Charity Clients (Projects) Privacy Notice

Last updated: 2 May 2018

We will process the personal information you provide for our legitimate charitable interests and to enhance the experience of our charity clients. This includes contacting you about relevant opportunities, news and events. 

 

Quicky navigate to a section using the links below or download the full Volunteer Privacy Notice at the bottom of this page.

What is the purpose of this document?

What personal information do we collect and how is it used?

How is your personal information collected?

Automated Decision Making

Who has access to your data?

Data Security

Data Retention

Your legal rights

Accessing your data

Changes to this privacy notice

Queries and Further Information

 

What is the purpose of this document?

The Cranfield Trust collects and processes personal information about you during and after your relationship with us in order to manage that relationship. We are committed to being transparent about how we collect and use your data to meet our obligations under the General Data Protection Regulation (GDPR).

What personal information do we collect and how is it used?

Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Data we collect

What we use it for

Names, addresses, telephone numbers, email addresses

To contact you in connection with a specific enquiry, project, masterclass or other services; to keep you updated on our services or activities and events; to record your location in order to match volunteer consultants to your project

Information gathered from business and social media sources in the public domain, eg LinkedIn, Facebook, Companies House, Charity Commission

To build a picture of your organisation’s background, aims and objectives in order to match volunteer consultants to the organisation in relation to a project

Information related to project monitoring such as hours spent on a particular project and confidential project notes

To record the details of any advice given, including confidential details of organisational issues; to maintain project details for a minimum of 6 years following the advice given for legal and insurance purposes; to use anonymised project  monitoring data for statistical analysis and reporting and to inform the development of new services or marketing materials

IP Addresses (Contact Forms)

As an extra cyber security measure, we may log the IP address of the computer used to email us a contact form as part of our registration process. This type of data does not normally identify an individual in the UK.

IP Addresses (Google Analytics)

Visitors to our website for general enquiries may have their IP address logged for the purposes of tracking site traffic. Such logging is covered by Google Analytics’ own data privacy policies which include anonymization and automated data retention controls

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

If you fail to provide certain information when requested, we may not be able offer you the full range of our services.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How is your personal information collected?

We collect information through our charity client registration process. We may sometimes collect additional information from third parties including business and social media searches such as LinkedIn, and publicly available sources such as Companies House and Charity Commission. We may collect personal information in the course of our project-related activities throughout the period of our relationship with you.

Automated Decision Making

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Who has access to your data?

Your information may be shared internally, including with our volunteers offering pro bono consultancy and with staff members responsible for managing and administering projects, events and marketing activities.

We may have to share your data with third parties, including third-party service providers, for example in connection with supporting our CRM system and IT network (including remote support) and professional advisers where necessary, who may be party to confidential discussions related to a client organisation.

We require third parties to respect the security of your data and treat it in accordance with the law. We will share your information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest. All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Data Security

The Cranfield Trust takes the security of your data seriously.  We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, or subject to unauthorised access.  Where necessary, we implement appropriate network access controls, user permissions and encryption to protect data.

Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements. Details of retention periods, archiving and destruction policies for different aspects of your personal information are available in our retention policy which is available from the person responsible for data protection.

Your legal rights

As a data subject, you have a number of rights, details of which can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent at any time. Once confirmed, we will no longer process your information for the purpose you originally agreed to, unless we have another legitimate basis for doing so in law.

If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner (ICO).

Accessing your data

You will not have to pay a fee to access your personal information. However, if we think that your request is unfounded or excessive, we may charge a reasonable fee or refuse to comply with the request. We may need to confirm your identity or ensure your right to exercise your legal rights. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Queries and Further Information

The Cranfield Trust (Court Room Chambers, 1 Bell Street, Romsey, SO51 8GY) is the Data Controller.

For any queries, please contact James Lennard, Head of Finance, Administration & Control (mydata@cranfieldtrust.org).