Privacy notice for Grantees and Applicants
The John Ellerman Foundation is a charity registered under the Charities Act 1960, No. 263207. We are an independent grantmaking foundation. We aim to support charities that make a practical difference to people, society and the natural world.
In order to pursue our aim and to comply with our policies, we receive, store and make use of information about our Grantees and Applicants. Some of this information is Personal Data under the General Data Protection Regulation (GDPR). This Privacy Notice sets out details of the information that we collect and hold in order to comply with the GDPR.
Identity and contact details of the controller
The John Ellerman Foundation, the controller responsible for your Personal Data, is located at Aria House, 23 Craven Street, London WC2N 5NS. Matthew Whittell, Head of Finance and Resources, is the individual responsible for Data Protection.
Purpose of the processing and legal basis for the processing, legitimate interests of the controller
We hold and make use of your data in order to administer applications and any grants we may award. We need to collect and hold this data in order to conduct our due diligence and to make reasonable assessments when awarding grants and in order to implement grants in accordance with their terms over the life of any grant. We may continue to hold your personal data beyond any final grant payment date to inform future grant applications and to enable us to review the impact of our grant making activities. As we are a grant making Foundation, holding this data to make and implement grants is in our legitimate interests and this is our legal basis for processing your data.
Recipients of personal data
We will not sell or otherwise pass your personal data to third parties (except as may be required by law or regulation, or directly in connection with your grant).
We do not make use of automated decision making techniques or profiling and your personal data will not be used in this way.
Transfers to third country and safeguards
We will not sell or otherwise pass your personal data outside of the EU (except as may be required by law or regulation, or directly in connection with your grant). It is in the nature of electronic communication, such as emails, and data storage that the precise geographic location of the data may not be under our control at all times. For example, we may send or receive emails to or about you while our staff are travelling. Our external data storage is encrypted and held securely by a data storage provider. We have put in place measures to ensure that your data is secure when we process it at our offices, whether in electronic or paper form.
Retention period, criteria used to determine the retention period
We review how long we keep your personal data on a regular basis. We will keep your personal data on our secure systems for as long as is necessary, both to administer your grant and for our own review purposes, in accordance with the GDPR.
The existence of each data subject’s rights
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us at the contact address above.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
The right to withdraw consent
To the extent that, now or in the future, we rely on your consent as our lawful basis for processing your personal data, you have the right to withdraw that consent at any time.
The right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with the Information Commisioners’ Office if you think we have processed your personal data inappropriately.