This document explains how we, the Community Foundation for Surrey, use data about living individuals.
- Why do we need your information?
We use personal data to help enable philanthropy in Surrey.
- Whose data do we collect?
We hold data on those who have given financial or other support to the Community Foundation, those who might do, and those who apply to the Community Foundation for Surrey grants, whether on behalf of an organisation or personally, as well as referees of grant applications.
- How we obtain your data
The majority of the information we hold about you has been provided directly to us by you.
In some cases we may collect data from someone else.
We also collect data from publicly available sources. Examples include information gathered from a news article or on-line media, including social media like LinkedIn or Twitter. We may also use publicly available directories and similar information such as Companies’ House.
- What data do we collect and why?
Grant Applicants and referees
We collect the information described below in order to solicit and process applications for grants from the Community Foundation. We hold data of both organisations and individuals who are employed/working on behalf of those organisations.
The purpose of holding this data is:
- For the purpose of our provision of (potential) grant funding to the individual concerned, or to the organisation which the individual represents
- Grant-making being our core charitable activity.
We collect the following classes of information from individuals applying for grants (usually on behalf of an organisation):
- Name(s) and address, email, phone number and other relevant contact details and preferences
- Purpose and details about an application for a grant
- Any other information needed for the assessment of a grant which may include financial, family, education and employment information
- Details about any grant which was made
- Information about our relationship with you, correspondence, meeting notes, attendance at events etc.
Sensitive Personal Information
Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, sexual orientation or religious beliefs.
For the purpose of grants made to individuals, we may sometimes receive sensitive personal information about the recipient.
We will only use this information:
- For the purposes of assessing processing the grant with our staff and panel members
- We will not pass on your details to anyone else without your express permission
Sensitive personal information will be treated with extra care and security, and will be deleted as soon as the processing of the grant has been completed.
Length of retention of your data (individual)
We will keep grant applicant data for 7 years from the last activity of the grant period (eg, once the grant is reported on and complete). After this time, unless we have had further correspondence from you indicating a desire to re-apply for funding, contact information and individual personal data will be deleted.
We collect the following classes of information from organisation applying for grants:
- Name of the organisation and key contact details
- Name and data of the person making the grant application and their contact information
- Details about the aims of the organisation
- Financial information, such as accounts submitted to the charity commission
- Purpose and details about the grant application
- Details of any subsequent grant made
Length of retention of your data (organisation)
We will keep basic information about the organisation applying for the grant, such as organisation name, amount awarded and purpose of the grant, on a permanent basis. If there is no further contact or activity involving the organisation after 7 years of the grant being completed, unless we have had further correspondence from you indicating a desire to re-apply for funding, contact information and individual personal data will be deleted.
We receive basic information about referees in order to process grants to individuals and organisations. The purpose of collecting this information is to contact referees to request a reference for the relevant person or group. The information we collect is:
- Name, address, email address and phone number of referee
- Organisation if applicable
- Relationship to applicant
Length of retention of your data (referees)
Relationships between the Foundation and our grant referees are usually ongoing, particularly in the case of grants to individuals, where referees will often continue to refer new individual beneficiaries to us on an ongoing basis. We will therefore hold this data for as long as the relationship exists, or until it is no longer needed.
- Protecting Your Data
We keep your data secure in our database with appropriate security mechanisms in place.
In principle we do not share your data with anyone else or any other organisation unless it is necessary for the purpose for which you have given us the data. Examples are given below:
- We will provide information to HMRC on Gift Aided donations since we have a legal obligation to provide this information.
- We will share information on grant applicants with grant panel members and donors. These are volunteers working with the Community Foundation. We will also publish data on grant recipients for groups/organisations (amounts/names/purpose) but we anonymise details for any individual grantees.
- We may share basic information on the attenders at an event or function or meeting with the host or other person who has a volunteer role in the Community Foundation.
- We may pass data to other organisations, known as Data Processors, to provide specific services to us. An example would be providing data to a mailing house in order to send a newsletter. A contract is always in place with a Data Processor, and they are not allowed to do anything with your data other than that which we have requested.
- Data outside of the EEA
Some of our suppliers run their operations outside of the European Economic Area (EEA). Although they may not be subject to the same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside of the EEA.
- Our responsibilities
The law requires us to tell you the basis on which we process your data.
- Some activities (for example sending marketing emails about Community Foundation for Surrey) require your consent.
- Other activities are carried out to fulfil a contract or agreement. Examples include holding funds which are subject to Fund Agreements or organising a ticketed event. Each requires us to know who you are and to process your information in order to do the thing you have asked us to do. If a contract is in place then we will process your data based on that contract.
- In all other cases the law allows us to process your data if it is in our legitimate interest to do so, but only so long as we need to and your “interests or your fundamental rights and freedoms are not overriding”. Practically speaking this means we carry out an exercise to check that we will not cause you harm by processing your data, that the processing is not overly intrusive and that we will only do so in a way which is described in this privacy notice.
- Your rights
The law requires us to tell you that you have a variety of rights about the way we process your data. These are as follows:
- Where our use of your data requires consent, you may withdraw this consent at any time.
- Where we rely on our legitimate interest to process data, you may ask us to stop doing so.
- You may request a copy of the data we hold about you.
- You may change or stop the way in which we communicate with you or process data about you, and if it is not required for the purpose you provided it, then we will do so. Activities like processing Gift Aid donations, or managing a Fund Agreement, may mean we can not entirely stop processing your data. We will always endeavour to comply with such a request, however.
- If you are not satisfied with the way we have processed your data then you can complain to the Office of the Information Commissioner.
- Contacting us
If you have any questions about this privacy notice, about the way in which we process your data, or if you wish to change the way we use your data, including how we communicate with you, then please contact us:
Joe Crome, Director of Philanthropy, Community Foundation for Surrey, Millmead House, Millmead, Guildford, GU2 4BB.
T: 01483 478092
For details of how cookies are used to understand the way our website is used please see www.cfsurrey.org.uk