Our Privacy and Data Protection Statement
Last Updated: Tuesday, 6 November 2018
By sharing information with The Society Foundation, you are placing us in a position of trust. This is a responsibility we take very seriously. Any personal data you submit will be treated with discretion. Protecting your personal data is of the upmost importance to The Society Foundation.
All personal data obtained by The Society Foundation is held and processed in accordance with UK data protection legislation. By submitting your personal data to us, you consent to The Society Foundation processing your data in accordance with those principles.
The Society Foundation has a comprehensive Data Protection Policy, which explains how we collect, use, disclose, protect and dispose of the personal data we obtain. The policy is regularly reviewed in order to ensure that we always follow best practice standards.
Your privacy is important to us. This privacy statement explains what personal data we collect from you and how we use it. We encourage you to read the summaries below if you'd like more information on a particular topic.
What personal data do we collect?
In order to operate, The Society Foundation has to collect and process data on organisations that apply to The Society Foundation for funding, or make enquiries to us about funding, and on any of the people within those organisations that they nominate as a point of contact.
You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that we deem necessary, then you may not be able to be considered for funding from The Society Foundation.
The data we collect on individuals is limited to:
- job title;
- email address;
- phone number.
However we may also collect the following information about the organisations themselves:
- organisation name;
- charity number (if applicable);
- postal address;
- web address;
- types of beneficiary;
- details of the grant funding being sought;
- reserves policy;
- annual accounts;
- governing document.
Why would we share your personal data?
We would only share personal data under rare circumstances with vendors or agents we've hired to secure our systems or provide support services to us. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction such as a merger with another charity.
Finally, we will access, transfer, disclose and preserve personal data when we have a good faith belief that doing so is necessary to:
- comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
- prevent spam or attempts to defraud a third party;
- help prevent the loss of life or serious injury of anyone;
- prevent or stop an attack on our computer systems or networks; or
- protect the contractual rights of The Society Foundation.
What is our lawful basis for processing your data?
We have undertaken a careful assessment of our data processing activities, relying on the definitions provided in the General Data Protection Regulation (GDPR) and have determined that our lawful basis is Legitimate Interests (whereby personal data may be processed on the basis that the controller has a legitimate interest in processing those data, provided that such legitimate interest is not overridden by the rights or freedoms of the affected data subjects). This determination is underpinned by a Legitimate Interests Assessment, based on guidance provided by the Data Protection Network. In summary our rationale is:
- that the data subjects would have a reasonable expectation that we will process their data in this way;
- that we believe our interests and those of the data subjects are broadly aligned;
- that the impact of our data processing is highly unlikely to be of any detriment to the data subjects;
- that appropriate safeguards and compensating controls have been put in place;
- that we make it clear at every stage, through this Data Protection and Privacy Statement, the rights that the data subjects have.
We believe we have fully considered the necessity and purpose of our processing activities, and that we have given appropriate and serious consideration to the privacy rights of the individuals we interact with.
If the scope or nature of our processing operation changes then this rationale will be immediately reviewed.
How can you review and control your personal data?
You can request that we show you what data we hold about you, update your data, or delete your data. In order to make a request of this nature, please email firstname.lastname@example.org or your established Society Foundation contact.
What are your data rights?
You have the following rights:
- to request confirmation that your data is held by, and being processed by, us;
- to have access to any personal data we hold about you;
- to request that we rectify or update your personal data;
- to object to the processing of your personal data;
- to withdraw your consent;
- to lodge a complaint with a data protection authority;
- to request that we delete whatever data we hold about you (your ‘right of erasure’ or ‘right to be forgotten’);
- the right to data portability; and
- rights in relation to automated decision making and profiling.
As applicable under French law, you can also send us specific instructions regarding the use of your personal data after your death.
How secure is your personal data?
The Society Foundation is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit highly confidential data (such as multiple candidate CVs) over the Internet, we protect them with passwords. All our computers have authorised and current anti-virus protection software. No unauthorised software can be installed on our system. Our system is regularly backed up, and these backups are encrypted.
How long will we retain your personal data?
Absent of a request by an individual to have their data deleted, we hold data on all our contacts for a period of time, since we believe people we have previously interacted with will have a reasonable expectation that we remember them and the nature of their previous interactions with us:
- data on people/organisations who have made enquiries about funding, but not actually applied, will be held for a maximum of two years following their last contact with the charity;
- data on people/organisations who have actually applied for funding from the charity, but not been successful, will be held for a maximum of four years following their most recent application;
- data on people/organisations who have successfully applied for funding from the charity will be held for a maximum of six years following their most recent successful application.
What happens if we change this privacy statement?
We will update this privacy statement when necessary to reflect feedback and changes in legislation/regulations. When we make changes to this statement, we will revise the "last updated" date at the top of the statement. We encourage you to periodically review this privacy statement to learn how The Society Foundation is protecting your information.
How can you contact us?
If you have a privacy concern or a question, please contact us. We will respond to questions or concerns within 30 days. You can email us on DataProtection@society-foundation.org. Our main postal address is The Society Foundation, Ariel House, 74a Charlotte Street, London, W1T 4QJ, United Kingdom.