Privacy Policy

The YOUTHOOD Project
Redefining Youth Development, Safely.

The YOUTHOOD Project is committed to handling personal information safely, lawfully, fairly and transparently. This Privacy Policy explains how we collect, use, store, share and protect personal information across our work as a youth development organisation.

This policy applies to information collected through our website, forms, events, programmes, research, consultations, recruitment, partnerships, communications, Youth Fellowship activity, Mission Groundwork activity, safeguarding processes and wider organisational work.

This policy is informed by the UK General Data Protection Regulation, the Data Protection Act 2018 and guidance from the Information Commissioner’s Office.

Our Privacy Policy: Use of Personal Information

  • The YOUTHOOD Project is a youth development organisation working to redefine youth development through lived experience, professional practice, policy development, research, campaigns and partnership activity.

    We may collect information from people who engage with us, including:

    • young people

    • parents, carers and families

    • schools, colleges and universities

    • youth organisations and community groups

    • professionals and practitioners

    • partners and supporters

    • funders and donors

    • event attendees

    • research and consultation participants

    • Trustees, staff, volunteers and applicants

    • Youth Fellows and Mission Groundwork contributors

    • website users and people who contact us

    We only collect personal information where there is a clear reason to do so.

  • Personal information means any information that can identify a living person, either directly or indirectly.

    This may include:

    • name

    • email address

    • phone number

    • home address

    • date of birth

    • school, college, university or workplace

    • role or job title

    • photographs, videos or voice recordings

    • application information

    • attendance records

    • feedback responses

    • access needs

    • emergency contact details

    • opinions, views or reflections

    • online identifiers such as IP addresses, cookies or device information

    • information about someone’s involvement with The YOUTHOOD Project

    Personal information can also include information that appears anonymous but could identify someone when combined with other information.

  • Some information needs additional care because it is more sensitive.

    This may include information about:

    • racial or ethnic origin

    • religious or philosophical beliefs

    • political opinions

    • health, disability or access needs

    • sexuality or sexual orientation

    • safeguarding or welfare concerns

    • care experience

    • criminal offence information

    • lived experience of harm, trauma, discrimination, exclusion or vulnerability

    • personal barriers to opportunity

    The YOUTHOOD Project will not collect sensitive information casually. Where we ask for sensitive information, we will aim to explain why it is needed, how it will be used, who may see it and how it will be protected.

    Where special category data is used, we will identify an appropriate lawful basis and, where required, an additional condition under UK data protection law.

  • We may collect personal information to:

    • respond to enquiries

    • manage involvement in The YOUTHOOD Project

    • recruit, onboard and support team members, volunteers, Trustees and contributors

    • coordinate Youth Fellowship activity

    • coordinate Mission Groundwork activity

    • organise events, workshops, programmes and consultations

    • communicate with schools, partners, funders, supporters and stakeholders

    • collect consent for participation, photography, filming, media or case studies

    • understand access needs and support safe participation

    • manage safeguarding, welfare or concern-related matters

    • collect feedback and evaluation

    • carry out research, insight or consultation

    • inform policy, campaign and youth development work

    • manage funding, donations, sponsorship or philanthropy

    • manage website functionality, analytics and digital engagement

    • keep records needed for compliance, accountability and organisational learning

    We do not aim to collect personal information where there is no clear organisational purpose.

  • The YOUTHOOD Project must have a lawful basis when using personal information.

    Depending on the situation, we may rely on one or more of the following lawful bases:

    • Consent: where someone has clearly agreed to a specific use of their information.

    • Contract: where information is needed for an agreement or arrangement.

    • Legal obligation: where we must use information to comply with the law.

    • Vital interests: where information is needed to protect someone’s life or immediate safety.

    • Public task: where relevant to work carried out in the public interest or under official authority.

    • Legitimate interests: where we have a legitimate reason to use information and this does not override the rights and freedoms of the person.

    Where we use special category information, we will also consider the additional legal condition required for processing that information.

Our Privacy Policy: Consent & Lived Experience

  • Where we rely on consent, consent should be clear, specific and freely given.

    We may use consent for:

    • joining a mailing list

    • media, photography or filming

    • use of quotes or stories

    • participation in research or consultation

    • optional feedback

    • case studies

    • public-facing contributions

    • some forms of sensitive information collection

    • permission from parents, carers or guardians where needed

    Consent should not be hidden inside general wording. Where possible, we will separate consent from other information and explain what the person is agreeing to.

    Where someone can withdraw consent, we will explain how they can do this and what withdrawal means in practice.

  • The YOUTHOOD Project may work with children and young people, including those aged 10 to 18. Their personal information must be handled with additional care.

    When collecting information from or about children and young people, we aim to:

    • use clear and age-appropriate language

    • explain why information is being collected

    • explain who may see the information

    • avoid collecting unnecessary information

    • seek parent, carer, school or organisational consent where required

    • consider safeguarding responsibilities

    • restrict access to sensitive information

    • avoid public use of names, images, stories or quotes unless appropriate consent has been obtained

    • make sure forms, events and participation routes are designed with care

    Children and young people should receive privacy information in a way they can understand.

  • Some of our work involves lived experience, personal stories, reflections and community insight. This information can be powerful, but it can also be sensitive.

    We will treat lived experience information with care, especially where it relates to:

    • care experience

    • poverty or financial hardship

    • exclusion from education

    • mental health or wellbeing

    • disability or access needs

    • family circumstances

    • safeguarding

    • discrimination

    • trauma or harm

    • housing instability

    • youth justice

    • migration or legal status

    • barriers to opportunity

    We will only collect lived experience information where there is a clear purpose. People should understand why their information is being requested, how it may be used, whether it may be quoted, whether it will be anonymised and whether it may appear in reports, campaigns, publications or internal learning.

    Direct quotes, named stories, photographs, videos or identifiable case studies should not be used publicly without clear consent.

  • The YOUTHOOD Project may receive safeguarding or welfare information through its work with young people, communities, contributors, partners or team members.

    Safeguarding and welfare information will be handled carefully and shared only with those who need to know.

    Where a response, disclosure or concern suggests that someone may be at risk of harm, we may need to share relevant information with appropriate safeguarding contacts, statutory services, emergency services, schools, parents, carers or other responsible bodies, depending on the situation.

    We cannot promise absolute confidentiality where safeguarding or serious welfare concerns are involved.

    Where forms, events or research activities may receive safeguarding or welfare disclosures, we will aim to make clear whether they are monitored urgently. If they are not urgent support routes, this should be stated clearly.

  • We may collect information for events, workshops, programmes and delivery activities.

    This may include:

    • name

    • contact details

    • organisation or school

    • age or year group, where needed

    • attendance information

    • dietary requirements

    • access needs

    • emergency contact details

    • consent forms

    • media permissions

    • workshop choices

    • feedback and evaluation

    Event information should be used only for the event or related purpose unless wider use has been clearly explained.

    Where events involve children and young people, we will aim to ensure consent, safeguarding, emergency contact, media and access arrangements are clear.

Our Privacy Policy: Handling Digital and Personal Insight

  • We may collect information for research, insight, consultation, campaign learning, policy development, NAYD development and organisational evaluation.

    This may include:

    • survey responses

    • interview or focus group notes

    • lived experience contributions

    • professional reflections

    • community insight

    • demographic information

    • organisational feedback

    • policy views

    • event evaluation

    • quotes or written submissions

    Research and insight activity should explain:

    • why information is being collected

    • how responses will be used

    • whether responses are anonymous or identifiable

    • whether direct quotes may be used

    • whether responses may appear in reports

    • whether demographic information is optional

    • who will review responses

    • how long information will be kept

    • how people can ask questions or withdraw where applicable

    We will not keep personal information indefinitely just in case it may become useful later.

  • We may collect information through our website and digital platforms.

    This may include:

    • information submitted through contact forms

    • event or programme sign-up forms

    • newsletter subscriptions

    • website analytics

    • cookie or tracking data

    • IP addresses

    • device or browser information

    • page visits and interaction data

    • downloadable resource access information, where tracked

    Website analytics may be used to understand engagement, improve the website, evaluate reach, support accessibility and improve communication.

    We aim to avoid collecting unnecessary website data or using analytics in ways that are unexpected, intrusive or unrelated to our organisational purposes.

  • This website collects personal information to power our site analytics, including:

    • Information about your browser, network, and device

    • Web pages you visited prior to coming to this website

    • Your IP address

    This information may also include details about your use of this website, including:

    • Clicks

    • Internal links

    • Pages visited

    • Scrolling

    • Searches

    • Timestamps

    We provide this information to Squarespace, our website analytics provider, to learn about site traffic and activity.

    This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app.

    These necessary and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.

    These analytics and performance cookies are used on this website, as described below, only when you acknowledge our cookie banner. This website uses analytics and performance cookies to view site traffic, activity, and other data.

  • We may use photographs, videos, quotes, recordings, interviews or case studies in communications, reports, campaigns, events, publications, social media or website materials.

    Consent should be clear before identifiable images, stories or quotes are used publicly.

    Where children or young people are involved, extra care must be taken. Consent from a parent, carer, school, organisation or responsible adult may be required depending on the context.

    People should be told:

    • what media is being collected

    • where it may be used

    • whether names will be used

    • whether quotes may be edited for clarity

    • whether the material may remain online

    • how they can raise concerns

    • whether consent can be withdrawn and what limits may apply after publication

    We will avoid using media in ways that misrepresent people, exploit lived experience or place individuals at risk.

  • We may collect information about partners, supporters, funders, donors, schools, community organisations, professionals, public bodies and other stakeholders.

    This may include:

    • names

    • roles

    • organisations

    • work email addresses

    • phone numbers

    • meeting notes

    • partnership interests

    • funding interests

    • event participation

    • professional views

    • communication history

    • areas of expertise

    • agreed actions

    Professional contact information should be used for legitimate organisational purposes, such as partnership development, event coordination, stakeholder engagement, fundraising, campaign development, policy dialogue or sector collaboration.

    We will aim to avoid keeping outdated stakeholder information where there is no ongoing relationship, purpose or legitimate organisational reason.

Our Privacy Policy: Handling Information Internally

  • The YOUTHOOD Project may use digital forms to collect internal and external information.

    Digital forms should only be made live where they have:

    • a clear purpose

    • a named owner

    • approved response access

    • a storage location

    • a monitoring plan

    • an explanation of what happens after submission

    • a closure or review plan

    External forms should include accessible data protection and organisational intent information. This should explain why the information is being collected, how it will be used, who may review it, how it will be stored and what the person can expect after submission.

  • Personal information should only be shared internally where there is a clear need.

    Internal access should be based on role, responsibility and purpose.

    Personal information should not be shared widely simply because someone is part of The YOUTHOOD Project. Access should be restricted where information relates to:

    • safeguarding

    • welfare

    • recruitment

    • finance

    • health or access needs

    • lived experience

    • complaints or concerns

    • disciplinary matters

    • Trustee declarations

    • Youth Fellow support

    • Mission Groundwork contributor records

    • sensitive organisational decisions

    Where possible, shared documents and folders should use access controls rather than open links.

  • We will not share identifiable personal information externally unless there is a clear reason to do so.

    External sharing may be appropriate where:

    • the person has consented

    • sharing is necessary for an event or programme

    • sharing is required for safeguarding or welfare reasons

    • sharing is required by law

    • sharing is necessary for a contract, partnership or delivery arrangement

    • information is anonymised or aggregated

    • we have clearly explained the sharing in advance

    We aim to avoid sharing raw personal data with external partners unless this is necessary, lawful, proportionate and approved.

    Where external partners are involved in delivery, research, events or insight activity, their access to personal information should be clearly defined.

  • Personal information should be stored securely in approved organisational systems.

    This may include:

    • approved cloud folders

    • shared drives with restricted access

    • approved email accounts

    • secure digital form response systems

    • restricted governance, safeguarding, finance or recruitment folders

    • authorised project folders

    • approved team communication spaces where appropriate

    Personal information should not be stored in:

    • personal drives

    • personal email accounts

    • personal devices, unless temporary and necessary

    • borrowed devices

    • public computers

    • informal messaging channels

    • unapproved external storage spaces

    • unrestricted folders

    If personal information is temporarily downloaded to complete a task, it should be uploaded to the correct organisational space and unnecessary local copies should be deleted.

  • We keep personal information only for as long as needed.

    When deciding how long to keep information, we consider:

    • why the information was collected

    • whether the purpose has ended

    • whether the information is still needed

    • whether there are legal or governance reasons to keep it

    • whether the information can be anonymised

    • whether keeping it creates unnecessary risk

    • whether the person has requested deletion, where applicable

    Retention expectations may differ depending on the type of information, such as recruitment records, consent records, event records, safeguarding records, research responses, finance records and governance records.