Skip to main content Skip to accessibility
This website is not compatible with your web browser. You should install a newer browser. If you live in Jersey and need help upgrading call the States of Jersey web team on 440099.
Government of Jerseygov.je

Information and public services for the Island of Jersey

L'înformâtion et les sèrvices publyis pouor I'Île dé Jèrri

Jersey Youth Service privacy policy

​Introduction

Jersey Youth Service is a Government of Jersey organisation providing a wide range of personal and social development opportunities for young people in Jersey.

Jersey Youth Service is registered as a ‘Controller’ under the Data Protection (Jersey) Law 2018. We take our responsibilities as a data controller seriously and are committed to using the personal data we hold in accordance with the law.

This privacy notice provides detailed information about how we process personal data. If you have questions regarding your personal data or its use, contact Jersey Youth Service:

  • email Jys@Jys.je​
  • call +44 (0) 1534 280500
  • by post at Jersey Youth Service, St James Street, St Helier, Jersey, JE2 3QZ

Types of personal data we process 

We process personal data about prospective, current, and past:

  • members and their parents and carers
  • staff
  • suppliers
  • contractors
  • other individuals connected to or visiting Jersey Youth Service

Further information for staff can be obtained from the People Service’s Department and through the Chief Operating Office’s privacy policies.

The Government of Jersey’s Employee privacy notice can be found on MyStates (internal site).

The personal data we process takes different forms. It can be:

  • factual information
  • expressions of opinion
  • images
  • other recorded information which identifies or relates to a living individual

Examples include:

  • names, addresses, telephone numbers, email addresses and other contact details
  • family details; parental responsibility
  • medical information that is relevant to the young person
  • gender
  • attendance, academic, disciplinary, welfare and information about special educational needs and support needs
  • education and employment data
  • images, audio, and video recordings. Find more information on the CCTV policy
  • financial information
  • social security number
  • attended courses, activities, meetings, or events

As an organisation, we need to process special category personal data such as concerning health, ethnicity, religion, biometric data, and information about some individuals particularly young people. We do so in accordance with the applicable law including with respect to safeguarding or employment and, where necessary, relying on individuals’ explicit consent.

Collecting, handling and sharing personal data

We collect most of the personal data we process directly from the individual concerned or in the case of young people, from their parents or carers. In some cases, we collect data from third parties for example:

  • referees
  • the Disclosure and Barring Service
  • professionals or authorities working with the individual

Personal data held by us is processed by appropriate members of staff for the purposes for which the data was provided, in accordance with the section below. We take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to systems. We ensure that personal data is not transferred outside of the European Economic Area unless we are satisfied that the personal data will be afforded an equivalent level of protection.

We do use web services that are hosted outside the European Economic Area, for example Facebook. This is processed in the United States but has been approved by another competent supervisory authority under Article 40 of the GDPR or equivalent statutory provisions, together with binding and enforceable commitments of the controller and processor to apply the appropriate safeguards, such as information security procedures and checks.

We upload data to the IYSS Core+ (MIS Database) that is hosted in the EU. In addition, data may be uploaded to exam boards such as AQA, EdExcel, Asdan, OCR etc. All these services are hosted within the EU.

In the course of organisational business, we share personal data, including special category personal data where appropriate, with third parties such as the organisations professional advisors at the Department for Children, Young People, Education and Skills (CYPES), Multi trust agencies and other Departments within the Government of Jersey where appropriate. These departments and organisations are obliged to keep your details securely and only use your information in accordance with our specific directions.

We may disclose information to other departments where it is necessary, either to comply with a legal obligation, or where permitted, under other legislation. Examples of this include, but are not limited to:

  • where the disclosure is necessary for the purposes of the prevention or detection of crime
  • for the purposes of meeting statutory obligations
  • to prevent risk of harm to an individual

We process data and have data sharing agreements with the following organisations:

  • IYSS Core+ (MIS Database)
  • CYPES
  • the Police including MARAC
  • Children’s Social Services including CAMHS (Child and Adolescent Mental Health Service) and Children and Families Hub Service
  • Adult Social Services
  • Probation
  • JMAPPA

This list is subject to change and will be updated annually to reflect any changes.

We will continually review and update our sharing agreements to reflect changes in our services and feedback from service users, as well as to comply with changes in the law.

Purposes for which we process personal data

We process personal data to support the organisations operation for young people, and in particular for: 

  • the delivery of opportunities to young people to support learning including the administration of the Youth Service curriculum, attendance, and needs, reporting on the same internally
  • the provision of support and related services to young people and parents or carers including the:
    • administration of activities, trips and residentials
    • provision of the Youth Services’ IT and communications system all in accordance with our IT policies
  • the safeguarding of young peoples’ welfare and health care services by youth workers
  • compliance with legislation and regulation, submission of information to CYPES
  • operational management including:
    • compilation of young person's records
    • management of the organisations property
    • management of security and safety arrangements, including the use of CCTV in accordance with our CCTV Policies and monitoring of the organisations IT and communications systems in accordance with our Acceptable Use Policy,
    • management planning and forecasting
    • research and statistical analysis
    • administration and implementation of the Youth Services policies for young people
    • maintenance of historic archives and other operational purposes

Lawful bases for processing 

We may process your personal data for the above purposes because:

  • it is necessary for the performance of a contract. Such as to take steps at a contracting party’s request prior to entering into such a contract
  • it is necessary for our compliance with our legal obligations. In this respect, we may use personal data to exercise or perform any right or obligation conferred or imposed by law in connection with the prevention and detection of crime, and in order to assist with investigations, including criminal investigations, carried out by the police and other competent authorities
  • it is necessary for our third party’s legitimate interests
  • it is necessary for us to provide the best services possible to our young people
  • it is necessary to protect an individual’s vital interests. In certain limited circumstances, for example where a young person has a life-threatening accident or illness while at a project and we must process their personal data to ensure they receive prompt and appropriate medical attention
  • it is necessary for the establishment, exercise, or defence of legal claims
  • it is necessary for reasons of substantial public interest, including safeguarding purposes
  • it is necessary for medical purposes, including medical diagnosis and the provision of health care or treatment for young people, managing related health care systems
  • it is necessary for archiving, research, or statistical purposes
  • we have an individual’s specific or, where necessary, explicit consent to do so

​How long we keep personal data 

We retain personal data only for legitimate purposes, relying on one or more of the lawful bases as set out above, and only for so long as necessary for those purposes, or as required by law. We comply with CYPES retention schedules which sets out the time period for which various categories of data are kept.

Your rights

You have various rights under data protection law to: 

  • obtain access to, and copies of, the personal data that we hold about you
  • require us to correct the personal data we hold about you if it is incorrect
  • require us to erase your personal data in certain circumstances
  • require us to restrict our data processing activities in certain circumstances
  • receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of your transmitting that personal data to another data controller
  • object, on grounds relating to your situation, to any of our processing activities where you feel this has a disproportionate impact on your rights, including a right to object to receiving communications
  • where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal

These rights are not absolute, and we may be entitled or required to refuse requests where exceptions or exemptions apply. If you would like to exercise any of your rights under data protection law for which we are the data controller, email the Data Protection Officer cypesgovernance@gov.je.

Young person’s data and parental consent

The rights under data protection law belong to the individual to whom the data relates. However, where consent is required as the lawful basis for processing personal data relating to young people, because no other lawful basis applies, we will often rely on parental consent unless, given the nature of the processing in question, and the young person’s age and understanding, it is more appropriate to rely on the young person’s consent.

Parents or carers should be aware that in such situations they may not be consulted, depending on the interests of the young person, the parents’ rights at law or under their contract, and taking into account all the relevant circumstances.

In general, we will assume that the young persons’ consent is not required, and that other lawful bases are more appropriate, as described above, for ordinary disclosure of their personal data to their parents or carers, such as for the purposes of keeping parents or carers informed about the young persons’ activities, and behaviour, and in the interests of the young persons’ welfare, unless, in the organisations opinion, there is a good reason to do otherwise.

However, where a young person seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents or carers, we may be under an obligation to maintain confidentiality unless, in our opinion, there is a good reason to do otherwise. For example, where the organisation believes disclosure will be in the best interests of the young person or other young persons, or is required by law. 

Young people can make subject access requests, or other requests to exercise individual rights under data protection law, for their own personal data, if they have sufficient maturity to understand the request they are making. A person with parental responsibility will be entitled to make a subject access request, or other requests to exercise individual rights under data protection law, on behalf of the young person, but the information in question is always considered to be the young person’s by law. A young person of any age may ask a parent or other representative to make a subject access request, or other requests to exercise individual rights under data protection law, on their behalf. Moreover, if a young person is of sufficient maturity, their consent or authority may need to be sought by the parent or carer making such a request.

Change of details

We try to ensure that all personal data held in relation to an individual is as up-to-date and accurate as possible. Notify the Jersey Youth Service of any changes to essential information held about you, such as contact details.

This policy

Our privacy notice should be read in conjunction with our other policies and terms and conditions which refer to personal data. Find these on the Children, Young People, Education and Skills Policies

We will review this privacy notice annually. You will be notified of any substantial changes that affect how we process your personal data to you directly, as far as practicable.

If you believe that we have not complied with this policy or have acted otherwise than in accordance with data protection law, you should notify Jersey Youth Service. You can also make a referral to or lodge a complaint with the Jersey Office of the Information Commissioner (JOIC). Although the JOIC recommends that steps are taken to resolve the matter with us before involving them. Find more about your rights under data protection law on JOIC website.

Our sites
Back to top
rating button