Friends Provident Foundation (the Foundation) is an independent charity that makes grants and uses its endowment towards a fair, resilient and sustainable economic system that serves people and planet. We connect, fund, support and invest in new thinking to shape a future economy that works for all.
To fulfill its work in support of its mission and aims, the Foundation may collect, store and process personal data about our applicants, grant holders, contacts, members of staff, trustees, advisors, contractors, and other third parties, and we are committed to handling personal data in accordance with data protection law. You can be assured that we will only request and retain personal information if we have a lawful basis to do so, as outlined by the General Data Protection Regulation (GDPR) (EU 2016/679) 2018, and by the Data Protection Act 1998.
The Foundation is the ‘data controller’ of the personal data provided to and stored and processed by the Foundation.
The Foundation may change this policy occasionally by updating this page. You should check this periodically to ensure that you are up to date with our latest version. You are also welcome to request copy of the policy at any time. This policy is effective from May 2018.
What do we collect?
Personal information is any information that can be used to identify you.
During the course of our activities we collect, store and process personal data about our applicants, grant holders, contacts, members of staff, trustees, advisors, contractors, and other third parties.
We may collect the following information
Contact information including email address, postal address and phone number
Job title (where relevant – e.g. for contractors, grant holders, applicants and other business-to-business and third-party contacts)
Records of events you’ve attended
Any other information that you choose to send us, or that we request, providing there is lawful basis to do so.
Information about your computer (such as IP address, which may also include location) and visits to and use of our website. This information is also collected on signing up to our e-newsletter.
Cookies when you visit our website (please see our Cookie notice for more information).
If you are a member of staff, or working, volunteering, for the Foundation, we may also need to collect the following information from you:
Emergency contact details
Other information to support our relationship with you, such as health details.
We do not collect sensitive personal data in the process of our operations.
Why do we collect personal data?
We require this information to enable us to deliver our services as an efficient and effective grant maker and social investor. In particular we will use this information to:
- Process grant applications through use of our online Salesforce database
- Process social investments through use of our online Salesforce database
- Invite you to attend events or send you information that we feel would be relevant to your interests
- Where relevant make payments to you or your organisation
- Analyse and improve the services offered on our website
- Keep you updated on our work
How do we process your data?
We will process your data in accordance with the principles of the GDPR (2018) and Data Protection Act (1998). Our legal basis for holding your information is normally legitimate interest or necessary for a contract. We categorise data on the basis of organisations we work with (their geography, sector specific focus, amounts given out). We do not categorise according to personal data at any time.
We are committed to ensuring that your information is secure.
Information is stored on our password-protected cloud-based electronic systems, including on our cloud-based database (Salesforce); HR System (CiviHR); newsletter mailing host (MailChimp); event-bookings site (Eventbrite).
The cloud-based server for our internal cloud-based electronic systems is based within the United Kingdom.
We also take appropriate steps to protect files containing personal information in line with our IT Security Policy, including taking due care when working within and out of the Foundation’s office.
How long do we keep your data?
We only hold your data as long as is necessary for the purpose for which it was given to us and for delivering an efficient and effective service. For specific categories and retention periods please see our specific Privacy Notices; or more details can be provided on request.
You can contact us at any time about your data.
Please contact Data Protection Lead: firstname.lastname@example.org or on 01904 629675.
You have the right to withdraw consent to processing at any time, in instances where the lawful basis of processing is consent (for example for our e-newsletter, or other instances where we have requested specific consent).
You have the right to request access to the personal data we hold on you.
You have the right to request that we delete your personal data from the Foundation’s records (“the right to be forgotten”) and we will honour any such request providing there we are not under any legal requirement to retain it. If this is the case, we may be required to retain your data until we are not legally bound to do so. At the end of this required period, we will delete your data.
We will notify you if there is ever a breach of confidentiality on your personal data which is likely to result in high risk to your rights and freedoms.
For any concerns you have about our use of data, please contact: Data Protection Lead: email@example.com or on 01904 629675.
You can also contact the Data Protection Regulator, the Information Commissioner’s Office (ICO): https://ico.org.uk/global/contact-us
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.