This policy covers personal information gathered through our charitable purpose of providing grants. It also covers the personal information that is held to help us to communicate with our contacts, with supporters and with donors. We have tried to keep it short, factual and jargon-free to provide a guide about how we approach these matters generally.
1. Who are we and what do we do?
As a grant provider we fund medical research and health & wellbeing causes in Cambridgeshire and the surrounding area. We do not conduct the research ourselves or provide any health/wellbeing service, so we do not keep personal data records for any of the participants in the research or for the beneficiaries of our health/wellbeing projects. We also do some marketing to promote our work and to encourage donors to support us.
We are a registered charity (#232891) and a company limited by guarantee (#166995) which has a registered office at:
The Evelyn Trust
42 Newmarket Road
We are registered with the Information Commissioner’s Office (ICO) as a data controller, registration number ZA234248.
If you have concerns about the way that we are handling your information that you do not wish to discuss with us then you can raise them with the ICO, telephone 0303 123 1113.
You can contact The Evelyn Trust on 01799 542708 or by email to office[at]evelyntrust[dot]com
2. What marketing do we do and what data do we use?
We currently provide a newsletter by email several times a year and are planning a number of events to which we invite potential supporters of our work.
We collect limited personal information from you, including name, address, telephone numbers, organisation, position, donations made, gift aid information and any other information provided by individuals. We may expand that by asking about interests and preferences.
We ask grant applicants, recipients, intermediaries and representatives of research institutes, charities and public bodies to network with us, to accept our newsletter and general update emails. We have an “unsubscribe” option on our newsletter that can be exercised at any time.
3. Where do we collect information from?
As well as collecting information from you directly, we collect information through our programme of charitable giving and through the contacts that this generates. We also research potential contacts, supporters and donors who may be able to help us promote our activities, to introduce us to new networks or groups, and who may become donors to support our giving. We have not used third party organisations to provide such contact data and have relied mostly on searching publicly available databases or have acted on individual referrals.
We do not collect information in an obtrusive way from individuals and we do not use any donor profiling software or acquire such data.
4. Storage and sharing of information
As well as holding data that is part of our charitable purpose, the marketing data is stored in our office systems and on our third-party support systems such as our website, newsletter and events management systems. We also use a limited amount of social media to promote further engagement with our newsletter.
We hold information on your preferences such as to receive or not to receive our newsletter or other communications or event invitations.
We operate through a small team and do not have support staff engaged in marketing activities. We do use external support to help manage our newsletter, events and website activities. All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not sell personal data to third party organisations and do not seek any permissions for us to do so. Your data is collected solely for us to further our own charitable purpose.
If we hold joint events with third party organisations, then we will only share data with those organisations for the purposes of holding those events.
5. Security of data and archiving
We hold grant application and performance information for at least six years, together with all data required to be held to meet our statutory and equivalent obligations.
Marketing data is held for as long as individuals wish us to hold it or to maintain preferences, including not to be contacted.
We archive physical records to an off-site records storage facility and maintain secure back-up records of stored electronic data. As above, where personal data is processed by a third party on our behalf we require them to take appropriate security measures and only process that data in accordance with our instructions.
6. Website, links to third party sites, cookies and social media
Our website contains links to third party websites and we do not control what happens on these websites, so clicking through means you have left our website and need to be wary of sharing any information that you may be asked to give or that could be collected.
Cookies are small data files stored by the browser on your computer or a mobile device. Websites can read and write to these files, storing data such as personalisation details or preferences and you cannot be personally identified from the information captured by any used by us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
The way that social media might store your data through your use of social media or other online tools is defined by the providers and not by the Evelyn Trust.
7. Your rights
Under the GDPR, in certain circumstances you have the right to:
Request access to your personal data (commonly known as a ‘subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data in certain circumstances.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of Persona Data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party.
Lodge a complaint with the ICO. If you have any complaints about the way in which we process your personal data please do contact us, using the details in section 1 above. Alternatively you have the right to lodge a formal complaint with the ICO.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us using the details provided in section 1.
(This policy was created and implemented in May 2018. It will be updated as needed.)