The Sir Bernard & Lady Schreier Foundation Privacy Policy

Introduction

The Sir Bernard & Lady Schreier Foundation (‘the Trust’) is a grant-making charity, registered in England and Wales with the charity number 1187179. Organisations that meet its grant/applicant eligibility criteria apply for funds to support their projects, which are then awarded at the discretion of the Trustees.

The Sir Bernard & Lady Schreier Foundation adheres to the requirements of the General Data Protection Regulation 2018 (GDPR) and processes the personal data it collects under the lawful basis of ‘legitimate interest’.

Contacting us

The Sir Bernard & Lady Schreier Foundation is a data controller in respect of your personal data. If you have any questions about its privacy policy or the way it processes your data, please contact:

The Sir Bernard & Lady Schreier Foundation
CP House
Otterspool Way
Watford
WD25 8JJ

Email: info@schreierfoundation.com

Why does the Trust collect your data and how is it used?

The Trust collects limited personal data about the person who makes a funding application to the Trust on behalf of an organisation. The Trust has a legitimate interest in processing this data in order to offer an effective grants administration service.

The purpose of collecting this data is to:

• enable the Trust to ask you for additional information in support of your organisation’s application

• inform you of the outcome of your organisation’s application

• make one-off or staged payments to successful applicants

• monitor the progress of work that the Trust has funded

• maintain a contact history between the Trust and your organisation

• seek advice/guidance on behalf of another organisation that the Trust thinks may benefit from your experience

The Trust does not proactively collect personal information considered as sensitive personal information such as health-related information.

The Trust does not engage in any marketing activity.

What personal data does the Trust collect, and how?

Personal data is data that can be used to identify you or tells the Trust something about you. The Trust collects minimal personal data, only that which it considers necessary to communicate with you in relation to its core purpose of grant administration. This includes:

• Your name (including title, which may or may not reveal your gender)

• Your job title and place of work

• Your contact details

• Logs of communications that have been made between you and the Trust

The Trust collects this data directly from you when you:

• Submit a completed application form by email

• Email or otherwise inform the Trust about a change in details

• Write to the Trust with the expectation that it will keep your details on file

The Trust aims to ensure accuracy and, if you tell it about a change, your record will be updated. If you tell the Trust, or it finds out from another source, that you have left an organisation, your contact record will be deleted.

Storing and deleting your personal data

The Trust uses Microsoft Office365 for day-to-day business use including email. Microsoft software is compliant with European law in relation to data and file security.

The Trust is developing procedures with regards to deletion of old records. The aim is that personal data connected to unsuccessful applications will be kept for up to three of the Trust’s financial years, and personal data connected to successful applications will be kept for up to seven of the Trust’s financial years. There will be an annual database maintenance exercise to fulfil this requirement.

Information sharing and disclosure

The Trust will not, without your consent, supply any of your personal data to any third party except in the following circumstances:

• It is required to do so by law enforcement or regulatory bodies where this is required or allowed under the relevant legislation

• Where it requires technical support on its database by a trusted specialist supplier of support services

Website

The Trust’s website is built on a WordPress template and uses WordPress’s default cookies. Users are informed that the website collects cookies and are given this URL, which explains what they are, their purpose and how to control them: https://automattic.com/cookies/. An option to ‘click and accept’ cookies is given. This consent is set to be sought every 30 days, so regular visitors to the site may be asked to give consent several times.

Your rights

The GDPR provides the following rights for individuals:

• The right to be informed about the collection and processing of your personal data

• The right of access to your data

• The right to rectification if the data held about you is inaccurate

• The right to erasure of your data (except in certain, specific circumstances)

• The right to data portability (i.e. being given your data in a structured, digital format)

• The right to object to the use the Trust makes of your data

You can find out more about these rights and the GDPR in general, or make a complaint about the Trust in relation to its handling of personal data, by contacting the Information Commissioner’s Office:

• Helpline: 0303 123 1113 Monday to Friday 9.00am – 4.30pm

• https://ico.org.uk/