We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

DO YOU NEED EXTRA HELP?

If you would like this notice in another format (for example: audio, large print, braille) please contact us (see ‘How to contact us’ below).

WHO WE ARE

The Liz and Terry Bramall Foundation uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

THE PERSONAL INFORMATION WE COLLECT AND USE

Information collected by us

In the course of carrying out the objects of the Foundation, we collect the following personal information when you provide it to us:

  • name, address, telephone numbers (landline and mobile), email address; and
  • confidential financial details if provided by you for the purposes of administering a grant.

How we use your personal information
Under data protection law, we can only use your personal data if we have a proper reason for doing so, e.g.:

  • to comply with our legal and regulatory obligations;
  • for the performance of our services to you or to take steps at your request before entering into services with you;
  • for our legitimate interests or those of a third party; or
  • where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use (process) your personal data for and our reasons for doing so:

What we use your personal data for Our reasons
To provide services to you, in assessing and dealing with your application to the Foundation. For the performance of our services with you or to take steps at your request before entering into those services
Any processing necessary to comply with our professional, legal and regulatory obligations that apply to our us, e.g. under health and safety regulation or rules issued by the Charity Commission To comply with our legal and regulatory obligations
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies To comply with our legal and regulatory obligations
Ensuring business policies are adhered to, e.g. policies covering security and internet use For our legitimate interests or those of a third party, for example, to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality control For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you.
Ensuring the confidentiality of commercially sensitive information For our legitimate interests or those of a third party.

To comply with our legal and regulatory obligations

Preventing unauthorised access and modifications to systems For our legitimate interests or those of a third party, e.g. to prevent and detect criminal activity that could be damaging for us and for you

To comply with our legal and regulatory obligations

Updating and enhancing applicants’ records For the performance of our services or to take steps at your request before entering into those services.

To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with the applicants

Statutory returns To comply with our legal and regulatory obligations
Ensuring safe working practices, staff administration and assessments To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you

External audits and quality checks, e.g. for the Charity Commission and the audit of our accounts To comply with our legal and regulatory obligations

The above table does not apply to special category personal data, which we will only process with your explicit consent.

Who we share your personal data with

We routinely share personal data with:

  • professional advisers who we instruct to assist us in carrying out our services to you, e.g. solicitors (Raworths LLP of Harrogate HG1 1HF), accountants, tax advisors or other experts;
  • external auditors, e.g. the Charity Commission and the audit of our accounts;
  • our banks; and
  • external service suppliers, representatives and agents that we use to make our Foundation more efficient, e.g. administration services, shredding or off site back-up server providers.

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We will not share your personal data with any other third party.

Information collected from other sources

We may also obtain personal information from other sources such as:

  • Companies House, HM Land Registry or the Charity Commission; and
  • via IT systems, for example a document management system or automated monitoring of our systems, such as our computer networks and systems.

How long your personal information will be kept

We will hold personal data for 10 years. We take the view that we can hold the personal data for this time due to the probability of reapplications.

YOUR RIGHTS

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

  • fair processing of information and transparency over how we use your use personal information;
  • access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address;
  • require us to correct any mistakes in your information which we hold;
  • require the erasure of personal information concerning you in certain situations;
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
  • object in certain other situations to our continued processing of your personal information; and
  • otherwise restrict our processing of your personal information in certain circumstances.

If you would like to exercise any of those rights, please:

  • email, call or write to us (See ‘How to contact us’ below);
  • let us have enough information to identify you ;
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • let us know the information to which your request relates, including any reference numbers, if you have them.

KEEPING YOUR PERSONAL INFORMATION SECURE
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

HOW TO COMPLAIN
We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

CHANGES TO THIS PRIVACY NOTICE
This privacy notice was published on April 2018.

We may change this privacy notice from time to time, when we do we will inform you via this website.

HOW TO CONTACT US
Please contact us if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact us, please send an email to [email protected], write to the Liz and Terry Bramall Foundation c/o Raworths LLP, 89 Station Parade, Harrogate, North Yorkshire, HG1 1HF, or call 01423 566666 and specify that it is in relation to the Liz and Terry Bramall Foundation.