Effective Date: July 1, 2025

Last Updated: June 30, 2025


1. INTRODUCTION

The YMCA of Greater Rochester is a charitable, cause-driven organization dedicated to strengthening our community and improving lives through Christian principles, impactful programs, and purposeful partnerships that serve and connect all. As part of our commitment to integrity and trust, we prioritize the responsible collection, use, and protection of personal identifying information and other personal data obtained during the recruitment process, in full compliance with applicable New York State and federal data protection and privacy laws. The objective of this policy is to provide employees and applicants with an overview of the YMCA’s privacy and data protection practices regarding job applicant personal information. 

By submitting your application for consideration, you acknowledge that the YMCA may collect and process your personal information in accordance with the terms of this Job Applicant Privacy Policy, and that you have reviewed and understand the terms outlined herein. 


2. SCOPE

This Job Applicant Privacy Policy (“Policy”) sets forth the privacy and data protection practices of the YMCA of Greater Rochester (collectively “YMCA,” “we,” “us,” “our”) with respect to the collection, use, and disclosure of personal identifying information and other personal data obtained from individuals applying for positions with the YMCA.

This Policy applies to all job applicants, including candidates seeking employment as full-time or part-time employees, independent contractors, consultants, temporary or seasonal workers, interns, and volunteers (collectively “you,” “your”). It applies regardless of the method by which the application is submitted, including but not limited to, applications made via our website, job boards, recruitment agencies, in-person, or direct email communications. 


3. TYPES OF PERSONAL INFORMATION WE COLLECT

When you apply for a job with us, we may collect certain information from and about you in order to evaluate and process your application. This information may include:

  •  Identification information: Full name, date of birth, photograph, nationality. 
  • Contact information: Email address, phone number,  physical address.
  • Employment and education history: CV/resume, qualifications,  references, certifications.
  • Recruitment information: Interview notes, assessments,  test results.
  • Legal and compliance data: Right to work documents, criminal background checks (if applicable and lawful).
  • Special categories of data: Only when necessary and permitted by law (e.g., health information for accommodations, diversity      data).

4. HOW WE USE YOUR DATA

The information that you submit during the job application process may be used for personal recruitment, management, and planning purposes. This includes: 

  • Assessing your qualifications for the position to which you applied, as well as for other current or future roles that align with your background and experience;
  • Communicating  with you regarding your application status, responses to your inquiries or requests, other job opportunities, or important updates and notices;
  • Conducting criminal history checks, background screenings, and verification of employment and references;
  • To comply with applicable laws and regulations; or
  • To improve our recruitment process (we will use aggregated and anonymized data only).

5. DATA SHARING AND DISCLOSURE

In the course of the recruitment process, your personal information may be shared with the following parties:

Internal Human Resources and Hiring Teams:

Your information may be accessed by authorized Human Resources personnel and relevant hiring managers or team members involved in the recruitment and selection process. This sharing is necessary to evaluate your qualifications and suitability for the position to which you have applied for, as well as for future roles that may match your profile. 

Third-Party Service Providers:

We may share your personal data with trusted third-party service providers who assist in administering the recruitment process. These third-party service providers may include recruitment platforms, background check agencies, and other entities engaged to support hiring and compliance efforts. All third-party providers are required to maintain appropriate security and confidentiality in handling your information. 

Government Authorities and Regulators:

We may disclose your personal data to government agencies, law enforcement bodies, or regulatory authorities if required to do so by law, court order, or other legal process. 


 

6. PERSONAL IDENTIFYING INFORMATION PROTECTION 

We are committed to maintaining the confidentiality and security of personal identifying information for our employees and job applicants. In accordance with New York Labor Law § 203-d, the following Section establishes restrictions on the use, access, and disclosure of personal identifying information to prevent unauthorized disclosure of sensitive personal data.

Definition of Personal Identifying Information:

For purposes of this Section, personal identifying information includes:

· Social security numbers;

· Home addresses and telephone numbers;

· Personal electronic mail addresses;

· Internet identification names or passwords;

· Surnames prior to marriage; and 

· Drivers’ license numbers. 

Prohibited Conduct:

Unless required by law or with written consent, the YMCA prohibits the following actions:

1. Publicly posting or displaying your social security number;

2. Visibly printing your social security number on any identification badge or card, including any time  card;

3. Placing your social security number in files with unrestricted access; or

4. Communicating any of your personal identifying information to the general public. 

Access to Personal Identifying Information:

Access to your personal identifying information is limited to individuals whose job responsibilities require such access. Employees with authorized access must handle all personal identifying information in a secure and confidential manner and must not share or disclose such information to others without prior authorization. 

Reporting Violations:

If you become aware of unauthorized access, disclosure, or misuse of any personal identifying information, you must report the incident to Human Resources immediately. The YMCA prohibits retaliation against any individual who reports a suspected violation in good faith. 

Compliance and Enforcement:

Violations of this Section may result in disciplinary action, up to and including termination of employment. 


 

7. PERSONAL SOCIAL MEDIA ACCOUNT PRIVACY

In accordance with New York Labor Law § 201-i, the YMCA is committed to respecting the privacy rights of all applicants and employees with regard to their personal social media accounts. This Section sets forth our position on access and disclosure of personal social media account information. 

Prohibited Conduct:

The YMCA shall not, as a condition of employment or during the course of employment, request, require, or coerce you to: 

1. Disclose a username, password, or other authentication information for accessing your personal social media account.

  1. Access your personal social media  account in the presence of the YMCA.
  2. Reproduce any photographs, videos, or information contained in the personal account when accessed in violation of the above prohibitions.

Definition of Personal Account:

“Personal account” means an account or profile on an electronic medium where users may create, share, and view user-generated content, including uploading or downloading videos or still photographs, blogs, video blogs, podcasts, instant messages, or internet website profiles or locations that is used by an employee or an applicant exclusively for personal purposes.

Exceptions:

Nothing in this Section shall prevent the YMCA from:

· Requesting or requiring you to disclose access information to an account provided by the YMCA where such an account is used for business purposes;

· Requesting or requiring you to disclose access information to an account known to the YMCA to be used for business purposes;

·  Requesting or requiring you to disclose access information to an account to comply with court orders and federal, state, and local laws. 

Public Information:

This Section does not prohibit or restrict the YMCA from viewing, accessing, or utilizing information about an employee or applicant that can be obtained without any required access information, that is available in the public domain, or for the purposes of obtaining reports of misconduct or investigating misconduct, photographs, video, messages, or other information that is voluntarily shared by an employee, client, or other third party that the employee subject to such report or investigation has voluntarily given access to contained within such employee's personal account.

Reporting Violations:

If you believe you have been asked to provide access to your personal social media account in violation of this Section, you are encouraged to report the incident immediately to Human Resources. The YMCA prohibits retaliation against any individual who reports a suspected violation in good faith. 

Compliance and Enforcement:

Violations of this Section may result in disciplinary action, up to and including termination of employment. 


8. DATA SECURITY

The YMCA uses appropriate administrative, technical, personnel, and physical measures to safeguard your personal information against loss, theft, and unauthorized use and disclosure. In addition, we exercise special precautions in dealing with personal identifying information as required by law. If you become aware of or have reason to believe that a security breach has occurred resulting in the exposure of confidential personal data, you must promptly notify Human Resources.


9. RECORD DISPOSAL AND DESTRUCTION 

In alignment with our commitment to maintaining confidentiality, the following Section outlines the required procedures for the secure disposal of records containing personal identifying information, in compliance with New York General Business Law §399-h. 

Scope:

This Section applies to all records maintained by the YMCA in paper, digital, or other formats that contain personal identifying information, such as:

  • Social Security numbers;
  • Driver's license numbers;
  • Non-driver identification card numbers;
  • Mother's maiden name;
  • Account numbers  or codes for:                                                       
    • financial services accounts;
    • savings accounts;
    • checking accounts;
    • debit cards; or
    • ATM accounts. 
  • Electronic serial numbers; or
  • Personal identification numbers, defined as any number or code that alone or combined with other information could be used to:                                                       
    • assume the identity of another person; or
    • access their financial resources or credit.

Destruction Requirements:

In accordance with New York law, when records containing personal identifying information are no longer needed for business, legal, or compliance purposes, the YMCA will ensure that such records are properly disposed of to prevent unauthorized access or use. Acceptable methods of destruction include:

1. Shredding the record before the disposal of the record;

2. Destroying the personal identifying information contained in the record;

3. Modifying the record to make the personal identifying information unreadable; or 

4. Taking actions consistent with commonly accepted industry practices that the YMCA reasonably believes will ensure that no unauthorized person will have access to the personal identifying information contained in the record.


10. DATA RETENTION

The YMCA is committed to maintaining employment records in accordance with federal law. Any personnel or employment record made or kept by the YMCA, including but not necessarily limited to, application forms submitted by applicants and other records having to do with hiring will be retained for a minimum of one (1) year from the date of making the record or the hire/no-hire decision, whichever is later. 


11. ACCURACY OF INFORMATION YOU PROVIDE

You are responsible for ensuring that all information provided to the YMCA is honest, truthful, accurate, and not misleading in any way. 


12. INTERNATIONAL TRANSFERS

If your data is transferred outside your country of residence, we ensure appropriate safeguards are in place in compliance with applicable data protection laws.


13. CONTACT US

If you have questions about this Policy or how your data is handled, please contact:

 

Deanna Rose
YMCA of Greater Rochester
 deanna.rose@rochesterymca.org