The RS Macdonald Charitable Trust strives to protect the privacy of all personally identifiable information collected during the course of our activities and it is important for you to know how we process your data. We will process your personal information under the terms of this policy and in accordance with any agreement with you.
We are a “data controller” in terms under data protection law (including the UK GDPR and the Data Protection Act 2018) (“Data Protection Laws”).
We need to process personal data relating to our employees, our Trustees, volunteers, suppliers, assessors and grant applicants and recipients in order to function effectively as an organisation, ensure good governance, for audit purposes, to train our staff and volunteers, to perform our business and grant support activities and to enable us to meet our legal obligations as an employer, a trust and as a registered charity.
Personal data is processed for commercial, charitable, administrative, statutory, support, marketing/promotion and health and safety purposes. All such personal data is collected and held in accordance with all applicable Data Protection Laws.
What personal information will the RS Macdonald Charitable Trust use?
This list includes all the ways we may use your personal information, and which of the reasons we rely on to do so. This is where we tell you what our legitimate interests are.
| Personal Information We May Process: | Our Reasons for Processing | Our Legitimate Interests |
|
Trustees / Volunteer Assessors Name Address and contact details Sex/gender Application details and references, interview notes Information about your health or if you have had an accident at work CVs, references Bank account details Appointment details and correspondence Photographs |
Fulfilling contracts Our legitimate interests Our legal duty |
Administering our business |
|
Suppliers Work address and contact details |
Our legitimate interests |
To keep in contact with suppliers Administering our business |
|
Job/volunteer applicants Name Address and contact details Sex/gender Application details and references, interview notes Information about your health or if you have had an accident at work CVs, references |
Fulfilling contracts Our legitimate interests Our legal duty |
Administering our business |
|
Grant applicants and recipients and their personnel Name Address and contact details Sex/gender Application or grant details and correspondence CVs, references Photographs Information about personal circumstances (limited to only information within case studies) Where we provide grant funding for a particular employee’s post, we will process details to enable us to administer the grant funding for that post, such as the relevant employee’s name, contact details, salary details, start and end dates.
|
Fulfilling contracts Our legitimate interests Defending or pursuing legal claims
|
Administering our business |
Where do we obtain your information?
In most cases we will obtain this information from you directly. Where you are an employee of a grant applicant or grant recipient, we will obtain your information from the grant applicant in the course of their application to us or from a grant recipient in the course of our dealings with them in relation to our grant support activities.
Processing Conditions
We process the personal data referred to above for the purposes of any contract or potential contract with our employees, our trustees, volunteers, suppliers, assessors and grant applicants and recipients; or for our legitimate interests in order to function effectively as an organisation, ensure good governance, for audit purposes, to train our staff and volunteers, to perform our business and grant support activities; and to enable us to meet our legal obligations that we may be subject to as an employer, a trust and as a registered charity.
We will process any information about our trustees or volunteers’ health or whether they have had an accident at work for the purposes of preventive or occupational medicine or for an assessment of their working capacity, subject to appropriate confidentiality protections. We may also process it to carry out our legal obligations, for equal opportunities monitoring or to establish, exercise or defend any legal claims.
We may process information about grant recipients’ or their employees’ or beneficiaries’ personal circumstances or their photographs for our case studies to promote and perform our business and grant support activities. Permission will be explicitly requested to process information for this purpose. Individuals can request that other information relating to them not to be published in this manner and we will deal with such requests in accordance with the law.
Who do we share your information with?
The information you provide to us may be accessed by our staff, our Trustees, third party assessors, auditors, our professional advisors and carefully selected third parties in the course of providing services to us (such as payroll services) under suitable obligations of confidentiality.
We may also publish some names and personal details relating to grant recipients for our case studies and for marketing and promotional purposes. Permission will be explicitly requested to process information for this purpose. Individuals can request that other information relating to them not to be published in this manner and we will deal with such requests in accordance with the law.
We may also use information in aggregate, where personally identifiable information is removed, for marketing and strategic development to improve and support our activities.
Security
We employ administrative, electronic and physical security measures to ensure that the information that we collect about you is protected from access by unauthorised persons and protected against unlawful processing, accidental loss, destruction and damage.
Please be aware that unfortunately the transmission of information via the internet or by email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to us and any transmission is at your own risk.
The period for which the personal data will be processed
We will retain personal data securely and only in line with how long it is necessary to keep for the purposes or for a legitimate and lawful reason.
Our typical retention periods are as follows:
|
Accident or Incident forms
|
Lifetime of the data subject |
| Trustee / Volunteer personnel documents |
Deleted 7 years after the appointment ends
|
| Job / volunteer applicants (unsuccessful) | Deleted 6 months after the post applied for closing date (or 6 months for speculative applications) |
| Grant applicants (unsuccessful) |
Deleted 7 years after the application closing date
|
| Grant recipients |
Deleted 7 years after the termination or expiry of the grant agreement
|
| Trustee register of interests |
7 years after appointment ends
|
| Photographs and case studies | 7 years after the termination or expiry of the grant agreement |
Some personal data may be retained for longer where it is in our legitimate interest to do so, such as to protect and defend our legal rights; or for research, archiving or statistical purposes. Individuals can request that other information relating to them be erased and we will deal with such requests in accordance with the law.
Transfers outside the UK and the European Economic Area
We, or carefully selected third parties that we contract with, may send personal data to countries outside the UK and the European Economic Area (‘EEA’). If and when this occurs, there will be appropriate safeguards in place to ensure the recipient protects the data to the same standard as the UK. The safeguards include:
- transferring to a non-UK or non-EEA country with privacy laws that give the same protection as the UK.
- putting in place a contract with the recipient that means they must protect personal data to the same standards as the UK.
- transfer personal data to organisations where there is an appropriate privacy standards framework in place that has been approved by the UK Information Commissioner.
Data subject’s rights
As an individual, you have the following rights as a data subject under applicable Data Protection Laws in relation to the processing of your personal data:
- The right to request from us access to information held about you
- The right to request that inaccurate data held about you is rectified
- The right to request the erasure of personal data
- The right to restriction of processing
- The right to object to processing, and
- The right to data portability.
For more information and guidance about any of these rights please go to the website of the Information Commissioner’s Office at https://ico.org.uk/.
Complaints
If you think there is an issue in the way in which we handle your personal data, you have a right to raise a complaint with the Information Commissioner’s Office. Their website contains details of how to make a complaint.
Changes to this Privacy & Fair Processing Notice
We keep our Privacy & Fair Processing Notice under regular review and reserve the right to update and amend it. This notice was last updated on 31 January 2023.
Further information
For further information about the proposed data sharing set out in this notice, or about any aspect of the RS Macdonald Charitable Trust’s processing of your personal data, please contact us at office@rsmacdonald.com