Privacy STatement
Introduction:
We have created this Privacy Statement to demonstrate our firm commitment to your privacy and to handling the personal information you give us responsibly and in accordance with the law.
It covers how we will handle information we learn about you from your interactions with the Sir Richard Stapley Educational Trust (the Trust), including through our website or by email. These interactions will, for example, relate to your current or previous grant applications, any grants we make to you, any donations you may make to us, your participation in our annual users’ survey, receipt of our annual Newsletter, and occasional direct mail appeals.
We will do our utmost to ensure that the personal information we collect is held securely and used in accordance with the UK Data Protection Act 2018, and with any changes arising from the UK’s departure from the EU.
Contents:
-
Our legal basis for controlling and processing your personal information
-
Who is in charge of how we manage personal information?
-
What personal information do we collect (and store, control or process)?
-
What information do we retain, and for how long?
-
What do we do with your personal data?
-
Who do we share your data with, and is any of it transferred outside the EEA area?
-
Privacy and our website
-
Privacy and emails
-
Changes
-
Your rights
-
Questions about our privacy statement and our data protection policy
-
Reporting of personal data breaches
-
Where to go for further information about data protection.
1. Our legal basis for controlling and processing your personal information:
Our main legal basis for controlling and processing your personal information is that we have a legitimate interest in so doing, namely that is of benefit to the Trust’s charitable purposes, for example, in enabling us to properly administer grant applications and payments and account to regulatory bodies. We will use your data in ways you would reasonably expect.
We may sometimes use your personal information in order to comply with a legal obligation or, more rarely, where it is necessary to protect the vital interests of you or another person.
Secondarily, for individuals who have opted in to receiving certain communications from the Trust, our legal basis is also that you have consented to receiving such notifications, which consent may be withdrawn at any time.
2. Who is in charge of how we manage personal information?
Our Board of Trustees is responsible for ensuring the Trust’s compliance with data protection regulations. We do not employ a designated Data Protection Officer, but we have delegated responsibility to our Administrator for day-to-day implementation of our decisions. You can contact the Administrator at admin@stapleytrust.org
3. What personal information do we collect (and store, control or process)?
From all grant applicants, we obtain the personal information needed to assess your application (full name, date of birth, address/es, gender, nationality, details of current and previous educational, personal financial information and other sensitive information about your personal circumstances, and the case for making a grant), as well as supporting information from your academic referee. We may also gain further information from you or from your referee, as necessary, by email or other correspondence.
From successful grant applicants, we collect your bank details in order to pay your grant and a declaration about circumstances.
From those donating to the Trust, we obtain full name, address, e-mail address, date and nature and amount of the donation/s. We may also ask you to complete a Gift Aid declaration to enable us to claim Gift Aid on top of your donation from the tax authorities. If you donate via the CAF Giving link on our website, the Charities Aid Foundation (CAF) will collect these details on our behalf.
From those leaving a legacy to the Trust, we will keep all personal details provided, all correspondence by letter or email, and records of any relevant telephone calls or meetings.
From individuals who have consented to receive occasional updates and appeals, we obtain and store in our Wix account your email address, and we record the fact that you have consented.
From other stakeholders, we obtain full name, address, email address and any other personal details you have shared with us. ‘Other stakeholders’ includes our current and former trustees, business-to-business contacts (including academic referees of those applying for our grants), and any other individuals sharing their personal data with us.
4. What information do we retain, and for how long?
-
To account to regulatory bodies, we hold details of all financial transactions for at least six years following the financial year in which the transactions occurred.
-
For all grant applicants, we hold all documents and emails sent to, or received by, you and your referee and anyone else acting on your behalf. This information will include your full name, address, email address, nationality, gender, details of the course for which a grant was requested, as well as financial and other sensitive personal information. We also hold basic details on securely held, password-protected spreadsheets. We retain this information for six years for monitoring purposes.
-
For all successful grant applicants, we hold your key information on our secure, password-protected spreadsheets and bank records. This includes some or all of: full name, e-mail address, country of origin, gender, details of the course for which a grant was awarded, and the date and amount of the award(s) made. This data is held indefinitely unless you request deletion, in which case we undertake to delete it after a minimum of six years have elapsed following the financial year in which the last financial transaction with the Trust occurred.
-
For successful grant applicants who consent to receiving further communications from the Trust, as well as holding your details on our password-protected spreadsheets indefinitely, our web host (Wix) will also hold your name and email address indefinitely to enable us to email you occasionally. You may withdraw your consent at any time.
-
For donors, legators and other stakeholders, all of the personal data we are given is held securely, indefinitely, unless you (or your estate in the case of legators) request deletion, in which case we undertake to delete it after a minimum of six years have elapsed following the financial year in which the last financial transaction with the Trust occurred. Gift aid declaration forms are also retained indefinitely in hard and/or soft copy as we or CAF may need to show them to tax authorities.
5. What do we do with your personal data?
With regard to grant applicants, we will use your personal information to process your application and any grant payments, for administration and record keeping purposes, to account to regulatory bodies, and to further our charitable aims. If you opt in to receiving further communications from the Trust, you are consenting to be contacted by the Trust, including invitations to participate in an annual survey, receiving the annual Newsletter, being contacted for fundraising purposes, and being made aware of events or volunteering opportunities at the Trust. If you opt in, and subsequently change your mind, you can have your contact details removed from the Trust’s records and distribution list by emailing admin@stapleytrust.org
The Trust will:
-
Only use your personal data for the purposes for which it was collected
-
Only keep it for as long as it is needed (which for financial transactions is a minimum of six years after the financial year in which the last transaction occurred)
-
Ensure that personal details given to the Trust are held securely
-
Only share your data with: the trustees of the Trust; CAF Bank (our bank); Wix.com (our web host), with Paragon Internet Group t/a tsoHost (our email host), Microsoft ‘One Drive’ (our cloud-based back up storage site), The Gallery Partnership Ltd. (which acts as a processor of personal data arising from our use of the Benefactor Grants Management Software system), and with regulatory bodies such as tax authorities as required.
The Trust will not:
-
Sell your personal data to anyone.
-
With one exception, knowingly transfer your data to countries outside the EEA unless this is done in accordance with the directions of the Information Commissioner’s Office. The one exception is the contacts information of those who have consented to being contacted from time to time, which we hold in our Wix.com account. Wix does transfer data outside the EEA area, so please follow this link to Wix.com’s Privacy Policy (especially section 5): https://www.wix.com/about/privacy
6. Who do we share your information with? And is it transferred outside the EEA area?
As a rule, unless you have agreed in advance, we will not share your data with third parties except the following:
-
CAF Bank (our bankers)
-
Wix.com, our website host; we use this account to store contact details and send updates and appeals to those who have opted in to these
-
Paragon Internet Group t/a tsoHost (our email host)
-
Microsoft OneDrive (our cloud-based back up storage site)
-
The Gallery Partnership Ltd. (which acts as a processor of personal data arising from our use of the Benefactor Grants Management Software system)
-
and with regulatory bodies such as tax authorities as required.
If you have donated to the Trust through the CAF Donate link on our website, CAF Bank will store the details you have given. Please see section 10 of CAF Donate’s terms and conditions:
With one exception, we will not knowingly transfer your data to countries outside the EEA unless this is done in accordance with the directions of the Information Commissioner’s Office. The one exception is the contacts information of those who have consented to being contacted from time to time, which we hold in our Wix.com account. Wix does transfer data outside the EEA area, so please follow this link to Wix.com’s Privacy Policy (especially section 5): https://www.wix.com/about/privacy
7. Privacy and our website:
The Trust will not obtain personally identifying information about you when you visit our site unless you choose to provide such information to us. Providing such information is entirely voluntary. If you sign up for one of our email lists, we will only send you the kinds of information you have requested. You can unsubscribe at any time from these communications.
Use of cookies for users of the Trust’s website:
Our website host, Wix.com, uses ‘cookies’ to collect information about visitors to our website. If you wish you can disable all but the ‘essential’ cookies (i.e. those enabling core functionality) by clicking on the Cookie Settings button in the cookies pop up at the bottom of the screen.
(Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Most web browsers allow you some control of most cookies through the browser settings or through free software such as Super-Antispyware or Cleaner. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit the All About Cookies website at http://www.allaboutcookies.org )
8. Privacy and emails:
You also may decide to send us personally identifying information, for example, in an email message containing a question or comment, or by filling out a Web form that provides us this information. We use personally identifying information from email primarily to respond to your requests. We may forward your email to Trust officers who are better able to answer your questions. With your prior consent, we may also use your email address to contact you in the future with updates about the Trust and appeals.
If you no longer wish to receive emails from the Trust, you can unsubscribe by emailing us at admin@stapleytrust.org and we will remove you from our communications list. Alternatively you can unsubscribe using the ‘unsubscribe’ link found at the bottom of any emails we send you about Trust news, events we put on, fundraising etc.
9. Changes:
Should your personal details change, please help us to keep your information up to date by notifying us by emailing admin@stapleytrust.org
10. Your rights:
Under certain circumstances, by law you have the right to:
-
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
-
Ask us to correct personal information that we hold about you which is incorrect, incomplete or inaccurate
-
Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it
-
Object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your information for direct marketing purposes
-
Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it
-
Ask us to transfer your personal information to another person or organisation.
If you have given your consent to our storing, controlling or processing your personal information, you have the right to withdraw your consent at any time. To withdraw your consent, please contact our Administrator at admin@stapleytrust.org . Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely.
11. Questions about our privacy statement and our data protection policy:
If you have any questions about this Privacy Statement, or any other questions about how the Trust protects your personal data, please contact the Administrator: admin@stapleytrust.org
12. Reporting of personal data breaches:
The Office of the Information Commissioner defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.”
If you suspect that such a breach by the Trust may have occurred, you should contact the Administrator without delay by emailing admin@stapleytrust.org . We will do our utmost to investigate the matter urgently and robustly, and should a breach have occurred, to contain any further breach.
Where for any reason we become aware of a personal data breach which risks anyone’s rights and freedoms, we will fulfil our legal obligation to report this to the Information Commissioner’s Office within 72 hours.
13. Where to go for further, general information about data protection:
There is a wealth of accessible information on the website of the Office of the Information Commissioner: https://ico.org.uk
Last reviewed: August 2024