How We Handle Your Data - The Grant Applicant Privacy Notice
THE ANTHONY AND GWENDOLINE WYLDE MEMORIAL CHARITY
(registered charity number: 700239)
Grant Applicant Privacy Notice
This privacy notice concerns our processing of personal information of applicants for grant funding (whether individuals or organisations) and grantees.
We, as data controller, respect your privacy and we are committed to protecting your personal information. As a grant applicant or grantee, this privacy notice will inform you how we look after your personal information when we administer grants and when we receive and consider applications for grants.
We keep our privacy notice under regular review. This version was last updated on 4 May 2022.
About us
The Charity makes grants to and for the benefit of individuals and charitable organisations residing in the WV5, DY3, DY6, DY7, DY8, DY9, DY10 and DY11 postcodes.
The Trustees are prepared to receive a wide range of requests, provided that the applicant can show the benefits that would be derived from a grant, and that other sources of funding are not available.
How will we collect your personal information?
Personal information means any information about an individual from which that person can be identified.
We require personal information from grant applicants and grantees in order to comply with our legal and regulatory obligations, to manage the grant process and carry out our charitable aims.
We will comply with data protection law which means that when we hold personal information about you it must be:
• used lawfully, fairly and in a transparent way;
• collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
• relevant to the purposes we have told you about and limited only to those purposes;
• accurate and kept up to date;
• kept only as long as necessary for the purposes we have told you about; and
• kept securely.
When you apply for a grant, we will collect personal information from you during the grant application process and that information will usually be provided by you directly. You may provide personal information to us when you complete application forms and when you correspond with us by post, phone, email or otherwise.
If you are an organisation applying for a grant, most of the personal information we collect will be received from the point of contact at your organisation who is responsible for the grant/prospective grant. However, we may gather additional information about your organisation and its employees and trustees for due diligence purposes and/or for the purposes of complying with our legal and/or regulatory requirements from publicly available sources such as the website of the Charity Commission of England and Wales, Scotland and Northern Ireland, your own organisation’s website, Companies House, HM Land Registry and other sources relevant to your application.
We may also collect personal information about you or your organisation from other sources for example, if we request references, testimonials or letters of support.
If you provide us with personal information relating to others (e.g. your family members, your support/social workers or specifically named beneficiaries (if you are an organisation)), you must ensure that you have the necessary permissions and consents in place to allow you to lawfully disclose such data to us.
What personal information will we collect about you?
We collect, store and use the following kinds of personal information:
• identity data such as your title, full name, date of birth, gender, nationality, marital status, tax residency details and National Insurance number. If you are an organisation applying for a grant, we require the name and work contact details of the organisation’s point of contact and we may require details of “controlling persons” i.e. beneficial owners (only relevant for entities that are passive non-financial entities);
• contact data such as your address, email and telephone numbers. We may also request identity and contact data for co-funders and beneficiaries (if you are an organisation), referees, your family members and dependants (if you are an individual) and any relevant support/social workers;
• financial data such as your bank account details, payee information and other payment details and any Gift Aid information. If you are an organisation applying for a grant, these financial details will be that of the grant recipient organisation;
• transaction data including details of payments and donations;
• any other information you provide to us in the course of the grant application process, throughout the grant period or at any other time.
How will we use your personal information?
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
• where we need to perform the contract we are about to enter into or have entered into with you or to take steps at your request prior to entering into it;
• where it is necessary for the performance of tasks carried out in the public interest e.g. the disbursement of funds to organisations and/or individuals who meet our charitable objectives and criteria;
• where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interest will primarily be the legitimate pursuit of our grant-making activities as a charitable entity and associated work such as managing and administering grants and maintaining a historical archive;
• where we need to comply with a legal or regulatory obligations or to comply with reporting (or other) obligations to the Charity Commission, HMRC or other regulatory body.
We will use your personal information to:
• award grants effectively and to monitor their impact and shape future grant making policy;
• provide and personalise our services;
• deal with your enquiries and requests;
• process and assess your grant application, including contacting you to discuss the application and any queries;
• administer grants and for other purposes arising in the course of our grant relationship, including ongoing contact regarding the relationship, payment, monitoring and evaluation and reporting back (including audits);
• promote grant funded work;
• maintain an archive with records of previous grants and previously supported grantees;
• to satisfy legal and regulatory obligations;
• prevent fraud;
• to establish, defend and/or enforce legal claims.
Will we share your personal information with anyone else?
Generally, we will only use your personal information and share it with third parties to the extent required to achieve the purposes set out in this privacy notice. We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Relevant third parties may include:
• our trustees;
• referees whose details have been provided by you;
• suppliers and sub-contractors based in the United Kingdom for the performance of any contract we have with them – for example for IT services such as website hosting;
• insurers and professional service providers such as accountants and lawyers based in the United Kingdom;
• financial companies that collect or process donations on our behalf, and external fundraising platforms based in the United Kingdom;
• government bodies, law enforcement agencies and regulatory authorities, such as HMRC; and
• auditors or contractors or other advisors based in the United Kingdom auditing, assisting with or advising on any of our business or charitable purposes.
Our trustees will review the information you have provided in connection with your grant application, together with any additional information gathered from publicly available sources (as outlined above), in order to assess whether a grant will be made. If an award is made, we may ask for extra information about you or your organisation (as the case may be) to help us pay and monitor the award.
We also reserve the right to disclose your information to third parties for their own purposes in some cases. For example:
• if we sell or buy all or part of a business, in which case we may disclose it to the potential seller or buyer;
• if we are under a legal or regulatory duty to do so or under an obligation to the Charity Commission, HMRC or other regulatory body;
• to protect the rights, property and/or safety of the Charity, its personnel, supporters, users or others (including you).
With explicit consent, we may also publish the names of organisations and/or individuals that have received grants from us in our annual report and accounts (submitted to the Charity Commission).
What if you do not provide personal information?
You are under no statutory or contractual obligation to provide personal information to us as part of the grant application process. However, if you do not provide the information requested, we may not be able to process or consider your grant request.
Due to recent regulatory changes, we are required to confirm that any grant applicants are resident in the UK for tax purposes. We are legally required to request information about a grant applicant’s tax residency and their tax identification number (or National Insurance number). Unfortunately, we will not be able to consider a grant application if this information is not provided.
International data transfers
Generally, the personal information we collect is stored at a location within the UK or EU. We use agencies and/or suppliers to process personal information on our behalf and so personal information may therefore be transferred, stored, or accessed outside the UK or EU. In these cases we take all steps reasonably necessary to ensure that appropriate safeguards are in place (for example, by entering into an agreement approved by the European Commission for this purpose). Please contact us if you would like to receive further information on the specific mechanism used by us when transferring your personal information out of the EEA.
How long will we keep your personal information?
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
The period for which we will retain your data is determined by the time needed to assess your application, the duration of any grant award that may be made to your organisation, the duration of any grant management function that may arise from your application and the need to aggregate data to inform grant making policy/processes.
We retain details of grant applications and awards for 6 years to maintain a historical archive of our work for research purposes.
Data security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have also put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal information. Those rights are to:
• request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
• request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;
• request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
• object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
• request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
o if you want us to establish the data's accuracy;
o where our use of the data is unlawful but you do not want us to erase it;
o where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims;
o you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;
• withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Contact us (including complaints)
If you have any questions or concerns about this privacy notice or our use of your personal information please let us know by contacting us in one of the following ways:
Contact name: Kirsty McEwen
By post: Higgs LLP, 3 Waterfront Business Park, Brierley Hill, West Midlands, DY5 1LX
By email: [email protected]
By phone: 0345 111 5050
You are entitled to make a complaint at any time to the Information Commissioner’s Office, the UK regulator for data privacy – www.ico.org.uk/global/contact-us.
We are always grateful for the opportunity to resolve your concerns before you feel the need to speak to the ICO.