Privacy Notice

Youth Emotional Support Service Privacy Notice

This Privacy Notice explains how your data is processed by Youth Emotional Support Service (YESS), and our legal basis for doing so.  This notice also covers the types of personal data we may collect and how we keep it safe.

We are responsible for the information we hold and we ensure that the information is used and stored in line with the legal requirements set out by the General Data Protection Regulations (GDPR).

As an organisation we collect and process some personal information as a Data Controller.  In order to enable us to carry out our service we may need to instruct other organisations to act as a Data Processor for some functions.  In these situations, any other agencies who work with us will be under a legal duty to comply with GDPR.

YESS also carry out functions as a Data Processor on behalf of our commissioners who are Data Controllers in some instances.  Where this is the case, they have their own Privacy Notices in place and there are also relevant clauses to ensure that data is handled in line with GDPR requirements.

Lawful Basis

The law on data protection sets out a number of different reasons for which an organisation may collect and process your personal data.  YESS have identified that the information we hold is done lawfully under one of the following lawful reasons:

  • Contractual
  • Legal compliance
  • Legitimate interest

When do we collect your personal data?

  • When you are referred to us for therapy
  • When you join our Youth Participation scheme
  • If you commission our services
  • If you are employed by YESS
  • When you contact us by any means with queries, complaints etc.
  • When you’ve given a third party permission to share with us the information they hold about you.

What sort of personal data do we collect?

  • If you have been referred into our service:  your name, gender, date of birth, home address, email and telephone number, overview of mental health issues.
  • Details of your interactions with us through client contact records and clinical notes
  • Copies of documents you provide to prove your age or identity where the law requires this. (Including your passport and driver’s licence). This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
  • We process personal data which includes special categories of data such as information about your health. We will only process this type of information when it is necessary for us to do so as part of our legitimate activities or with your permission.

How and why do we use your personal data?

  • Deliver services and understand your needs
  • Maintain and update your records or contact details
  • Contact you where necessary
  • Obtain your opinion and feedback about the services we provide
  • Ensure that we fulfil our legal obligations

Managing personal data

  • We are responsible for managing the information we hold.  We take our responsibilities seriously and aim to use personal information fairly, correctly and safely in line with the legal requirements set out by the General Data Protection Regulations (GDPR).
  • Any organisations that process personal information on behalf of YESS, or with whom we share information, also have the same legal obligation to comply with GDPR and will have a set of data protection clauses included in their contract or other form of agreement.
  • The amount of time data is kept before being disposed of will vary depending on why it was collected, how it is used, and in line with any applicable UK laws.  Our retention policies give details of how long we will keep data for.
  • Your data will be stored within the UK and EEA. Your data will not be processed outside of the EEA.

How we share your data

There may be occasions where we identify a need to share information with other agencies.  In these instances we will only share with other organisations if we have obtained your consent, or unless we are legally required or enabled to share it.

At no time will your information be passed to organisations external to YESS for marketing or sales purposes or for any commercial use without your prior explicit consent.

What are your rights?

Under the GDPR you, as the Data Subject, you have the right to:

  • Be informed about our collection and use of personal data and our legal basis for doing so.
  • Access the information we hold about you. This information is usually provided free of charge but we may make a charge in circumstances specified in the regulations.
  • Request that we rectify inaccurate or out of date factual information about you.
  • Request that records we hold about you are erased.
  • Restrict processing of the information we hold about you if you have an objection to that processing, whilst your objection is investigated. 
  • Request information you have supplied to us to be provided to you in machine-readable format so that it can be transferred to a third party
  • Object to processing of your personal information including automated decision making and profiling.
  • Make a complaint or raise a concern to a supervisory authority if you are not satisfied with how the information held about you, or an information request, has been handled.
  • In some cases we are legally required to retain data for a minimum period, therefore we will respect your request where we are legally able to do so.

How to contact us

Please contact us if you have any questions about our privacy policy, information we hold about you, or if you have a complaint about privacy or misuse of personal data.

Email: enquiries@yes-s.org.uk