This policy outlines how your personal data will be collected and processed by us in accordance with the General Data Protection Regulation EU 2016/679.
The data controller and data processor is Hayley Corker of Corker Charity Consulting, for and on behalf of The Lawson Trust.
By choosing to use this website; sending us emails; exchanging correspondence and telephone calls; and making online grant applications, we may collect your contact details (email, addresses, telephone numbers and your organisation details) for the purposes of providing you with information or advice relevant to your enquiry, processing your application and awarding a grant to the organisation you represent. We necessarily have to retain these records where associated with our communications for professional and legal reasons.
The Lawson Trust will only share your personal information and application details with Hayley Corker of Corker Charity Consulting. Sometimes we may need to share your information with Kent Community Foundation and Sussex Community Foundation in order to determine the best route for an organisation to apply for a grant.
We use information collected to keep in touch with you about an application, for trustees to make a funding decision based on your application, to make grant payments to your organisation and to obtain updates on how your organisation has spent a grant we have awarded.
We will not transmit information to any other third parties without your agreement except where obligated below. Nor will we disclose your email address without your agreement but in the interests of providing an efficient service we may seek your consent in advance.
Our database host is Gallery Partnership.
When you give us personal information, we take steps to ensure that it’s treated securely. Our website is protected by SSL (secure sockets layer) which creates a secure connection between a user’s web browser and our server. This means information such as names, phone numbers, addresses and any payment details stay private and secure.
Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software 256-Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer. Once we receive your information, we make our best effort to ensure its security on our systems.
We store the personal information collected above on password-protected servers. We never release personal details to other third parties without your prior consent and we may request proof of identity before we will release the information to you. Security precautions are in place to protect the loss, misuse or alteration of your information.
Our database host is Gallery Partnership.
Third Party Information
We use Google Analytics as a third party software data collector. Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the data collected to track and examine the use of this website, to prepare reports on its activities and share them with other Google services.
Google may use the data collected to contextualise and personalise the ads of its own advertising network.
Personal data collected: Cookies and Usage Data.
Standard Rights of the User under GDPR
Users may exercise certain rights regarding their data processed by the owner.
Users entitled to broader protection standards may exercise any of the rights described below. In all other cases, users may inquire with the owner to find out which rights apply to them.
In particular, users have the right to do the following:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their personal data.
- Object to processing of their Data. Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Access their Data. Users have the right to learn if data is being processed by the owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their data and ask for it to be updated or corrected.
- Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their data. In this case, the owner will not process their data for any purpose other than storing it.
- Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their data from the owner.
- Receive their Data and have it transferred to another controller. Users have the right to receive their data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the data is processed by automated means and that the processing is based on the user’s consent, on a contract which the user is part of or on pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Details about the right to object to processing
Where personal data is processed for a public interest, in the exercise of an official authority vested in the owner or for the purposes of the legitimate interests pursued by the owner, users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their personal data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the owner is processing personal data for direct marketing purposes, users may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise user rights can be directed to the owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the owner as early as possible and always within one month.
Data transfer outside EU
The owner is allowed to transfer personal data collected within the EU to third countries (i.e. any country not part of the EU) only pursuant to a specific legal basis. Any such data transfer is based on one of the legal bases described below. Users can inquire with the owner to learn which legal basis applies to which specific service. Data transfer to countries that guarantee European standards: If this is the legal basis, the transfer of Personal Data from the EU to third countries is carried out according to an adequacy decision of the European Commission. The European Commission adopts adequacy decisions for specific countries whenever it considers that country to possess and provide personal data protection standards comparable to those set forth by EU data protection legislation. Users can find an updated list of all adequacy decisions issued on the European Commission’s website. Personal data collected: various types of Data. Data transfer abroad based on consent (this Website) If this is the legal basis, personal data of users shall be transferred from the EU to third countries only if the user has explicitly consented to such transfer, after having been informed of the possible risks due to the absence of an adequacy decision and appropriate safeguards. In such cases, the owner shall inform users appropriately and collect their explicit consent via this website. Personal Data collected: various types of Data.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained. If you have any questions about our privacy practices or this policy, please contact us.