Privacy
OUR PRIVACY POLICY
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and what personal data (information) we hold about you, how we collect it and how we may use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or make a complaint.
WHO WE ARE
Talbot Village Trust is a ‘data controller’ for the purposes of your personal data. This means that we determine the purpose and means of the processing of your personal data.
KEY TERMS
The following are some key terms used in this document:
| We, us, our | Talbot Village Trust |
| Personal data | Any information relating to an identified or identifiable individual |
| Charity representatives | Individuals representing registered charities which apply to the Trust for grants or loans |
| Special category personal data | Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sex life or sexual orientation and data relating to criminal convictions and offences, allegations and proceedings |
PERSONAL DATA WE COLLECT AND USE
We may collect the following personal data from you:
- Your name
- Your contact details (telephone number(s), postal address and email address)
- Your company name and contact details (telephone number(s), postal address and email address)
For charity representatives, this personal data is required to process your charity’s application. If you do not provide the personal data formation we ask for, it may delay or prevent us from processing your charity’s application.
HOW YOUR PERSONAL DATA IS COLLECTED
We collect personal data from you when we speak with you on the telephone or during a face to face conversation and also when we correspond with you via email or by letter.
HOW AND WHY WE USE YOUR PERSONAL DATA
Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:
- to comply with our legal and regulatory obligations;
- for our legitimate interests or those of a third party; or
- where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use your personal data for and our lawful basis for doing so, depending on our relationship with you.
| What we use your personal data for | Our lawful basis for processing data |
| To process applications to the Trust for grants and loans from registered charities and to administer grants and loans | Necessary for our legitimate interests or those of a third party i.e. to process applications for grants and loans from registered charities and to administer grants and loans |
| For other individuals representing organisations with whom we have contracts e.g. suppliers, for corresponding with those individuals | Necessary for our legitimate interests or those of a third party i.e. to take steps under the contract |
| To prevent and detect fraud against you or us | Necessary for our legitimate interests or those of a third party i.e. to minimise fraud that could be damaging for us and for you |
| Other processing necessary to comply with our legal and regulatory obligations that apply to us e.g. under health and safety law, or as otherwise permitted or required by law | Necessary to comply with our legal and regulatory obligations |
| Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies e.g. the Charity Commission | Necessary to comply with our legal and regulatory obligations |
| Ensuring our business policies are adhered to e.g. policies covering security and internet use | Necessary for our legitimate interests or those of a third party i.e. to make sure we are following our own internal procedures |
| Operational reasons, such as improving efficiency, training and quality control | Necessary for our legitimate interests or those of a third party i.e. to be as efficient as we can |
| Ensuring the confidentiality of commercially sensitive information | Necessary to comply with our legal and regulatory obligations
Necessary for our legitimate interests or those of a third party i.e. to protect commercially valuable information |
| Statistical analysis to help us manage the Trust e.g. in relation to our financial performance or other efficiency measures | Necessary for our legitimate interests or those of a third party i.e. to be as efficient as we can |
| Preventing unauthorised access and modifications to systems | Necessary to comply with our legal and regulatory obligations
Necessary for our legitimate interests or those of a third party i.e. to prevent and detect criminal activity that could be damaging for us and for you |
| Updating and maintaining records | Necessary for our legitimate interests or those of a third party e.g. to make sure we can keep in touch with charity representatives and other contacts |
| Ensuring safe working practices (including protecting our rights, property or the safety of our employees and Trustees or others), staff administration and assessments | Necessary to comply with our legal and regulatory obligations
Necessary for our legitimate interests or those of a third party e.g. to make sure we are following our own internal procedures and working efficiently |
| The audits of our accounts | Necessary to comply with our legal and regulatory obligations |
WHO WE SHARE YOUR PERSONAL DATA WITH
Depending on the circumstances, we may share your personal data with:
- third parties we use to help run our organisation e.g. IT back up providers;
- our PR company;
- our insurers and professional advisers (e.g. solicitors);
- our bank.
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
We may disclose and exchange information with law enforcement agencies and regulatory bodies (e.g. the Charity Commission) to comply with our legal and regulatory obligations.
HOW LONG YOUR PERSONAL DATA WILL BE KEPT
For charity representatives, we will keep your personal data while we are processing your charity’s application and for twelve months after we communicate our decision to you or the date of a donation or grant or the repayment of a loan in full (whichever is the latest).
For other individuals we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including;
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly;
- to keep records required by law to comply with our legal and regulatory obligations.
We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal data.
TRANSFERRING YOUR PERSONAL DATA OUT OF THE EEA
It is sometimes necessary for us to share your personal data outside the European Economic Area (EEA) (which comprises the countries in the European Union and Iceland, Liechtenstein and Norway) e.g. if we have service providers located outside the EEA.
- These transfers are subject to special rules under European and UK data protection law.
- Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to your data by ensuring one of the following (or one of the other grounds set out in data protection law) applies:
- your data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- the transfer is necessary to establish, exercise or defend legal claims;
- there are adequate safeguards in place between us and the organisation receiving it (e.g. by the use of European Commission approved contractual terms); or
- you have provided explicit consent to the proposed transfer after being informed of any potential risks.
YOUR RIGHTS
You have the following rights, which you can exercise free of charge:
| Access | The right to be provided with a copy of your personal data |
| Rectification | The right to require us to correct any mistakes in your personal data |
| To be forgotten | In certain situations, the right to require us to delete your personal data |
| Restriction of processing | In certain situations, the right to require us to restrict processing of your personal data e.g. if you contest the accuracy of the data |
| Data portability | In certain situations, the right to ask us to transfer any personal data you provided to us to another organisation |
| To object | The right to object at any time to your personal data being processed for direct marketing and in certain other situations to our continued processing of your personal data e.g. where processing is carried out for the purpose of our legitimate interests |
We do not use personal data for automated decision making.
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please email, write or telephone our us – see below: ‘How to contact us’ and let us have enough information to identify you e.g. your full name and address as well as what right you want to exercise and the personal data to which your request relates.
KEEPING YOUR PERSONAL DATA SECURE
We have put in place reasonable and appropriate security measures to endeavour to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your personal data. If you want to complain about how we have used your personal data, please email or write to us – see below: ‘How to contact us’. However, if we are not able to resolve your complaint to your satisfaction, you can complain to UK’s supervisory authority, the Information Commissioner’s Office (ICO). Further information about how to make a complaint to the ICO can be found on the ICO website www.ico.org.uk.
The EU General Data Protection Regulation also gives you right to lodge a complaint with the supervisory authority in the European Union state where you work, normally live or where any alleged infringement of data protection laws occurred.
CHANGES TO THIS PRIVACY POLICY
We may change this privacy notice from time to time and when we do so, we will inform you via our website (www.talbotvillage trust.org) and where appropriate we will notify the changes to you by email or post.
HOW TO CONTACT US
Please contact us by email, post or telephone if you have any questions about this privacy policy or the information we hold about you.
Our contact details are shown below:
Talbot Village Trust
5 Parkstone Road
Poole
Bh35 2NL
01202 673071
darryl.tidd@talbotvillagetrust.org