For the purposes of the Data Protection Act 1998, the Data Protection Act 2018, and under the General Data Protection Regulations 2018 (GDPR), the data controller is the Hackney Parochial Charities, South Hackney Parochial Charity, West Hackney Parochial Charity, and Hackney Joint Estate Charity.
If you have any questions relating to this Policy, please contact the Administrator by post at the Hackney Parochial Charities, 6 Trull Farm Buildings, Tetbury, Gloucestershire, GL8 8SQ.
When you contact us by email or through the website
Please remember that email is not a secure way of communication and should not be used to communicate anything confidential.
When you email us or contact us via the website, your name, contact number and email address, as well as your message, are relayed between different servers, where log files may be kept. This includes your own email provider. The contact you make with us is downloaded and stored on an encrypted computer held by our webhosts: Salesforce, a UK-registered company.
What is Personal Data?
Personal data means any information relating to an individual who can be identified, either directly or indirectly from that data (“Personal Data”).
Why we hold your Personal Data
Your information is held for the purpose of processing your grant application/s and communicating with you and occasional internal reviews carried out within the Charities. We use it to deal with your enquiries; provide grants; enabling our suppliers and service providers to carry out certain functions on our behalf (including payment processing, verification and technical functions); developing and improving our offering; and to comply with applicable law.
If you wish to contact us about the information you provided to us please do so via e-mail [email protected] . We do not send out newsletters or marketing information and we do not use third party email communication providers. We do not sell, rent, or loan Personal Data to anyone.
What Personal Data we collect from you
We will collect and process your Personal Data for the purposes set out in this Policy, including but not limited to, your:
- Contact data: name; address; email address; contact telephone number;
- Financial data: funding details; previous year’s financial information; income; expenditure; bank details;
- Previous Applications: details of any previous grant applications and their dates, which may include the Personal Data included within the same; and
- Other Personal Data: any other details, which you provide to us in communications or on making an application.
Lawful grounds for processing your Personal Data
To process the Personal Data that you provide us with, lawfully, we need to rely on one or more of the legal grounds to process your Personal Data. The grounds that we may rely on to process your Personal Data include:
- Your express consent.
- Our legitimate interests as a charity, unless this conflicts with your own personal interest or fundamental rights.
- Our compliance with our legal obligations to which we are subject.
- We will need to process your Personal Data as a grant applicant, in order to fulfil our contractual obligation.
When you make an application to us
The Charities receive grant applications via online forms built using software owned by Formstack. Formstack’s software complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.
All Personal Data is securely stored in our Salesforce cloud-based grants management database. Salesforce has robust security measures in place that meet the highest standards in the industry. Salesforce gives an undertaking that it will not review, share, distribute, or reference any of its customer’s data, unless it is required to do so by law.
The Charities secure your Personal Data from unauthorised access, use or disclosure by using servers operating in a controlled, secure environment, protected from unauthorised access, use or disclosure. When Personal Data is transmitted, it is protected by using encryption such as the Secure Socket Layer (SSL) protocol.
Disclosure of your Personal Data
There are circumstances where we may wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above.
The only other companies or organisations that may occasionally have access to the Charities database which holds your Personal Data are Jireh Solutions www.jirehsolutions.co.uk , who look after our systems and The Trust Partnership who manage our website: www.thetrustpartnership.com.
The Charities’ Trustees, The Trust Partnership and Trust Accounting also have access to this information, which consists of your name and contact details, as well as bank transfer information.
Formstack data remains private and the responsibility of the individual or organisation creating the form; and Formstack give their assurance that they will never view, access, sell, or distribute it to a third party. If you have additional questions about Formstack’s privacy policies, please contact them directly at [email protected]
International Transfer of Personal Data
It is possible that we may have to transfer your Personal Data to a third party in a country outside of the UK (including outside of the European Economic Area (EEA)) for further processing, in accordance with the purposes set out in this Policy. In such circumstances, we will ensure that your privacy rights are properly safeguarded by appropriate technical, organisational, contractual or other lawful means, as is required by us under applicable data protection laws. Please contact us using the contact information set out above if you would like more information about the safeguards that we have in place.
How long is your data kept?
We keep Personal Data for as long as we need it to provide you with our services and/or as long as we have your consent and/or until you tell us to delete it. The Charities may be required to retain certain types of Personal Data, in order to comply with applicable laws.
We may keep an anonymised form of your personal information, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
Personal Data contained in successful grant applications will be kept for up to three years, after which it will be deleted. Personal Data contained in unsuccessful grant applications will be kept for one year, after which it will be deleted. There may be circumstances where we may have to retain Personal Data for a longer period of time, which may include for the purposes of ensuring grant payments and monitoring applications made by individuals following a successful grant application.
The GDPR provides the following rights for individuals
1. The right to be informed – you have the right to be informed about the collection and use of your Personal Data.
2. The right of access – you may have the right to request copies of the Personal Data that we hold about you. Such a request should be made using the contact details set out above.
3. The right to rectification – you may send a request to have any incorrect Personal Data we have about you, rectified and brought up to date.
4. The right to erase – you may request to have the Personal Data we hold about you erased, to which we will comply unless there is a legal obligation that prevents us from erasing your Personal Data.
5. The right to restrict processing – you may have the right to restrict the activities for which we process your Personal Data, in which case we will only process Personal Data for the purposes that we have obtained your consent.
6. The right to data portability – when receiving Personal Data from us, you shall receive this in a structured and machine-readable format, which can be passed to another Data Controller should you choose to do so.
7. The right to object – you may have the right to object to us further processing your Personal Data.
8. The right to withdraw consent – you have the right to withdraw consent to the processing of your Personal Data at any time. Withdrawal of consent will not affect the lawfulness of processing based on previous consent that you have provided. Kindly note that withdrawal of consent may prevent you from benefitting from the Charities and what we offer.
9. Rights in relation to automated decision making and profiling – you may have the right to be prevented from being subject of automated decision-making
10. You also have the right to complain to the Information Commissioner’s Office – if you have any complaints or concerns about the way in which your Personal data is processed, please contact us first. However, you do have the right to contact the relevant supervisory authority directly, authority, which in the UK is the Information Commissioner’s Office.
What exactly are cookies?
A cookie is a small file that a website or its service provider transfers to your computer’s hard drive, mobile phone or other device, through your web browser (if you agree) that enables the websites or service providers systems to recognize your browser and capture and remember certain information.
You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not. Alternatively, you can choose to turn off all cookies via your browser settings. However, some of the services and features offered through our website may not function properly if your cookies are disabled.
Cookies can be first party or third party cookies.
- First party cookies – cookies that the website you are visiting places on your computer.
- Third party cookies – cookies placed on your computer through the website but by third parties, such as, Google.
What cookies are used on our website?
We use the following cookies on our website:
Strictly necessary cookies
- These cookies are essential in order to enable you to move around our website and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for cannot be provided. These cookies are first party cookies. They are deleted when you close the browser.
- These cookies collect information in an anonymous form about how visitors use our website. They allow us to recognise and count the number of visitors and to see how visitors move around the website when they are using it as well as the approximate regions that they are visiting from. These are first party cookies.
- These cookies allow the website to remember choices you make (for example, choice of language or region) and provide enhanced, more personal features when you return to our website. These are first party cookies.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our website. For more information please visit www.allaboutcookies.org and http://www.youronlinechoices.com/uk/.
The Charities are not responsible for the privacy policies and/or the practices associated with other websites that you may have accessed from the Charities’ website. We recommend that you check the privacy policies of these websites to find out how they protect your privacy rights. If you have any concerns, you should contact the owner or the operator of that website.
Third Party Supporting Organisations and other Third Parties
Where you submit information on behalf of another individual, you must ensure that you make that individual aware of how we collect, process and disclose their Personal Data, the reason behind your provision of the Personal Data, how the individual may contact the Charities, the terms contained within this Policy and that they have consented to such collection, processing and disclosure.
Compliance with Privacy Laws
The Charities are dedicated to compliance with data protection and privacy laws to which it is subject, and to any developments of these laws, which may arise from time to time.
Changes to this Policy
The Charities may occasionally update this Policy to reflect regulatory and customer feedback. Your periodic review is actively encouraged so that you remain informed as to how we are processing and protecting your data.