Privacy Notice for Business Contacts

What is the purpose of this document?

The Cranfield Trust collects and processes personal information about you during and after your relationship with us in order to manage that relationship. We are committed to being transparent about how we collect and use your data to meet our obligations under the General Data Protection Regulation (GDPR).

What personal information do we collect and how is it used?

Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Data we collect

What we use it for

Names, addresses, telephone numbers, email addresses (for individuals contacted in their professional capacity), eg business cards

To contact you in connection with a specific enquiry, project or funding opportunity; to keep you updated on our services or activities and events

Information gathered from business and social media sources in the public domain, eg web, LinkedIn, Companies House or Charity Commission, business directories  or other sector-related sources

To build a picture of your organisation’s background, aims and objectives in order to pursue potential business relationships

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How is your personal information collected?

We collect information when we establish a relationship with you, for example at networking meetings or events. We may sometimes collect additional information from third parties including business and social media searches such as LinkedIn, and publicly available sources such as business directories and Charity Commission. We may collect personal information in the course of our activities throughout the period of our relationship with you.

Automated Decision Making

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Who has access to your data?

Your information may be shared internally, including with staff members responsible for managing and administering fundraising, projects, events and marketing activities.

We may have to share your data with third parties, including third-party service providers, for example in connection with supporting our CRM system and IT network (including remote support) and professional advisers where necessary, who may be party to confidential discussions related to a funder organisation or individual.

We require third parties to respect the security of your data and treat it in accordance with the law. We will share your information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest. All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Data Security

The Cranfield Trust takes the security of your data seriously.  We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, or subject to unauthorised access.  Where necessary, we implement appropriate network access controls, user permissions and encryption to protect data.

Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements. Details of retention periods, archiving and destruction policies for different aspects of your personal information are available in our retention policy which is available from the person responsible for data protection.

Your legal rights

As a data subject, you have a number of rights, details of which can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent at any time. Once confirmed, we will no longer process your information for the purpose you originally agreed to, unless we have another legitimate basis for doing so in law.

If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner (ICO).

Accessing your data

You will not have to pay a fee to access your personal information. However, if we think that your request is unfounded or excessive, we may charge a reasonable fee or refuse to comply with the request. We may need to confirm your identity or ensure your right to exercise your legal rights. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Queries and Further Information

The Cranfield Trust (Court Room Chambers, 1 Bell Street, Romsey, SO51 8GY) is the Data Controller.

For any queries, please contact James Lennard, Head of Finance, Administration & Control (mydata@cranfieldtrust.org).