Privacy Notice

Data Protection Act 2018/General Data Protection Regulation 2018 (GDPR)  

  1. General principles

This small organisation has always taken data protection seriously and has never shared applicants’ personal data with other organisations or individuals (except with the prior permission/knowledge of the applicant).  The former relevant legislation was the Data Protection Act 1998.  This was replaced in May 2018 by the introduction of the General Data Protection Regulation (GDPR), which has been implemented in the Data Protection Act 2018 (the Act).   

The Act/GDPR includes the following principles as to data protection: 

  1. Personal data shall be:  
  1. i) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  2. ii) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

iii) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);accurate and, where necessary,  

iii) kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’); 

  1. How the Foundation uses personal information

As a grant-making charity we need to ask applicants for a certain amount of personal information so that we can consider applications in an informed manner.  All applicants are asked to provide equivalent details which enable the trustees to pursue a ‘level playing field’ policy in their consideration of the various applicants and to treat everybody with fairness and respect.  Paper, electronic and scanned documents are made available to the trustees by the clerk but never shown to anyone else, unless there is good reason and then only with the prior permission of the applicant.  An example might be contact with an academic referee.  When a grant is approved, the applicant’s details are kept on file for a reasonable period during which repeat applications might possibly be made – for example, for the duration of a further education course, apprenticeship or degree course.  Information is kept safely in paper files and on a secure personal computer. 

It is necessary to retain some information for archive purposes.  This particularly relates to Minutes of meetings, which form important archive material and should be retained by the charity indefinitely.  However, the Minutes usually make minimal references to applicants’ personal information and record little more than the name and the decision about a grant.  Applicants’ and beneficiaries’ personal names are not included in the Foundation’s annual report and accounts, which are in the public domain via the Charity Commission Register. 

By completing an application form (or the equivalent in a letter or email) and sending relevant documentation, the applicant is giving permission for the Foundation to handle the information in an appropriate way.  In the case of a child, the parent or guardian, by submitting the application, is giving that permission.  There has to be a degree of trust, and both sides are expected to act in good faith.  For the purposes of the Act, a child is deemed to be under the age of 13 for giving consent (ie young people aged 13 and over can give consent in relation to data).  The Foundation respects the desire of all families to support and protect young people. 

  1. Access to information

The Foundation has always been open to requests from applicants for access to their own processed data and this has not changed.  Under the Act, information must generally be provided to bona fide applicants without charge and within a month.  Applicants also have the right to have inaccurate processed data corrected.  It should be noted that we do not operate from office premises and do not exchange personal data with other organisations, individuals or databases.   

  1. Further information about data protection

There is a good deal of information available on the internet but little of it relates specifically to small grant-making trusts.  The law applies to all organisations but there is a higher level of risk with large charities and organisations which carry out fundraising (which the Foundation does not) and/or which maintain databases of members or donors.  The best, most reliable, source of information is the website of the Information Commissioner’s Office (ICO).