Privacy and Data Protection Policy


The Edward Gostling Foundation (“EGF”, “we” or “us”) takes the privacy of your information very seriously. Our privacy and data protection policy (“Privacy Policy”) is designed to tell you about our practices regarding the collection, use and disclosure of information that you may provide via our website, by post or telephone or in person.

By using our website or any services we offer, you are consenting to the collection, use, and disclosure of the information you provide in accordance with this Privacy Policy and you are agreeing to be bound by this Privacy Policy.

Ways that we collect information

We may collect and process the following personal data (information that can be uniquely identified with you) about you:

  • information required to access the services provided by us, including your name, job title, business address, e-mail address and telephone number;
  • information relating to any other applications for funding that you may have made;
  • information provided in connection with purchase orders you place with third party suppliers via email, by telephone or in person relating to your application. This may include copy invoicing and bank account details of third party suppliers;
  • bank account details of your charity in order that payment of any donations pledged can be made. We will not collect and do not require any details relating to your personal bank account, credit card or other payment methods;
  • records of any correspondence between you and us;
  • details of your visits to our website and the resources that you access;
  • information we may require from you when you report a problem with our website.
  • CCTV footage collected by the CCTV systems in places at our office premises at 61 Thames Street, Windsor, Berkshire, SL4 1QW.

You do not have to supply personal data to us but you may not be able to take advantage of all the services we offer without doing so.

We also collect online identifiers such as Internet Protocol (IP) addresses and cookies. These may be personal data if they can be used to identify you. An IP address is a number assigned to your computer by your Internet Service Provider (ISP) so you can access the internet. We use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to our website and to administer and improve the website.

Use and Disclosure

We will only collect and use your personal data if we are satisfied that it is fair and lawful.

We use your personal data in the following ways when we have a legitimate interest and your privacy rights do not override our interests. We use personal data in this way to:

  • ensure that the content of our website is presented in the most effective manner for you and for your computer, and customise our website to your preferences;
  • allow you to participate in features of our website and other services;
  • analyse how users are making use of our website and to assist in making general improvements to the website;
  • assess and process your application for grant funding;
  • provide funding to your charity (if relevant);
  • carry out and administer any obligations arising from any agreements entered into between you and us;
  • for internal marketing and research purposes;
  • to record and keep records of CCTV footage at our office premises in order to protect our employees, tenants and property.

We always ask for your consent for non-essential cookies (see the Cookies section below).

EGF does not carry out any direct marketing activities and we do not carry out automated decision making which has a legal effect or otherwise significantly affects you.

We do not disclose any information you provide to any third parties except:

  • where other organisations are part of the match funding in respect of your grant application;
  • where information is shared with our suppliers (for example, our lawyers, accountants or third party contractors who provide technical support);
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
  • where we need to share your personal information with a regulator, for example, making returns to HMRC or reports to the Charity Commission;
  • in order to enforce any terms of use that apply to our website, or to enforce any other terms and conditions or agreements for our services that may apply;
  • to protect the rights, property, or safety of EGF, our website’s users, or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
  • where you have given us consent to share the information with the specific third party; or
  • as part of a transfer of our assets to any third party, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, merger, reorganisation, change of legal form, dissolution or similar event (we will notify you in advance and take steps to ensure that your privacy rights will continue to be protected).

Retention of Data and Data Security

We retain information on applications from charity organisations for grant funding for a period of 6 years from when a decision on an application was made.

We ceased accepting applications from individuals in November 2018. It is our current policy to retain personal data relating to individual applications for a period of 3 years from when a decision on an application was made. After this time all personal data, whether in hard copy or in electronic form, in these records will be destroyed or anonymised.

CCTV footage is retained for a period of 30 days.

These retention periods may be extended or reduced if we deem it necessary, for example, to defend legal proceedings or if there is an on-going investigation relating to the information.

Hard copy data is securely stored on our premises or off site by a specialist storage provider. Electronic data is held on specialist software designed specifically for grant making organisations.

We take steps to protect personal data that you transmit from your computer to our website, and to protect such data from loss, misuse and unauthorised access, disclosure, alteration, or destruction. We use leading technologies to safeguard your data and operate strict security standards to prevent any unauthorised access to it.

We have in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.


When you use our website, we may collect some personal data from you with your consent. Our Cookies Policy has more information about how we use cookies on our website –

If you do not consent to cookies, this will not affect your access to the majority of information available on our website but you may not be able to make full use of our online services.

Web Statistics

We use log files generated by our web servers to analyse website usage and statistics. Log file analysis helps us to understand usage patterns on our website and to make improvements to our service.

Your rights

You have the right to:

  • Request access to your personal data (commonly known as a subject access request). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Ask us to correct personal data that we hold about you which is incorrect, incomplete or inaccurate.

In certain circumstances, you also have the right to:

  • Ask us to erase your personal data from our files and systems where there is no good reason for us continuing to hold it.
  • Object to us using your personal data to further our legitimate interests (or those of a third party).
  • Ask us to restrict or suspend the use of your personal data, for example, if you want us to establish its accuracy or our reasons for using it.
  • Ask us to transfer your personal data to another person or organisation.

If you have given your consent to us processing your personal information, you have the right to withdraw your consent at any time. To withdraw your consent, please contact Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely.

You also have rights in relation to automated decision making (including profiling), however, EGF does not carry out automated decision making which has a legal effect or otherwise significantly affects you.

If you want to exercise any of these rights, please contact

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We may also contact you to ask you for further information in relation to your request to speed up our response.

Other websites

Our website contains links and references to other websites. Please be aware that this Privacy Policy does not apply to those websites.

We cannot be responsible for the privacy policies and practices of websites that are not operated by us, even if you access them via a website that is operated by us. We recommend that you check the policy of each website you visit and contact its owner or operator if you have any concerns or questions.

In addition, if you came to our website via a third-party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party website and recommend that you check the policy of that third party website and contact its owner or operator if you have any concerns or questions.

Transferring your information outside of the UK

As part of the services offered to you through our website, the personal data you provide to us may be transferred to, and stored at, countries outside of the UK which may not have similar data protection laws. By  way of example, this may happen if any of our servers are from time to time located in a country outside of the UK or one of our service providers is located in a country outside of the UK. We may also share information with regulatory or equivalent national bodies located in countries worldwide.

If we transfer your information outside the UK in this way, and the country in question has not been deemed to have adequate data protection laws, we will put in place appropriate safeguards and take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this privacy policy. If you would like more information about the safeguards we put in place, please contact

If you use our website while you are outside the UK, your information will be transferred outside the UK in order to provide you with those services.

By submitting your personal data to us you agree to the transfer, storing or processing of your information outside the UK in the manner described above.

Notification of changes to our Privacy Policy

We will post details of any changes to our Privacy Policy on our website to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties.

Contact us

If at any time you would like to contact us with your views about our privacy practices or with any enquiry relating to your personal information, you can do so by way emailing us at

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues – complaint/.

June 2021