If the information we hold for you is incomplete or wrong, you have the right to request a correction.
  • The right to erasure – Where we have no overruling legal basis or legitimate reason to carry on processing your personal information, you may ask that we delete your personal information.
  • The right to restrict processing – You have the right to ask that we restrict the processing of your personal information, under certain conditions.
  • The right to object to processing – You have the right to object to processing if we can process your information because the processing is part of our public tasks or is in our legitimate interests.
  • The right to data portability – This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at:

Further guidance on your rights is available from the Information Commissioner’s Office.

5. The lawful basis on which we process your data

The UK-GDPR and DPA 2018 require that we provide you with information about the lawful basis on which we process your personal data, and for what purpose(s).

The lawful basis for processing your personal data is contained within Article 6 of the UK-GDPR which states:

Processing shall be lawful only if and to the extent that at least one of the following applies:

  1. The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. Processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

6. Sharing your data

We do not, and will not, sell your data to third parties. We will only share it with third parties if we are allowed or required to do so by law.

Examples of bodies to whom we are required by law to disclose certain data include, but are not limited to:

UK agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, safeguarding, or national security.

We may share data with government departments, crime prevention and law enforcement agencies when required or considered appropriate in the circumstances and with the proper consideration of your rights and freedoms (in cases where the law places a duty on us to report).

Where personal information is shared with third parties, we will seek to share the minimum amount of information necessary to fulfil the purpose.

7. Data retention

We retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting, regulatory, disciplinary or reporting requirements.

8. Security

We adopt data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored with respect to our Site. Data that we have collected is held on protected devices, including where it is held as part of a back-up version. We use layered security software to prevent unauthorised access, alteration, disclosure or destruction of the data. Our security system is subject to regular audit and testing.

9. Cookies

If you have any questions regarding our policy please contact

If you would prefer that we do not use cookies, you should adjust your browser settings to reject cookie use. Where we use cookies for site security, or to ensure the proper functioning of the site (for example via the use of load-bearing cookies), we do not require your consent to the use of these cookies. We have a legitimate interest in their use and we process all data, as collected by those cookies, on that basis.

Skip to content