Privacy Policy
The following statement explains how the Smallwood Trust handles the personal data you provide to us in order to receive our support.
Our aim is to respect your privacy and comply with all relevant Data Protection legislation including the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA18).
The Data Controller
Smallwood Trust is what is known as a ‘Data Controller’ for any personal data you give to us. We are contactable on;
Phone: 0300 365 1886
E-mail: info@smallwoodtrust.org.uk
What personal data we collect and what we do with it
We ask for personal data about your organisation or in exceptional circumstances you as an individual in order to assess your needs and determine if you are eligible for a grant. For this purpose, we may need to collect information that is deemed ‘special data’, especially if it directly relates to your current needs and circumstances. This will not be in every case and we will not ask for information that we do not need or will never use. We will not share this data and we will do what we can to protect it.
For each of our purposes below you can find out more about what each purpose is;
Assessing your eligibility for financial assistance
When you complete an application form for a grant we will use that information to:
- Determine your current circumstances and financial needs
- Check the information provided with other data sources to ensure fraud does not occur
- Approve or decline your application
Provision and maintenance of the assistance you receive
If your grant is approved we will use your information to:
- Provide you with financial assistance at agreed intervals
- Contact you with relevant updates about your grant and how you will receive it
- Investigate any issues that may arise, including any accusations of fraud
- Periodic assessment of your needs to determine if the grant is no longer required
Prevention and detection of fraud
Where we are handling your financial information if we suspect fraud we will:
- Check your information against national databases and schemes where we are members / subscribers
- Share your information with law enforcement agencies to investigate the matter if it is believed to be serious enough
Hosting and maintenance of your information on our systems
All information you provide us will be:
- Stored on our systems and databases all held in the European Union
- Possibly used for testing of systems and databases, but only where absolutely necessary
- Scanned and monitored to ensure the information is protected from Cyber Threats
To keep in contact with you
We will, at certain points while you are receiving a grant and up to a year after it finishes, contact you to see how you are getting on and how the grant has helped you or your organisation. We may also send you surveys. Your answers will help us evaluate the impact of our work. All answers will be handled anonymously and they will not be used in any way that can affect you personally.
For individual applicants : It is in our legitimate interest to contact you periodically about your grant but you can tell us your preferences for how we can get in touch and if you would prefer it if we didn’t call at certain times etc.
We may also send you information that we believe may assist you further. This information will relate to your needs assessed as part of the grant.
WHAT WE DO | OUR LEGAL BASIS UNDER GDPR |
Assessing your eligibility for financial assistance | Article 6(1)(b) – you provide your personal data to us in order to enter into a grant agreement with us. Article 6(1)(c) & Article 9(2)(g) (DPA18 Sch2Pt2 18(1)) – we do not need special information as part of your grant application. However, where you do provide special information that may highlight a safeguarding concern we are obliged to ensure we protect you from any harm. This information will not be used for any other purpose. |
Provision and maintenance of the assistance you receive | Article 6(1)(b) – Your personal data is used to send payments to you and support the ongoing provision of the grant. |
Safeguarding you against harm | Article 6(1)(c) & Article 9(2)(g) (DPA18 Sch2Pt2 18(1)) – where you do provide special information that may highlight a safeguarding concern we are obliged to ensure we protect you from any harm. This information will not be used for any other purpose. |
Prevention & detection of fraud | Article 6(1)(c) – We keep your name and payment details for a minimum of 6 years from the date you receive a grant or make a payment to us in order to meet our tax obligations. Article 9(2)(g) – Public Interest to prevent and detect fraud (DPA18 Sch2 Pt2 (14)) |
Hosting and maintenance of your information on our systems | Article 6(1)(f) – this is necessary for our legitimate interests. |
To keep in contact with you | Article 6(1)(a) – we will process your basic contact information in order to contact you.Article 6(1)(f) – Sending you the survey is necessary for our legitimate interests. |
How long we keep your personal data
We will keep all information you give us for at least the duration of time that you are receiving a grant from us.
By law we have to keep basic information about who we make payments to and their details for a minimum of 6 years for tax purposes.
Subject to any legal requirement, we will delete your information where you tell us to or six years after your last grant payment was made.
For the purposes of receiving our news and updates we will keep your information until you unsubscribe.
Please contact us if you would like a copy of our retention schedule.
Third Parties
We are required under the law to share your information with organisations for the following reasons:
- for fraud prevention purposes if fraud is believed to occur with your relationship with us
- or if we think you are at risk of harm.
We may also share your personal data with professionals and organisations who help us to carry out our grant making activities. For example, we may share personal data with assessors and/or organisations who help assess applications and evaluate the impact of our grants. Organisations which support our IT software and systems may also have access to personal data. In each case, we will only share personal data needed to carry out their work, and will do so subject to appropriate safety measures that are designed to ensure your personal data remains secure and is only used for the intended purpose.
Otherwise we will not disclose your data to any other parties without your prior consent. We will not sell, assign, disclose or rent your personal data to any other external organisation or individual.
Protecting Your Personal Data
We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect from you.
Cookies
Cookies are used on this website. A cookie is a text file that sits on your device designed to tailor website content for you or help a website’s functionality work. Cookies make it easier for you to log on to and use the site during future visits. They also allow us to monitor website traffic and to personalise the content of the site for you. Our system will issue cookies to your computer when you log on to the site. However, you can set your web browser to refuse cookies. Some of the services we use such as Google Analytics, set cookies to allow us to gather anonymous data about your usage of our website. Browsers usually will allow you to refuse cookies but this could have a negative impact on the usability of many websites.
Links to Other Sites
Our website contains links to other websites. We are not responsible for the privacy practices of such other sites. When you leave our site please be sure to read the privacy statements of each and every website that collects personal data about you. This privacy policy applies solely to information collected by Smallwood Trust.
Your Data Abroad
The majority of our service providers are based or host their services within the European Union. The exception to this is our website, which is hosted with a US company. However, they are part of the EU Privacy Shield so are fully compliant with EU regulations including UK GDPR.
If any services change their base or hosting, we will ensure we put the appropriate safeguards in place.
Your Rights
You have control over the information you provide to us. Where we have asked for your consent you can object or withdraw your consent to the use of your personal data at any time. Though in some cases we may not be able to provide support where the information processing is an integral part of the service. We will tell you if this is likely to be the case.
Subject to some legal exceptions, you have the right to:
- request a copy of the personal information we hold about you;
- to have any inaccuracies corrected;
- to have your personal data erased;
- to place a restriction on our processing of your data;
- to object to processing; and
- to request your data to be ported (data portability).
To learn more about these rights please see the ICO website.
Please address any such requests to the Smallwood Trust Data Protection Lead by contacting us at info@smallwoodtrust.org.uk
If you are concerned about the way we handle your data please contact us. However you can also complain to the Information Commissioner’s Office
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745
Fax: 01625 524 510
Any concerns or queries about this privacy policy should be sent to the Smallwood Trust Data Protection Lead through info@smallwoodtrust.org.uk
Last update: June 2024
Policies
This page contains some of our policies which may be relevant to you. If you would like to see any of our other policies or want more information about our policies, please contact us on info@smallwoodtrust.org.uk
For Conflicts of Interest Policy Click here
For Complaints Procedure Click here