Service User Privacy Policy

Data controller: Youth First

Data protection officer: Michalis Migos,

The organisation collects and processes personal data relating to its service users to manage service provision. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

What information does the organisation collect?

The organisation collects and processes a range of information about you. Some of this information is mandatory in order to use our services, for safeguarding and medical reasons. This includes:

We also ask for certain other information about the young person in order to provide the best possible service to our users. None of this information is mandatory:

The organisation, as well as those third parties with which it works to provide youth services, uses a Membership Form to collect this data, which is then uploaded into Views, a fully GDPR compliant data management system, run by data processing company Substance.   Their own data protection policies can be found here:

Why does the organisation process personal data?

In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. For example to comply with health and safety laws, safeguarding regulations and police/social service referrals.

In other cases, the organisation has a legitimate interest in processing personal data. Processing data allows the organisation to:

Parents/guardians will be sent one email asking if they would like to join our Friends of Youth First group. Other than this their information will not be used for any marketing or fundraising purposes.

Who has access to data?

Your information may be shared internally where it is required to provide the service, including with relevant youth workers and members of the management team.

In certain very limited cases the organisation shares your data with third parties in order to fulfil its safeguarding obligations

The organisation also shares your data with third parties that process data on its behalf:

Lewisham Borough Council
1 Community Project (1CP)
Bromley and Downham Youth Club
Elevating Success UK
Greenwich & Lewisham Young People's Theatre
Metro Centre Ltd
Millwall Community Trust and Sports Active
Sports Active
The Albany
Triple Helix Training
Phoenix Community Housing

The organisation will not transfer your data to countries outside the European Economic Area.

How does the organisation protect data?

The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Please find our full Data Protection Policy at:

Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

For how long does the organisation keep data?

The organisation will hold your personal data for the duration of the time that the young person uses the service, plus a period of two years.

Your rights

As a data subject, you have a number of rights. You can:

If you would like to exercise any of these rights, please contact

We do not make decisions on how to process data based solely on automated decision-making.

If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.