Privacy and Data Protection Policy
Ways that we collect information
We may collect and process the following personal data (information that can be uniquely identified with you) about you:
- Certain information required to access the services provided by us, including your name, job title, business address, e-mail address and telephone number;
- Information relating to any other applications for funding that you may have made;
- Information provided in connection with purchase orders you place with third party suppliers via email, by telephone or in person relating to your application. This may include copy invoicing and bank account details of third party suppliers;
- Bank account details of your charity in order that payment of any donations pledged can be made. We will not collect and do not require any details relating to your personal bank account, credit card or other payment methods;
- A record of any correspondence between you and us;
- Details of your visits to our website and the resources that you access;
- Information we may require from you when you report a problem with our website.
We only collect such information when you choose to supply it to us. You do not have to supply any personal information to us but you may not be able to take advantage of all the services we offer without doing so.
Information is also gathered without you actively providing it, through the use of various technologies and methods such as Internet Protocol (IP) addresses and cookies. These methods do not collect or store personal information.
An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the internet. It is generally considered to be non-personally identifiable information, because in most cases an IP address can only be traced back to your ISP or the large company or organisation that provides your internet access (such as your employer if you are at work).
We use your IP address to diagnose problems with our server, report aggregate information and determine the fastest route for your computer to use in connecting to our website and to administer and improve the website.
Use and Disclosure
We will only collect and use your personal information if we are satisfied that we have a legitimate interest to do so for the purposes of your application and, if relevant, to provide funding to your charity.
We may use this information to:
- assess and process your application for a grant;
- ensure that the content of our website is presented in the most effective manner for you and for your computer and customise our website to your preferences;
- assist in making general improvements to our website;
- carry out and administer any obligations arising from any agreements entered into between you and us;
- allow you to participate in features of our website and other services;
- analyse how users are making use of our website and for internal marketing and research purposes.
EGF does not carry out any direct marketing activities and we do not carry out automated decision making which has a legal effect or otherwise significantly affects you.
We do not disclose any information you provide to any third parties except:
- where other organisations are part of the match funding in respect of your application;
- where information is shared with our suppliers (for example, our lawyers, accountants or third party contractors who provide technical support);
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
- where we need to share your personal information with a regulator, for example, making returns to HMRC or reports to the Charity Commission;
- to protect the rights, property, or safety of The Edward Gostling Foundation, our website’s users, or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
- where you have given us consent to share the information with the specific third party; or
- as part of a sale of some or all of our business and assets to any third party, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, sale, merger, reorganisation, change of legal form, dissolution or similar event (we will always notify you in advance and we will aim to ensure that your privacy rights will continue to be protected).
Retention of Data
We retain information on charity applications indefinitely.
Please not that we ceased accepting applications from individuals in November 2018. It is our current policy to retain personal data relating to individual applications for a period of 3 years from when a decision on an application is made. After this time all personal data, whether in hard copy or in electronic form, will be destroyed.
This retention period may be extended or reduced if we deem it necessary, for example, to defend legal proceedings or if there is an on-going investigation relating to the information.
Hard copy data is securely stored on our premises or off site by a specialist storage provider.
Electronic data is held on specialist software designed specifically for grant making organisations.
We take all appropriate steps to protect your personally identifiable information as you transmit your information from your computer to our website and to protect such information for loss, misuse and unauthorised access, disclosure, alteration, or destruction. We use leading technologies to safeguard your data and operate strict security standards to prevent any unauthorised access to it.
We have in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
A cookie is a piece of data stored locally on your computer and contains information about your activities on the internet. The information in a cookie does not contain any personally identifiable information you submit to our website.
Once you close your browser, our access to the cookie terminates. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer. To change your browser settings you should go to your advanced preferences.
If you choose not to accept the cookies, this will not affect your access to the majority of information available on our website. You will not however be able to make full use of our online services.
We use log files generated by our web servers to analyse website usage and statistics but the files do not identify any personal information. Log file analysis helps us to understand usage patterns on our website and to make improvements to our service.
Under certain circumstances, by law, you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). Any access request can be made free of charge providing you with the details of the information we hold about you. If requested, we will provide this information within one month.
- Ask us to correct personal information that we hold about you which is incorrect, incomplete or inaccurate. We will take all reasonable steps in accordance with our legal obligations to update or correct personally identifiable information in our possession that you submit via this website.
- Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it.
- Object to us using your personal information to further our legitimate interests (or those of a third party).
- Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it.
- Ask us to transfer your personal information to another person or organisation.
If you want to exercise any of these rights, please contact email@example.com
If you have given your consent to us processing your personal information, you have the right to withdraw your consent at any time. To withdraw your consent, please contact firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely.
You also have rights in relation to automated decision making (including profiling), however, EGF does not carry out automated decision making which has a legal effect or otherwise significantly affects you.
We cannot be responsible for the privacy policies and practices of websites that are not operated by us, even if you access them via the website that is operated by us. We recommend that you check the policy of each website you visit and contact its owner or operator if you have any concerns or questions.
In addition, if you came to our website via a third-party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party website and recommend that you check the policy of that third party website and contact its owner or operator if you have any concerns or questions.
Transferring your information outside of Europe
If you use our website while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
By submitting your personal information to us you agree to the transfer, storing or processing of your information outside the EU in the manner described above.
Having worked with our suppliers, we believe we are fully compliant with GDPR and Data Protection legislation in relation to international transfers of personal data. If you would like more information about the safeguards we put in place, please contact email@example.com
If at any time you would like to contact us with your views about our privacy practices or with any enquiry relating to your personal information, you can do so by way emailing us at firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissoiner's Offce (ICO), the UK supervisory authority for data protection issues - https://ico.org.uk/make-a-complaint/