Bright Side Foundation

GDPR Compliance Statement / Privacy Notice 

‍

Introduction 

The Bright Side Foundation (the Foundation) is a registered charity, number 1204201. This Compliance Statement and Privacy Notice together set out the steps that the Foundation takes to comply with General Data Protection Regulation (GDPR). The Privacy Notice is in a form that may be made publicly accessible.

‍

GDPR Compliance Statement

The Foundation is a grant-making charity that supports purposes that are exclusively charitable under the laws of England and Wales. We hold basic personal data about potential/current grant recipients, including their name, address, telephone number and email, in order to: assess funding opportunities; award grants effectively; pay grants; monitor the impact of grants; and maintain professional relationships with past, present and future grant-holders as part of our network.

‍

The data we collect and hold on organisations and projects is provided to us directly by those entities or collected from publicly available sources (e.g. the organisation’s website, annual accounts, the Charity Commission website).

‍

Contact details provided to us are not used for any purpose other than to discuss or appraise the work of an organisation and we do not allow any other individual or entity access to the data. The Foundation does not fundraise or conduct any marketing activity.

‍

Under the GDPR, the Foundation processes personal data on the basis of:

• legitimate interest in relation to our grant-making programmes; or
• a contract or agreement which the person has entered into or because the person has asked for something to be done so they can enter into a contract or agreement.

‍

The work of the Foundation is carried out by a small team: it is governed by its trustees and contracts the services of Greenwood Place. In carrying out the work of the Foundation, staff of the Foundation and Greenwood Place use laptops at home and desktop computers in a secure office. Data is also held on the phones, laptops and desktop computers of all trustees and contractors where they are included in the body of, or attachment to, an email. All devices are password protected.

‍

Contact details may also be stored on a cloud-based storage repository and a CRM database for the purpose of easily managing contacts. Access to both is password protected and only contact details provided to the Foundation are held here.

Bright Side Foundation Privacy Notice

‍

Who we are

The Bright Side Foundation (the Foundation) is a registered charity, number 1204201. We are committed to protecting and respecting your privacy, using robust security processes and being transparent about how we use your personal information. This Privacy Notice tells you how and why we use your personal information, the conditions under which we may disclose it to others and how we keep it secure.

‍

Who looks after your personal information 

Under the terms of the Data Protection Act 1998 and General Data Protection Regulation 2018 (GDPR), The Foundation is what is known as the data controller. When used in this Notice the terms “we”, “us” or “our” refers to the Foundation.

‍

What type of personal information do we collect?

We only collect basic personal information about you, such as your name, postal address, telephone number, email address and social media usernames, and the name and contact details of your organisation. If you provide any personal information about another person (for example, the name of the project manager) we will assume that you have their permission to do so and we will ensure that their information is held in accordance with our privacy policy. 

‍

We may also collect feedback, comments and questions received from you during communications relating to a grant such as in meetings, phone calls, documents and emails. 

‍

Where do we collect personal information from?

Most of the information we hold comes directly from you. This includes information you give us when:

• you are applying for a grant or we are undertaking due diligence in respect of a potential grant;
• you interact with us in person, through correspondence, by phone or email, or by social media channels; or
• you update your information.

‍

We might also collect or receive information about you from third parties - for example: referees (that you have put us in touch with), third parties that we contract to work with you, from legal or regulatory bodies and sources of publicly available information (e.g. the media). 

‍

Why do we collect personal information from you?

We collect and process personal information from you in order to achieve our charitable purposes and so that we can contact you through all stages of the grant-making process, including considering a funding proposal, undertaking due diligence in relation to a potential grant, awarding grants effectively, paying grants and monitoring the impact of our grants.

‍

How will we process your information?

Under the GDPR, the Foundation processes personal information where one of the following applies:

• we use the information to carry out our legitimate interest in relation to our grant-making activity;
• we use the information to carry out our obligations to you, as part of your relationship with us or under a contract or agreement entered with us;
• we must use the information to comply with the law or in the public interest;

• you have given your consent to use the information.

‍

When will we process your information?

We may process your information for the purpose of:

• contacting you (including to ask for your input or opinion and to share information that we think might be of interest or use to you) and dealing with your enquiries and requests;
• managing the grant-making process, including administering and monitoring a grant;
• fulfilling contractual and legal obligations. These include complying with: requirements set out in law (such as Data Protection Legislation and Anti-Money Laundering Regulations); requests made by regulatory bodies (e.g. the Charity Commission), HMRC and our auditors; and the terms of agreements with contractors, consultants or other professionals assisting with or advising us; 
• maintaining information as a reference tool to develop grant-making policy.

‍

What will we do with your information?

When you are being considered for a grant from the Foundation, the personal information you provide to us will be transferred to and held in our file sharing and customer relationship management (CRM) systems.

‍

All the personal information we collect may be processed by our trustees and our contractors in the UK, which at present includes Greenwood Place, registered company 10579996. Greenwood Place will hold and process your information in accordance with its own data privacy and GDPR policies. We will not transfer your information to another organisation.

‍

Who will see your information? 

Your information may, for the purposes set out in this Privacy Policy, be disclosed to:

• our trustees;
• our contractors, including Greenwood Place, who we contract to undertake parts of the grant-making process;
• referees provided by you;
• third party consultants or other service providers (such as IT support) to us;
• any other person or organisation in accordance with our contractual and legal requirements.

‍

We may also publish the names of organisations that have received grants from us in our annual report and accounts.

‍

How long will we hold information?

We will retain your information for the shorter of:

• seven years; or
• the time needed in relation to our grant-making process (including assessing a funding proposal, the duration of any grant and the duration of any grant management function that may arise in relation to such a grant) and for us to analyse information to inform future grant-making policy/processes.

‍

Information security

We believe that we have appropriate policies, rules and technical measures to protect the personal information which we have under our control (having regard to the type and amount of that information), from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.

‍

All of our trustees and contractors who have access to, and are associated with, the processing of your personal information are obliged to respect the confidentiality of your information.

‍

We ensure that your information will not be disclosed to other third parties without your consent except if required by law or when requested to by regulatory bodies.

‍

Please be aware that communications over the internet, such as emails/webmails are not secure unless they have been encrypted. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

‍

Your rights

You have certain rights when it comes to your personal information and there are various requests you can make. Your rights include:

The right to access your information: You can ask us for a copy of any information we hold on you. This is called a Data Subject Access Request (DSAR). When we provide you with a copy of your personal information, we will also provide an explanation of how it is being used.

The right to rectify your information: You have the right to ask us to correct information that you feel is inaccurate and/or incomplete. If you change your name, address, phone number or email address, please let us know straight away.

The right to restrict how we use your information: In certain circumstances, you have the right to ask us to stop using or to delete your personal information. (Please note that we may not be able to agree to your request if this is not possible for legal, regulatory or technical reasons.)

The right to object to how we use your information: In certain circumstances, you have the right to object to the way we process your information (e.g. if you feel that our use of your information for legitimate interests is causing you such a level of damage or distress that you would like us to stop).

The right to transfer your information: In certain circumstances, you have the right to ask us to transfer a copy of some of your information to you or to a new data controller (e.g. another charitable trust). 

The right to human intervention: In certain circumstances, you have the right to ask for an automated decision to be reviewed. Please note that all grant applications are managed with human intervention.

You can submit a request for any of your rights by writing to: contact@brightside.charity.

Right to withdraw your consent: Where we are relying on your consent to process any of your information, you have a right to withdraw that consent at any time. This will not affect any use we have made of the information before you withdrew your consent.

The right to complain to the regulator: If at any point you believe the information we process about you is incorrect you may request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal information, you can contact our office and we will investigate to resolve the matter. If you are not satisfied with our response or believe we are not processing your personal information in accordance with the law you can complain to the Information Commissioner’s Office (ICO). Their contact details are:

Information Commissioner Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

Telephone: 0303 123 1113

Review and amendments 

This policy will be reviewed annually by the Trustees, who may also make amendments to the policy at any time.

‍

How to contact us

If you want to request information about our privacy policy you can email us at: contact@brightside.charity.

‍

‍

‍