Protecting your privacy

Our privacy statement

We’re committed to protecting your privacy. This privacy statement explains how we collect, process and protect any information you give us.

This information will be protected by our Data Protection Policy. This includes data that could identify you.

Whose data we collect

We collect and hold data on people who:

  • have given financial or other support to us or might do in the future
  • apply for funding personally or on behalf of an organisation
  • apply for a job, volunteering roles and trusteeships
  • are suppliers or potential suppliers.

We hold data for an appropriate length of time, as outlined in the section below ‘how long we keep your data’/

How we obtain your data

Most of the information we hold is provided by you.

Sometimes, we may collect data from someone else. For example, one of our supporters might suggest your name to us as someone who may be interested in learning more about our work or supporting us. We also collect data through the online donation platforms we use.

We collect data from publicly available sources. Examples include information from a news article or online media, or publicly available information from social media channels like LinkedIn or Facebook. We may also use publicly available sources like Companies House or the Charity Commission.

What we do with your data and why

Our supporters and volunteers

The core purpose of our data processing is to:

  • build financial and volunteer support through fundraising and marketing activities
  • send relevant communications to you about us and our work.
  • administer donations (including, but not limited to, funds subject to Fund Agreements), including claiming Gift Aid on your behalf
  • promote our aims and objectives through other activities.

We may use data we get from sources other than you to:

  • check your contact details are up to date
  • plan our fundraising, which may include using publicly available information to make a judgement about your ability to donate
  • ensure we carry out appropriate checks on donations in line with legal and regulatory responsibilities. Find out more about Acceptance and Refusal of Donations.

We collect the following kind of information:

  • Name(s) and address, email, phone number and other relevant contact details and preferences
  • Occupation, skills and professional activity and connections to other organisations
  • Financial information and interest in philanthropy
  • Information relating to links and connections with and in Somerset
  • Records of donations to SCF including assets used to make donations and Gift Aid status
  • Records of volunteering for us
  • Information about our relationship with you and how we met you
  • Records of your interactions with us, such as attending events and receiving our e-newsletter
  • Information necessary for us to manage funds you have established or supported, including information on successor advisors
  • Information about your relationship to other supporters (spouse, children, friends).
Information on beneficiaries

We collect this information to ask for and process applications for SCF’s funding programmes. Some of the information may also be processed in the ways described above. This is because many of the people involved with groups we support also support us in some way.

We collect the following kinds of information:

  • Name(s) and address, email, phone number and other relevant contact details and preferences
  • Purpose and details about an application for a grant
  • Any other information needed for the assessment of a grant which may include financial, family, education and employment information
  • Details about any grant which was made by us
  • Information about our relationship with you, correspondence, meeting notes, attendance at events and more.

How long we keep your data 

We will hold:

  • successful grant applicants’ data for 7 years from the date we received the last grant application. That’s unless we’re contractually obliged to keep the data for longer. 
  • unsuccessful grant applicants’ data for 3 years from the date we received the last grant application. That’s unless we’re contractually obliged to keep the data for longer. 
  • donors’ data for 7 years from the date we received the last donation. Data relating to donors who have given a one-off gift over £10,000, or £30,000 over five years, will be retained for longer – possibly indefinitely in light of their significant relationship with us.  
  • data of anyone engaged with the Foundation for as long as our relationship with them is active, and within reason. This includes people who donate to us, attend events or get our newsletter.

Protecting your data

We keep your data secure in our cloud-based database with appropriate security mechanisms in place.

In principle we don’t share your data with anyone else or any other organisation unless it’s necessary for the purpose for which you have given us the data.

Examples include:

  • We have a legal obligation to provide information to His Majesty’s Revenue and Customs (HMRC) on Gift Aided donations.
  • We’ll share information on grant applications with grant panel members and possibly donors, this can include personal data.
  • We’ll share information on grant applications made to charitable trusts managed by SCF with their trustees, including personal contact details. 
  • We’ll publish data online about grants to groups/organisations (including amounts/names/purpose). We anonymise details for individual grantees.
  • We may share basic information on who attends an event with the host – particularly at a private dinner party or reception.
  • We may share personal information about donors who’ve contributed to our Named Funds so the Fundholders can thank donors personally. These include Elliot’s Touch, Mary’s Beat and Rebecca’s Hope.
  • We may pass data to other organisations (called Data Processors) to provide specific services to us. For example, providing data to a mailing house to send an Annual Report or general fundraising letter. We always have contracts with Data Processors. They’re not allowed to do anything with your data other than what we request. We only use Data Processors that are ISO 27001 certified for security management.

Some of our suppliers run their operations outside of the European Economic Area (EEA). They may not have to follow the same data protection laws as companies based in the UK. However, we’ll take steps to make sure they provide an adequate level of protection according to UK data protection law, as outlined in our Data Protection Policy. By providing your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.

Our responsibilities

The law requires us to tell you the basis on which we process your data.

Some activities require your consent. This includes sending you emails which promote our interests. If the law requires your consent to process data in a certain way, we’ll get it before carrying out that activity.

Other activities are carried out to fulfil a contract or agreement. Examples include holding funds subject to Fund Agreements or organising a ticketed event. Each requires us to know who you are and to process your information to do what you’ve asked us to. If a contract is in place, we will process your data based on that contract.

In all other cases the law allows us to process your data and contact you by if it is in our legitimate interest to do so. But only so long as we need to and your “interests or your fundamental rights and freedoms are not overriding”.

This means we ’ll check:

  • we’re not causing you harm by processing your data
  • that the processing is not overly intrusive
  • that we will only do so in a way described in this privacy notice.

We’ll keep data for as long as is needed to complete the task for which it was collected. Relationships between donors, grantees and the Foundation are often long term. So we expect to keep your data for as long as that relationship exists, or until we no longer need it.

Your rights

The law requires us to tell you that you have a variety of rights about the way we process your data:

  • Where our use of your data requires consent, you may withdraw this consent at any time.
  • Where we rely on our legitimate interest to process data, you may ask us to stop doing so.
  • Where you have not given us your personal information directly, you may request to be told the source of the information.
  • You may request to have inaccurate information amended or destroyed.
  • You may request a copy of the data we hold about you. This might mean paying a small fee.
  • You may change or stop the way in which we communicate with you or process data about you. Activities like processing Gift Aid donations, or managing Fund on your behalf, may mean we cannot entirely stop processing your data. We will always try to comply with your request.
  • If you are not satisfied with the way we have processed your data, then you can complain to the Office of the Information Commissioner.
  • You can ask us to remove you from our database at any time by contacting us.

Controlling your personal information

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

Have a question?

If you have any questions about privacy please contact us.

 

Back
Back
Back
Back