We have created this Privacy Statement to demonstrate our firm commitment to your privacy and to handling the personal information you give us responsibly and in accordance with the law.
It covers how we will handle information we learn about you from your interactions with the Sir Richard Stapley Educational Trust (the Trust), including through our website or by email. These interactions will, for example, relate to your current or previous grant applications, any grants we make to you, any donations you may make to us, your participation in our annual users’ survey, receipt of our annual Newsletter, and occasional direct mail appeals.
We will do our utmost to ensure that the personal information we collect is held securely and used in accordance with the EU General Data Protection Regulations (GDPR) and the UK Data Protection Act 2018.
Our legal basis for controlling and processing your personal information
Who is in charge of how we manage personal information?
How do we collect personal information?
What information do we retain, and for how long?
What do we do with your personal data?
Privacy and our website
Privacy and emails
Questions about our privacy statement and our data protection policy
Reporting of personal data breaches
Where to go for further information about data protection and the General Data Protection Regulations.
1. Our legal basis for controlling and processing your personal information:
Our main legal basis for controlling and processing your personal information is that we have a legitimate interest in so doing, namely that is of benefit to the Trust’s charitable purposes, for example, in enabling us to properly administer grant applications and payments and account to regulatory bodies. We will use your data in ways you would reasonably expect.
We may sometimes use your personal information in order to comply with a legal obligation or, more rarely, where it is necessary to protect the vital interests of you or another person.
Secondarily, for successful applicants who have opted in to receiving certain communications from the Trust, our legal basis is also that you have consented to receiving such notifications, which consent may be withdrawn at any time.
2. Who is in charge of how we manage personal information?
Our Board of Trustees is responsible for ensuring the Trust’s compliance with data protection regulations. We do not employ a designated Data Protection Officer, but we have delegated responsibility to our Clerk for day-to-day implementation of our decisions. You can contact the Clerk at
3. How do we collect personal information?
From grant applicants, we obtain the personal information needed to assess your application (full name, date of birth, address/es, gender, country of origin, details of current and previous educational, personal financial information, and the case for making a grant), as well as supporting information from your academic referee. We may also gain further information from you or from your referee, as necessary, by email or other correspondence.
From those making a donation to the Trust, we obtain full name, address, e-mail address, date and nature and amount of the donation/s.
From other stakeholders, we obtain full name, address, e-mail address an any other personal details you have shared with us.
4. What information do we retain, and for how long?
To account to regulatory bodies, we hold details of all financial transactions for at least six years following the financial year in which the transactions occurred.
For all grant applicants, we hold all documents and emails sent to, or received by, you and your referee and anyone else acting on your behalf. This information will include your full name, address, e-mail address, country of origin, gender, details of the course for which a grant was requested. We also hold basic details on securely held spreadsheets. We destroy this information after our annual audit.
For all successful grant applicants, we hold your key information on our Applicants Database and various spreadsheets and bank records. This includes some or all of: full name, e-mail address, country of origin, gender, details of the course for which a grant was awarded, and the date and amount of the award(s) made. This data is held indefinitely unless you request deletion, in which case we undertake to delete it after a minimum of six years have elapsed following the financial year in which the last financial transaction with the Trust occurred.
For successful grant applicants who consent to receiving further communications from the Trust, as well as holding your details on our Applicants database, our web host (Wix) will also hold your name and email address to enable us to email you occasionally. You may withdraw your consent at any time.
For donors and other stakeholders, all of the personal data you give us is held securely, indefinitely, unless you request deletion, in which case we undertake to delete it after a minimum of six years have elapsed following the financial year in which the last financial transaction with the Trust occurred. Gift aid declaration forms are also retained indefinitely in hard and/or soft copy as we may need to show them to tax authorities.
5. What do we do with your personal data?
With regard to grant applicants, we will use your personal information to process your application and any grant payments, for administration and record keeping purposes, to account to regulatory bodies, and to further our charitable aims. If you opt in to receiving further communications from the Trust, you are consenting to be contacted by the Trust, including invitations to participate in an annual survey, receiving the annual Newsletter, being contacted for fundraising purposes, and being made aware of events or volunteering opportunities at the Trust. If you opt in, and subsequently change your mind, you can have your contact details removed from the Trust’s database and distribution list by writing to us or emailing firstname.lastname@example.org
The Trust will:
Only use your personal data for the purposes for which it was collected
Only keep it for as long as it is needed (which for financial transactions is a minimum of six years after the financial year in which the last transaction occurred)
Ensure that it is held securely
Only share your data with: the trustees of the Trust; CAF Bank (our bank); Wix (our web host), and with TSO Host (our email host), and with regulatory bodies such as tax authorities as required.
The Trust will not:
Sell your personal data to anyone
Share your personal data with any third parties (other than CAF Bank, Wix and TSO Host as explained above) unless you have agreed this in advance
- Knowingly transfer your data to countries outside the EEA unless this is done in accordance with the directions of the Information Commissioner’s Office.
6. Privacy and our website:
We value your privacy and want you to feel confident about using our website. We are committed to safeguarding your privacy when you use the site.
We will not obtain personally identifying information about you when you visit our site, unless you choose to provide such information to us. Providing such information is entirely voluntary. Except as required by law, we do not share any personally identifying information we receive with any outside parties. If you sign up for one of our email lists, we will only send you the kinds of information you have requested. You can unsubscribe at any time from these communications.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Most web browsers allow you some control of most cookies through the browser settings or through free software such as Super-Antispyware or Cleaner. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit the All About Cookies website at http://www.allaboutcookies.org
7. Privacy and emails:
You also may decide to send us personally identifying information, for example, in an electronic mail message containing a question or comment, or by filling out a Web form that provides us this information. We use personally identifying information from email primarily to respond to your requests. We may forward your email to other staff or Honorary Officers who are better able to answer your questions. With your prior consent, we may also use your email to contact you in the future about our services that may be of interest.
If you no longer wish to receive emails from the Trust, you can unsubscribe by emailing us at email@example.com and we will remove you from our communications list. Alternative you can unsubscribe using the ‘unsubscribe’ link found at the bottom of any emails we send you about Trust news, events we put on, fundraising etc.
Should your personal details change, please help us to keep your information up to date by notifying us by emailing firstname.lastname@example.org
9. Your rights:
Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
Ask us to correct personal information that we hold about you which is incorrect, incomplete or inaccurate
Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it
Object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your information for direct marketing purposes
Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it
Ask us to transfer your personal information to another person or organisation.
If you have given your consent to us processing your personal information, you have the right to withdraw your consent at any time. To withdraw your consent, please contact our Clerk at email@example.com . Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely.
10. Questions about our privacy statement and our data protection policy:
If you have any questions about this Privacy Statement, or any other questions about how the Trust protects your personal data, please contact the Clerk: firstname.lastname@example.org
11. Reporting of personal data breaches:
The Office of the Information Commissioner defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.”
If you suspect that such a breach by the Trust may have occurred, you should contact the Clerk without delay by emailing email@example.com . We will do our utmost to investigate the matter urgently and robustly, and should a breach have occurred, to contain any further breach.
Where for any reason we become aware of a personal data breach which risks anyone’s rights and freedoms, we will fulfil our legal obligation to report this to the Information Commissioner’s Office within 72 hours.
12. Where to go for further, general information about data protection and the General Data Protection Regulations:
There is a wealth of accessible information on the website of the Office of the Information Commissioner: https://ico.org.uk
Last reviewed: November 2019