Privacy Policy

PRIVACY POLICY

At FCC Communities Foundation we are committed to protecting and respecting your privacy. As a provider of grants under the Landfill Communities Fund (LCF) and Scottish Landfill Communities Fund (SLCF) our privacy policy sets out how we implement that commitment with regards to the collection and use of personal data and explains

  • When and why we collect personal data;
  • What personal data we collect;
  • How we use individual’s personal data;
  • How we store personal data;
  • The conditions under which we may share individual’s personal data; and
  • When we may destroy an individual’s personal data.

Additionally, the policy also explains an individual’s data rights and protections under the General Data Protection Regulation (GDPR). It should be noted that under the GDPR, sole traders are given the same rights and freedoms as individuals and therefore this policy refers to both individuals and sole traders.

FCC Communities Foundation is registered as a data controller with the Information Commissioners Office (ICO) under registration number Z8821888.. Any enquiry about how we process data or any questions regarding this Policy and our privacy practices should be sent by email to info@fcccommunitiesfoundation.org.uk or by writing to:

FCC Communities Foundation
8 Hopper Way
Diss
Norfolk
IP22 2PY

Why do we collect personal data?

As a provider of grants under LCF and SLCF, the types of personal data we may be required to handle includes information about current, past and prospective grantees, contributing third party donors, project contractors, staff and regulators of the schemes. In all cases we collect the minimum personal information we need.

Under the GDPR we are required to inform you of the lawful basis under which we process personal data and to inform you of why processing your personal data is necessary. As a provider grant funds to community groups and organisations we are required to collect certain limited personal data to carry on that business. We therefore collect and process your data under the lawful basis of:

(f) Legitimate Interest: data collection and processing are necessary for the purposes of providing grant funding to community organisations, groups, charities and local authorities.

What information do we collect?

We only collect data that is relevant and reasonable to the requirements of our business. Most of the information we collect is about the organisation who is applying for funds and the projects they wish to fund. This is not personal data; however we also collect a limited amount of personal data, which allows us to communicate with the prospective and successful organisations and monitor the management and delivery of the projects.

If you are or have applied for funding on behalf of an organisation the personal data we collect may include your name, address, email address and telephone number and if the organisation you represent does not have a business address we may also collect your personal address, email and personal telephone number.

If you have not applied but have contacted us for advice or guidance or for a general enquiry we may collect your name, address, email address and personal phone number.

If you use our website and our online database, we may collect your IP address and record cookies on your computer. These allow the website and database to function and we do not process this data further.

Furthermore, an applicant may be required to obtain quotes or invoices from third party contractors and suppliers, if an application is successful, they could be required to collect and process personal data (for example, when dealing with sole traders). FCC Communities Foundation are required to retain copies of all quotes and invoices to ensure compliance with the relevant scheme regulations and, from time to time, this information may also be shared with ENTRUST or SEPA (Scheme regulators). Some limited personal data may be contained within these quotes and invoices. We will only use this data to comply with our legal obligations under the Acts which govern the Landfill Communities Fund and Scottish Landfill Communities Fund.

How do we collect your information?

We obtain information when you complete an online application for funding, we request additional details from you, or you are named as a secondary contact, contributing third party donor or you are a project’s contractor. We may also collect information from you if you contact us with an enquiry, by phone, email, post or through the website or you provide feedback to us.

How do we use your data?

We may use personal information to:

  • Contact you to discuss an application where you are an authorised named contact;
  • Contact or inform you about the progress of an application where you are either the primary or secondary contact;
  • Contact you about an enquiry you have made;
  • Contact you about a contributing third party donation you have agreed to make;
  • Send you communications or information you have requested;

We do not conduct any marketing activity.

Who do we share your data with?

We do not sell or rent your information to third parties. We do not share your information with third parties for marketing purposes.

We are on occasion asked to provide the Regulators of the Landfill Communities Fund (ENTRUST) or Regulators of the Scottish Landfill Communities Fund (SEPA) details of funded projects and this may include some personal data. We do this to fulfil the requirements of the Acts which regulate the schemes. This is covered under the lawful basis of Article 6.1.(c): processing is necessary for compliance with a legal obligation to which the controller is subject.

How do we protect and store your data?

Data provided by applicants or prospective applicants, including emails and enclosures, are held on our secure online grant management database, GrantTracker. Personal data may also be stored in documents such as email letters and other correspondence stored within our secure network. All of these databases and networks are hosted securely through servers based in the UK and the EU.

Where you have access to GrantTracker you will have a secure login and password to access the system and the application or grant you are a primary or secondary contact for. You are responsible for keeping this password confidential and we ask you not to share your password with anyone.

Use of ‘cookies’

Like many websites, our website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. Cookies can also collect statistical data about your browsing actions and patterns and do not identify you as an individual. This helps us to review and improve the information on our website.

We use Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.

For further information visit http://www.allaboutcookies.org/ You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases some of our website

features may not function as a result.

Our website may contain links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

When do we remove your data?

If you represent an applicant organisation or are referenced within a successful project, we need to collect, store and process your personal data so we may contact you in relation to your application and, if funded, through to project completion and for a period afterwards, called post-completion management. The following sets out the minimum period you can expect us to keep your personal data:

Personal data (belonging to):

Minimum Retention period

Primary or Secondary contact for a grantee

Six years after the final post completion management action.

Primary or Secondary contact for an unsuccessful grant application

One year from Board decision

Contributing Third Party Donor for successful grant application

In perpetuity. We are required to keep a register of all CTP donors to ensure donors receive no benefit from the scheme.

Contributing Third Party Donor for unsuccessful grant application

One year from Board decision

Sole Traders who have quoted for or been a contractor to a funded project.

Six years after final post completion management for a project you have provided quotes and/or, if successful, invoices to.

Contacts referenced in incomplete applications not submitted.

6 months after applicable round deadline.

What are your data rights?

Under GDPR you have a number of rights regarding your personal data. The following sets out these rights and how we follow them:

Individual right

How we apply this right

The right to be informed

This privacy policy sets out how we collect and use personal data. The policy is available on our website and is provided on GrantTracker.

The right of access (also known as subject access requests)

You have the right to request a copy of the information that we hold about you. If you’d like a copy of the personal data we hold, please email or write to us using the contact details noted above. We will endeavour to provide the information as soon as possible, and never more than one month after receipt of your request.

To ensure data security we will request evidence of identification before we supply any personal data.

The right to rectification

Where you tell us that the information we hold on our records about you, is incorrect, we will update the data as quickly as possible, and no longer than one month after you have let us know.

The right to erasure (also known as the right to be forgotten)

The GDPR introduces the right to have your personal data erased. The right is not absolute and only applies in certain circumstances.

FCC Communities Foundation’s lawful basis for processing personal data is ‘legitimate interest’ we will only comply if there is no longer a legitimate interest which overrides the interests, rights and freedoms of you, as an individual or whether our interests can be satisfied through other means.

The right to restrict processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example, if you no longer wish to be a primary or secondary contact for an organisation.

The right to data portability

You have the right to request organisations provide you with a copy of your personal data to allow you to move, copy or transfer it from one IT environment to another.

This right only applies when the lawful basis for processing personal data is consent or for the performance of a contract. As our lawful basis is legitimate interest, this right does not apply.

The right to object

You have the right to object to processing your personal data for legitimate interests.

In this instance we will consider whether there is still a legitimate interest which overrides the interests, rights and freedoms of you, as an individual or whether our interests can be satisfied through other means.

The right to automated decision making including profiling

We do not undertake any automated decision making or profiling activities in relation to personal data.

What is the GDPR and what is ‘personal data’?

The new GDPR regulation becomes enforceable from 25 May 2018 and is given authority in UK legislation through the Data Protection Act 2018 (DPA 2018). The intention behind the updated regulation is to give individuals more say over how companies use and process their personal data. GDPR is relevant to every organisation, no matter how large or small, who collect ‘personal data’.

In the UK the ICO is an independent authority which upholds the UK legislation relating to Data Protection and other public information rights.

Under GDPR personal data is defined as any information relating to an identified or identifiable natural person (also known as a data subject), an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier. Personal data identifiers can include basic identity information e.g. name, address, email addresses, date of birth, ID numbers, web data such as location, IP address, Cookie tags.

The right to lodge a complaint with a supervisory authority

You can register a complaint about our handling of your personal data with the ICO, who are the UK’s supervisory authority for GDPR. You can find information on how to report a complaint here: https://ico.org.uk/concerns/

More information

For more information on the GDPR and how it governs your personal data you can access all of the detail, definitions and guidance from the ICO at the following link:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

We may review and update this policy and when this occurs, we will publish an update on our website.

This policy was issued in May 2019 and last updated in February 2023