Privacy Policy

Version 1.1 - Approved by the Managing Committee on 11th July 2025

Article 1: Introduction

At Discovering Youth Association (DYA), we are committed to protecting the privacy, confidentiality, and dignity of all individuals who interact with us.

This Privacy Policy outlines how we collect, use, store, and safeguard your personal information, in line with our responsibilities under the Data Protection Act of the Republic of Mauritius, applicable international privacy standards, and our own internal Bylaws.

By interacting with DYA – Including as a member, participant, volunteer, partner, or staff – you agree to the practices described herein.

Article 2: Scope of Application

This policy applies to all personal data processed by DYA in the course of delivering its services, including but not limited to:

· The Duke of Edinburgh’s International Award delivery

· Membership administration

· Volunteer recruitment and support

· Communications and promotions including emails, letters, policies and DYA – issued documents

· Online and in-person programmes

· External partnerships

This policy supplements the privacy obligations already stipulated in DYA’s By-laws and Rules.

Article 3: What Personal Data We Collect

We may collect the following categories of data:

· Full name, date of birth, gender

· Contact information (email, phone number, postal address)

· ID numbers and official documents for verification (where required)

· Medical and emergency information for high-risk activities

· Photographs and videos taken during events and activities

· Communications sent to/from DYA via email or social platforms

· Participation records and performance evaluations within the Award

· Digital identifiers (IP address, browser data) from website interactions

The above list is not exhaustive. The Managing Committee and the Office of the Lead Award Coordinator (OLAC) are empowered to collect additional data as and when deemed required by them.

DYA does not collect more data than is necessary for the purpose for which it is obtained.

Article 4: Legal Basis for Processing

We process your data under the following legal bases:

· Consent: Through application for membership forms, registration forms, consent declarations, and Global Consent Forms as required by the Award Foundation. Here, it is noteworthy that Application for Membership Forms are often reviewed by DYA. Once signed, consent is deemed to apply to all updated versions of the form.

· Contractual Necessity: For activities related to your participation in programmes or volunteering roles.

· Legal Obligation: Where required by Mauritian law or by our status as a registered Association (No. 17002).

· Legitimate Interests: Such as improving programme delivery or reporting non-sensitive statistics.

· Vital Interests: In emergency cases requiring medical assistance or safeguarding intervention.

Article 5: Use of Personal Information

Your data will be used to:

· Administer The Duke of Edinburgh’s International Award

· Support volunteer coordination and management

· Maintain member records and eligibility

· Provide updates, newsletters, and event invitations

· Ensure the safety of all participants

· Manage online platforms and digital engagement

· Fulfil legal and safeguarding obligations

· And as required by the Managing Committee and OLAC.

Article 6: Disclosure and Data Sharing

Your data will not be sold or shared for commercial gain. However, we may share your data with:

· The Award Office of the Ministry of Youth and Sports (where required)

· The Duke of Edinburgh’s International Award Foundation (as part of global data systems like ORB)

· Medical or emergency services in urgent cases

· Partner organisations where necessary, under signed agreements

· Law enforcement or regulators, when legally required

· Within the organisation as defined in the Bylaws.

All disclosures are governed by confidentiality principles set in Article 3.1.9 and 5.2(D) of our Bylaws.

Article 7: Retention and Deletion

Personal data will be retained only for as long as necessary for the purpose for which it was collected, in compliance with legal and archival obligations. Upon expiration of that period, it will be securely deleted or anonymised.

Article 8: Confidentiality & Secrecy

All members of DYA’s Managing Committee, staff, and volunteers are bound by confidentiality clauses (Bylaws 3.1.9) and may be required to sign a Non-Disclosure Agreement (NDA).

Any breach is considered a serious disciplinary matter.

Article 9: Data Security

DYA uses appropriate technical and organisational measures to protect your personal data, including:

· Encrypted cloud storage

· Password-protected digital systems

· Access control and editor-level permissions

· Secure document classification protocols

Digital activity, including website and social media use, is governed by our Bylaws and Brand Guidelines.

Article 10: Your Rights

You have the right to:

· Access the personal data we hold about you

· Request correction of your data

Requests should be submitted in writing to managingcommittee@disyouth.org.

As per Bylaws 2.2(C), participants and members consent that photographs/videos of them taken during DYA activities may be used by DYA and this consent may not be revoked.

Article 11: Communications and Email Disclaimer

All DYA emails are subject to this Privacy Policy. They may contain confidential or privileged content and are intended only for the addressed recipient. If you are not the intended recipient:

· Please notify the sender immediately

· Do not copy, share, or act on the email’s contents

· Delete the email and any attachments

DYA accepts no liability for any damage caused by the presence of viruses or malware and recommends all recipients take protective measures.