Privacy Policy

Privacy Policy

The RS Macdonald Charitable Trust strives to protect the privacy of all personally identifiable information collected during the course of our activities and it is important for you to know how we process your data.  We will process your personal information under the terms of this policy and in accordance with any agreement with you.

We are a “data controller” in terms under data protection law (including from 25 May 2018, the EU General Data Protection Regulation 2016 and the Data Protection Act 2018) (“Data Protection Laws”).

We need to process personal data relating to our employees, our trustees, volunteers, suppliers, assessors and grant applicants and recipients in order to function effectively as an organisation, ensure good governance, for audit purposes, to train our staff and volunteers, to perform our business and grant support activities and to enable us to meet our legal obligations as an employer, a trust and as a registered charity.

Personal data is processed for commercial, charitable, administrative, statutory, support, marketing/promotion and health and safety purposes. All such personal data is collected and held in accordance with all applicable Data Protection Laws.

What personal information will the RS Macdonald Charitable Trust use?

This list includes all the ways we may use your personal information, and which of the reasons we rely on to do so. This is where we tell you what our legitimate interests are.

Personal Information We May Process: Our Reasons for Processing Our Legitimate Interests
Trustees / Volunteer Assessors

Name

Address and contact details

Sex/gender

Application details and references, interview notes

Information about your health or if you have had an accident at work

CVs, references

Bank account details

Appointment details and correspondence

Photographs

Fulfilling contracts

Our legitimate interests

Our legal duty

Administering our business
Suppliers

Work address and contact details of Suppliers’ personnel

Our legitimate interests To keep in contact with suppliers

Administering our business

Job/volunteer applicants

Name

Address and contact details

Sex/gender

Application details and references, interview notes

Information about your health or if you have had an accident at work

CVs, references

Fulfilling contracts

Our legitimate interests

Our legal duty

Administering our business
Grant applicants and recipients and their personnel

Name

Address and contact details

Sex/gender

Application or grant details and correspondence

CVs, references

Photographs

Information about personal circumstances (limited to only information within case studies)

Where we provide grant funding for a particular employee’s post, we will process details to enable us to administer the grant funding for that post, such as the relevant employee’s name, contact details, salary details, start and end dates.

 

Fulfilling contracts

Our legitimate interests

Defending or pursuing  legal claims

 

Administering our business

 

Where do we obtain your information?

In most cases we will obtain this information from you directly.  Where you are an employee of a grant applicant or grant recipient, we will obtain your information from the grant applicant in the course of their application to us or from a grant recipient in the course of our dealings with them in relation to our grant support activities.

 

Processing Conditions

We process the personal data referred to above for the purposes of any contract or potential contract with our employees, our trustees, volunteers, suppliers, assessors and grant applicants and recipients; or for our legitimate interests in order to function effectively as an organisation, ensure good governance, for audit purposes, to train our staff and volunteers, to perform our business and grant support activities; and to enable us to meet our legal obligations that we may be subject to as an employer, a trust and as a registered charity.

We will process any information about our trustees or volunteers’ health or whether they have had an accident at work for the purposes of preventive or occupational medicine or for an assessment of their working capacity, subject to appropriate confidentiality protections.  We may also process it to carry out our legal obligations, for equal opportunities monitoring or to establish, exercise or defend any legal claims.

We may process information about grant recipients’ or their employees’ or beneficiaries’ personal circumstances or their photographs for our case studies to promote and perform our business and grant support activities.  Permission will be explicitly requested to process information for this purpose. Individuals can request that other information relating to them not to be published in this manner and we will deal with such requests in accordance with the law.

 

Who do we share your information with?

The information you provide to us may be accessed by our staff, our Trustees, third party assessors, auditors, our professional advisors and carefully selected third parties in the course of providing services to us (such as payroll services) under suitable obligations of confidentiality.

We may also publish some names and personal details relating to grant recipients for our case studies and for marketing and promotional purposes. Permission will be explicitly requested to process information for this purpose.  Individuals can request that other information relating to them not to be published in this manner and we will deal with such requests in accordance with the law.

We may also use information in aggregate, where personally identifiable information is removed, for marketing and strategic development to improve and support our activities.

 

Security

We employ administrative, electronic and physical security measures to ensure that the information that we collect about you is protected from access by unauthorised persons and protected against unlawful processing, accidental loss, destruction and damage.

Please be aware that unfortunately the transmission of information via the internet or by email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to us and any transmission is at your own risk.

 

The period for which the personal data will be processed

We will retain personal data securely and only in line with how long it is necessary to keep for the purposes or for a legitimate and lawful reason.

Our typical retention periods are as follows:

 

 

Accident or Incident forms

 

Lifetime of the data subject
Trustee / Volunteer personnel documents  

Deleted 7 years after the appointment ends

 

Job / volunteer applicants (unsuccessful) Deleted 6 months after the post applied for closing date (or 6 months for speculative applications)
Grant applicants (unsuccessful)  

Deleted 7 years after the application closing date

 

Grant recipients  

Deleted 7 years after the termination or expiry of the grant agreement

 

Trustee register of interests  

7 years after appointment ends

 

Photographs and case studies 7 years after the termination or expiry of the grant agreement

 

Some personal data may be retained for longer where it is in our legitimate interest to do so, such as to protect and defend our legal rights; or for research, archiving or statistical purposes.  Individuals can request that other information relating to them be erased and we will deal with such requests in accordance with the law.

 

Transfers outside the European Economic Area

We, or carefully selected third parties that we contract with, may send personal data to countries outside the European Economic Area (‘EEA’). If and when this occurs, there will be protections in place to ensure the recipient protects the data to the same standard as the EEA. The protections include:

  • transferring to a non-EEA country with privacy laws that give the same protection as the EEA.
  • putting in place a contract with the recipient that means they must protect personal data to the same standards as the EEA.
  • transfer personal data to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for personal data sent between the US and EU countries which makes sure standards are similar to what is used within the EEA.

 

Data subject’s rights

As an individual, you have the following rights as a data subject under applicable Data Protection Laws in relation to the processing of your personal data:

  • The right to request from us access to information held about you
  • The right to request that inaccurate data held about you is rectified
  • The right to request the erasure of personal data
  • The right to restriction of processing
  • The right to object to processing, and
  • The right to data portability.

For more information and guidance about any of these rights please go to the website of the Information Commissioner’s Office at https://ico.org.uk/.

Complaints

If you think there is an issue in the way in which we handle your personal data, you have a right to raise a complaint with the Information Commissioner’s Office. Their website contains details of how to make a complaint.

 

Changes to this Privacy & Fair Processing Notice

We keep our Privacy & Fair Processing Notice under regular review and reserve the right to update and amend it.  This notice was last updated on 25 May 2018.

 

Further information

For further information about the proposed data sharing set out in this notice, or about any aspect of the RS Macdonald Charitable Trust’s processing of your personal data, please contact us at office@rsmacdonald.com

Do NOT follow this link or you will be banned from the site!