Privacy and Data Protection Policy
Ways that we collect information
We may collect and process the following personal information or data (information that can be uniquely identified with you) about you:
- Certain information required to access the services provided by us, including your name, address, date of birth, e-mail address and telephone number;
- Similar detail of your nominated contact if applicable;
- Details of your medical condition and/or disability including any supporting documentation provided by a qualified health professional;
- Information about your personal circumstances including who lives with you in your household and their relationship to you and the ownership of your residence;
- Information regarding household income and savings;
- Information relating to any other applications for funding that you may have made;
- Information provided in connection with purchase orders you place with third party suppliers via email, by telephone or in person relating to your application;
- Details of accounting or financial transactions that relate to your purchase orders. This may include bank account details of third party suppliers. We will not collect and do not require any details relating to your personal bank account, credit card or other payment methods;
- A record of any correspondence between you and us;
- Details of your visits to our website and the resources that you access;
- Information we may require from you when you report a problem with our website.
We only collect such information when you choose to supply it to us. You do not have to supply any personal information to us but you may not be able to take advantage of all the services we offer without doing so.
Information is also gathered without you actively providing it, through the use of various technologies and methods such as Internet Protocol (IP) addresses and cookies. These methods do not collect or store personal information.
An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the internet. It is generally considered to be non-personally identifiable information, because in most cases an IP address can only be traced back to your ISP or the large company or organisation that provides your internet access (such as your employer if you are at work).
We use your IP address to diagnose problems with our server, report aggregate information and determine the fastest route for your computer to use in connecting to our website and to administer and improve the website.
Use and Disclosure
We may use this information to:
- assess and process your application for a grant;
- ensure that the content of our website is presented in the most effective manner for you and for your computer and customise the website to your preferences;
- assist in making general improvements to our website;
- carry out and administer any obligations arising from any agreements entered into between you and us;
- allow you to participate in features of our website and other services;
- analyse how users are making use of our website and for internal marketing and research purposes.
We do not disclose any information you provide to any third parties except:
- where other organisations are part of the match funding in respect of this application
- where supporting information or clarification may be required from your qualified health professional or nominated contact.
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
- to protect the rights, property, or safety of The ACT Foundation, our website’s users, or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Other than as set out above, we shall not disclose any of your personal information unless you give us permission to do so.
Retention of Data
It is our current policy to retain personal data for a period of 6 years from when a decision on an application is made. After this time all personal data, whether in hard copy or in electronic form, will be destroyed.
Hard copy data is securely stored on our premises or off site by a specialist storage provider.
Electronic data is held on specialist software designed specifically for grant making organisations.
A cookie is a piece of data stored locally on your computer and contains information about your activities on the internet. The information in a cookie does not contain any personally identifiable information you submit to our website.
Once you close your browser, our access to the cookie terminates. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer. To change your browser settings you should go to your advanced preferences.
If you choose not to accept the cookies, this will not affect your access to the majority of information available on our website. You will not however be able to make full use of our online services.
We use log files generated by our web servers to analyse website usage and statistics but the files do not identify any personal information. Log file analysis helps us to understand usage patterns on our website and to make improvements to our service.
Access to and correction of personal information
We will take all reasonable steps in accordance with our legal obligations to update or correct personally identifiable information in our possession that you submit via this website.
The Data Protection Act 1998 gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request can be made free of charge providing you with the details of the information we hold about you. If requested, we will provide this information within one month. If you wish to see details of any personal information that we hold about you please contact us by way of our contact page.
We take all appropriate steps to protect your personally identifiable information as you transmit your information from your computer to our website and to protect such information for loss, misuse and unauthorised access, disclosure, alteration, or destruction. We use leading technologies to safeguard your data and operate strict security standards to prevent any unauthorised access to it.
We cannot be responsible for the privacy policies and practices of websites that are not operated by us, even if you access them via the website that is operated by us. We recommend that you check the policy of each website you visit and contact its owner or operator if you have any concerns or questions.
In addition, if you came to this website via a third-party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party website and recommend that you check the policy of that third party website and contact its owner or operator if you have any concerns or questions.
Transferring your information outside of Europe
If you use our website while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
By submitting your personal information to us you agree to the transfer, storing or processing of your information outside the EU in the manner described above.
We are currently working with our suppliers towards full GDPR compliance in order to be fully compliant by May 2018.
If at any time you would like to contact us with your views about our privacy practices or with any enquiry relating to your personal information, you can do so by way emailing us at firstname.lastname@example.org