General Data Protection Regulations
Data we collect from you and why
We collect data about you (e.g. name, contact details) and the charity/organisation you are associated with for the following reasons:
If you apply for a grant from us
We use the data to
- Assess your claim for a grant.
- Monitor any grant made to your organisation and to perform any other requirements set out in the grant agreement between us.
- Allow us to perform our part of the grant agreement and to allow us to report to our funders, where applicable.
- Inform you, with your consent, about grant opportunities, training events and relevant seminars and conferences that may be of interest to you and to consult with you through surveys.
We may use personal data that identifies you, such as names and photographs, in our reports to our funders.
We will retain your personal data after the completion of the grant agreement for a period specified in the grant agreement. This will be deleted thereafter, unless you consent for us to retain it.
If you are one of our funders
We use the data to:
- Contact you and report to you regarding the assessment and monitoring of grants made on your behalf.
- Inform you, with your consent, of our activities and of relevant events and to consult with you.
Personal data will be retained as specified in the grant agreements and will be deleted thereafter, unless you consent for us to retain it.
If you are a person interested in our activities
We will use the data to:
- Inform you, with your consent, of our relevant activities and events that we organise or are party to and to consult with you.
- For example, if you have signed up to one of our newsletters or bulletins.
If you apply for a role in our organisation
- If you are unsuccessful in your application we will retain your application data for 6 months in order to contact you should other suitable opportunities arise.
- If you are a sub-contractor we will retain your contact details in case of our future needs for your expertise.
If you visit our website
We only collect information that will help us make the site work better for you, let us contact you if you’ve asked us to, to let us provide you with information about our work and funding and to understand how people use the site so we can keep improving it. We collect:
- Visitors’ IP addresses, and details of which browser they use.
- Information on how people use the site, using Google Analytics.
- Names and email addresses if you sign up to our newsletter online.
- We use small data files stored on your computer called cookies. Most large websites do this. They help us improve the website experience for you. Find out what we use them for, and how to control their use in the Cookies tab below.
We’ll never share or sell your information with other organisations for marketing, market research or commercial purposes, and we don’t pass on your personal information to any other website. We do however use our cookies to gather information about how people use our website using analytics.
Client-side cookies are used for Google analytics and tracking analysis. Usage of a cookie is in no way linked to any personally identifiable information while on Corra Foundation’s Website. If a user rejects the cookie, they may still use Corra Foundation’s Website. Cookies can be erased from your computer hard drive or can be blocked by configuring your internet browser software. Please refer to your internet browser instructions or the help screen for further information regarding these functions.
Your rights concerning your personal data are set out in the General Data Protection Regulations. Should you want to see the data we hold on you, or wish to withdraw consent for the use of your personal data, please contact us. You can find further information about your individual rights on the Information Commissioner’s website at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Protection of information
We use reasonable physical, technical and administrative measures to safeguard information in our possession. Please note however that no data transmission or storage can be guaranteed to be 100% secure. We use electronic data storage systems (cloud, disk) that are managed by third parties.
Those UK/EU third parties are confirmed to be GDPR compliant. On occasion we may use third parties who store electronic data who are based in the United States. These third parties are certified by the EU-US Privacy Shield Framework and aim to be GDPR compliant for UK/EU customers.
Our personal devices (laptops, memory devices) are encrypted and password protected and our paper storage is filed in a secure office, with archived material kept in a secure third-party site.
Examples of third parties we work with are:
- CRM Systems (Customer Relationship Management) to log our business activity.
- Marketing companies who assist us in making electronic communications.
- Online survey forms for feedback on services we provide.
If you wish to complain, in the first instance, please contact us and we will endeavour to resolve the issue with you. You also have the right to lodge a complaint with the Information Commissioner’s Office.
If you withdraw your consent
If you do not wish for us to retain your personal data, please let us know as soon as possible. However, you should note that it could become difficult or impossible to complete any contractual agreements with you or keep you informed of our activities.
Children, young people and vulnerable adults
Our principal services are for an adult audience over the age of 18 years. However, grants are provided to charities who work with children, young people and vulnerable adults. We will not use or disclose personal information regarding children, young people or vulnerable adults without the agreement of the child, young person or vulnerable adult and prior consent of the parent or guardian.
Corra Foundation, Riverside House, 502 Gorgie Road, Edinburgh, EH11 3AF
Phone: 0131 444 4020