Policies

PRIVACY STATEMENT

Introduction

New legislation concerning Data Protection, The General Data Protection Regulation (GDPR), was introduced with effect from 25th May 2018, and was intended to strengthen and unify data protection for all individuals and to give them control over their personal data.

Whenever personal data is processed, collected, recorded, stored or disposed of it must be done within the terms of the GDPR. The GDPR and other information rights laws set out individual’s rights regarding their personal information.

Policy statement`

The Trusts are committed to a policy of protecting the rights and privacy of its grant applicants as well as its own Trustees or employees, and any third parties who come into contact with the Trust, in accordance with the GDPR.

What we collect

We may collect any or all of the following information:

  • Name and title
  • Contact information
    • Postal address
    • Telephone and/or email address
  • Bank account details
  • Employment details
  • Electronic copies of information between individuals and The Trusts
  • References for individual applications, these may include medical information
  • ID for individuals, such as a photo of a passport, is optional.

Purpose of data held by The Trusts

Data may be held by The Trusts for any of the following purposes:

  • Consideration of grant applications
  • Communications by The Trusts to and from grant applicants, Trustees and employees, or with any other individuals, including, eg suppliers, contractors, lawyers or accountants
  • Internal electronic record keeping
  • Data bank administration

Data Protection Principles

In terms of the GDPR, The Trusts are the ‘Data Controller’, and as such determines the purpose for which, and the manner in which, any personal data is, or is to be, processed. We will ensure that we have: –

1 Fairly and lawfully processed personal data

We will always identify ourselves in any communications with grant applicants, or any other individuals.

2 Processed for limited purpose

We will not use data for a purpose other than those set out above.

3 Adequate, relevant and not excessive

The Trusts will monitor the data held for our purposes, ensuring we hold neither too much nor too little data in respect of the individuals about whom the data is held. If data given or obtained is excessive for such purpose, it will be immediately deleted or destroyed.

4 Accurate and up-to-date

We will hold electronic data including spreadsheets, minutes and lists for grant administration purposes indefinitely. All amendments will be made immediately and data no longer required will be deleted or destroyed. The same will apply to employee records.

5 Processed in accordance with the individual’s rights

Upon request to the Data Officer, all grant applicants or other individuals have the right to the removal and/or correction of any (inaccurate) data about them.

6 Security

The ongoing administration of data is the responsibility of the Data Processor, Cathy Houghton, enquiries@gibbonstrusts.org, The Trusts’ General Data Protection will be the responsibility of a named Data Officer, Simon Barnett.

Trustees and staff work remotely and no paper copies are kept of any applications or associated paperwork. A grant database is maintained by the Trust Manager, and accessed by all Trustees. This, along with the Trusts’ emails, are backed up continuously, securely and remotely.

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of data.  Any breaches of data would be reported to the relevant authorities, and to the individuals or organisations concerned.

7 Not shared with or given to any other organisation

Data will only be used for the Trusts’ business and communication with grant applicants or employees. The IT support company has access to data only for the purpose of ensuring that data is secure.   Data will not be shared with any other organisation, unless required to do so by law or by a regulatory body.

COMPLAINTS POLICY

To access our complaints policy click here: Complaints Policy