This policy explains what information we receive about you, what we use it for and how we keep it safe
on GivingisGreat.org (“the site”).
Personal data is information that, by itself or together with other data, can be used to identify you. The EQ Foundation (‘we’, ‘EQF’) is the controller of your information. We respect the confidentiality of your personal data and are committed to handling it securely.
The types of personal data that we collect
- Personal identity and contact details such as your name, occupation, nationality, age, gender and email address
How we collect your data
We collect personal information directly from you through:
- completing forms on our website
- through the use of website cookies (some of which are installed via third party providers).
We also obtain personal information from trusted third parties such as the Charities Commission of England & Wales and Companies House.
Registered users of the site may upload additional information about Trustees, typically in the form of biographical details.
How and why we use your data
Data protection law requires us to have a lawful basis for processing your personal data. Depending on the purposes for which we use your data, we may rely on one or more of the following lawful bases:
- Consent: Where you have provided your consent for us to use your personal data. You may withdraw consent at any time by emailing us at firstname.lastname@example.org. This will not affect the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned
- Legal obligations: It may be necessary for us to use your information to comply with our legal obligation For example, if we are legally required to hold transaction details for gift aid or accounting/tax purposes
- Legitimate interests: It may be necessary for us to use your personal data for the purposes of “legitimate interests” pursued by EQF or a third party (as long as those legitimate interests are not overridden by your rights and freedoms). Examples include: the aggregation and publication of data on Trustees from multiple sources such as the Charities Commission of England and Wales and Companies House in order to provide a more complete view of the structure and operation of the board. We believe that the publication of this data assists users of the site to understand how an organisation is governed and outweighs the loss of privacy for trustees.
Failure to provide personal data
When we collect personal data from you, we will make it clear whether you are required by law, or under a contract, to provide your personal data, and what will happen if you do not provide that data.
Sharing your data
We treat all personal data as confidential. We only disclose details to third parties outside of EQF subject to applicable data protection law:
We will never sell your details to someone else. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
Storing and processing your data
Your personal information will be stored on systems owned or operated by EQF or those of our specific suppliers. The majority of this information is processed in the UK and European Economic Area (EEA). However, some of your information may be processed by us or the third parties we work with outside of the EEA, including countries such as the United States.
Where your information is being processed outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK / EEA data privacy laws e.g. we will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.
We will only store your data for as long as is necessary for the purposes for which it was provided. What this means in practice will vary between different types of information. When determining the period for retaining your data, we take into account factors including:
- whether there are any existing obligations we may owe you or you may owe us;
- whether you require any follow-up communications;
- the likelihood for potential or actual disputes;
- legal obligation(s) under applicable law to retain data for a certain period of time; and
- guidelines issued by relevant data protection authorities.
Keeping your data secure
Your information is protected by controls designed to minimise against loss or damage through accident, negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and must undertake regular training on this.
If a data breach does occur we will endeavour to report this to the ICO and yourselves within 72 hours of identification of the breach.
Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information.
Understanding your rights
Data protection law provides individuals with various legal rights, which may be exercised in certain circumstances. You have the following legal rights over your personal data:
Right to be informed
Right of access
You have the right of access to your personal data. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request.
Right to request that your personal data be rectified
If your information is inaccurate or incomplete, you can request that it is corrected.
Right to request erasure
In certain circumstances, you have the right to request that personal information we hold about you is erased (such as where we no longer need your personal data for the purpose it was originally collected ).
Right to restrict processing
You can ask that we block or suppress the processing of your personal data for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.
Right to data portability
You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way. For example, if you were moving your pension to another pension provider.
Right to object
You can object to EQF processing your personal information where: it’s based on our legitimate interests (including profiling); for direct marketing (including profiling); and if we were using it for scientific/historical research and statistics.
Rights related to automatic decision making including profiling
You have the right to ask EQF to:
- give you information about its processing of your personal information
- request human intervention or challenge a decision where processing is done solely by automated processes
- carry out regular checks to make sure that our automated decision making and profiling processes are working as they should.
Accessing your information
You have a right to obtain a copy of the personal information that we hold about you: this will be collated and distributed to you within 30 days of a formal data request being made.
If you believe that any information held is incorrect or incomplete, you should contact our Data Protection Officer at our usual address. Any information that is found to be incorrect or incomplete will be amended promptly.
If you have any questions or concerns about our use of your personal information or wish to request a copy of the personal data we hold about you please contact:
100 Lower Thames Street
If at any time you are not happy with how we are processing your personal information then you may raise the issue with the Data Protection Lead in the first instance.
If you are not satisfied with the handling of your issue, you may raise a complaint with the Information Commissioner’s Office, which regulates and enforces data protection law in the UK.
Details of how to do this can be found at https://ico.org.uk/make-a-complaint/.
Changes to this Privacy Notice
This privacy notice was published on 19th February 2022 This privacy notice may be changed from time to time. We will advertise any changes on the site or, if the changes are significant, we will contact you directly with the information.