Privacy Policy

1. INTRODUCTION
Established in 1986, South Yorkshire’s Community Foundation (SYCF) is a registered charity in England and Wales (registration number 1140947) and a Company Limited by Guarantee in England and Wales (registration number 7545536). Our purpose is to improve the lives of local people and our three main aims are: to help local people and businesses manage their charitable giving; to build stronger communities and enrich lives through awarding grants; and to support the critical issues affecting our communities.

SYCF is committed to ensuring that your privacy is protected, and this privacy policy explains how we collect, manage, use and protect any information that we collect about you. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy policy.

South Yorkshire Funding Advice Bureau (SYFAB) is a wholly owned subsidiary of SYCF. This policy applies equally to SYFAB, where differences occur this will be clearly specified.

SYCF may change this policy from time to time by updating this page. You should occasionally check this page to ensure that you are happy with any changes. This policy is effective from 1st April 2018. It will be reviewed every three years.

2. WHOSE DATA DO WE COLLECT
We collect data on employees, volunteers and donors and those who might be employees, volunteers and donors. We also collect data on those who apply to SYCF for grants, whether on behalf of an organisation or personally.

3. HOW WE COLLECT YOUR DATA
Most of the information we hold about you has been provided directly to us by you. Your activities and involvement with SYCF will result in personal data being provided to SYCF, for example if you submit a grant application or become involved with our campaigns.

In some cases, we may collect data when you have given it to a third party. For example, data collected via a service provider such as JustGiving, or if we are partnering with another organisation (e.g. you provide your information to another charity we’re collaborating with). We collect it from third parties for example, where existing supporters feel you may be interested in supporting our work.

We collect it as you use our website. Please see our Cookies Policy for details.
We also collect data from publicly available resources. For example, information from news articles, social media (e.g. Twitter) and directories and registers such as the Royal Mail’s National Change of Address Database, Companies House and the Charity Commission. This is to gain a better understanding of our prospective supporters, supporters and grant applicants, and to improve the services that we provide. The information that we obtain from other organisations may depend upon your privacy settings or responses you give so you should check them regularly.

4. WHAT WE COLLECT
SYCF is the ‘controller’ of the personal data you (the ‘data subject’) provide to us. We will usually collect basic personal data about you like your name, postal address, telephone number, email address if you are supporting us or if you have applied for a grant with us we collect the data given on the grant application.
For example, we may collect the following information:
• name and job title
• contact and demographic information including email address and telephone number
• skills, educational attainment and professional accreditations
• professional activity and network(s)
• your connections to other organisations (e.g. your current and previous employers)
• your preferences and interests
• details of your donations including assets used to make donations, Gift Aid status
• details of your grant applications (including information about your organisation {including financial and governance}, management committee members and authorized signatories)
• information to publicise your grant, for example, case study, photographs etc.
• records of your interactions with SYCF for example: attendance at events, correspondence, meeting notes
• records of volunteering at SYCF
• information necessary to manage funds you have established or supported including information on successor advisors

We do not normally collect or store sensitive data (such as information relating to health, beliefs or political affiliation) about supporters or grant recipients. However, there are some situations where this will occur including, but not exclusively, if:
• An accident or incident occurs on our property, at one of our events or involving one of our staff (including volunteers).
• If you are attending one of our events and have disclosed specific access or dietary needs.
• For individuals who apply for grants where data around health is directly relevant to the awarding of the grant, we will also collect and store this sensitive data. If this does occur we will be very clear with you that we wished to collect such information, our reason for collecting such information, and that we would only do so with your specific consent and permission. We’ll also take extra care to ensure your privacy rights are protected.

5. WHAT WE DO WITH THE INFORMATION WE GATHER
The law allows us to process your data if it is in our legitimate interest to do so, but only so long as we need to and your “interests or your fundamental rights and freedoms are not overriding”. This means we ensure that the processing is not overly intrusive and that we only do so in a way which is described in this privacy policy.
We will process your personal information for our legitimate business and charitable interests, which include some or all of the following:

• internal record keeping
• recording and processing of donations (but not limited to funds which are subject to Donor Agreements or Fund Agreements)
• to claim Gift Aid on your donations
• to undertake statistical analysis (sensitive data will be anonymised)
• to improve our communication and services
• to plan fundraising
• to occasionally contact you about the work of SYCF. You will always have the ability to decline future contact
• to invite you to SYCF hosted events that we think may be of interest to you
• to assess your eligibility for a grant
• to administer volunteering opportunities
• to process applications for employment
• to make purchases and monitor contracts with our suppliers
• to comply with legal obligations as an employer
• to comply with money laundering regulations
• to monitor equality of opportunity
• processing and distributing grant applications
• maintaining a database of supporters and friends and helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this).
• We carry out research and analysis on our supporters and potential donors to determine the success of campaigns and appeals, better understand behaviour and responses, and identify patterns and trends. This helps inform our approach towards campaigning and makes SYCF a stronger and more effective organisation. Understanding our supporters, their interests and what they care about also helps us provide you with a better experience (e.g. through more relevant communications).
• We evaluate, categorise and profile personal data in order to tailor materials, services and communications, and prevent unwanted material from filling up your inbox.

6. WHO WE SHARE YOUR DATA WITH AND PROTECTING YOUR DATA
We are committed to ensuring that your information is secure.
We do not share your data with anyone else or any other organisation unless it is necessary for the purpose for which you give us the data. Examples include:
• Providing information to HMRC on Gift Aid donations as we are legally obligated to do so. More about this obligation is found here
• Providing information on employee salary details to HMRC as we are legally obligated to do so. More about this obligation is found here
• Submitting a Suspicious Activity Report to the National Crime Agency when SYCF knows, or suspects, that a person is engaged in, or attempting, money laundering, as we are legally obligated to do so under Part 7 of the Proceeds of Crime Act 2002
• Providing grant application information to grant panel members and others involved in the grant approval process
• Publishing data on grant recipients for groups/organisations (amounts/names/purpose) but we anonymise details for any individual grantees
• Sharing basic information on the attendees at an event or function or meeting with the host
• Providing data to third parties known as Data Processors, to provide specific services to us. For example, a mailing house in order to send a newsletter or payroll company to administer salaries for employees. A contract is in place with a Data Processor and they are not allowed to do anything with your data other than that which we have requested
• If we merge with another organisation to form a new entity, information may be transferred to the new entity.
• If we run an event in partnership with other named organisations, your details may need to be shared. We will be very clear what will happen to your data when you register.

Some of our suppliers (Data Processors) run their operations outside the European Economic Area (EEA). Although they may not be subject to same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

7. DATA SECURITY
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of, your personal information.

Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
Our electronic data is stored within secure cloud servers in the United States. Paper copies of any personal data that are stored in secure locked cabinets.

8. PAYMENT SECURITY
If you wish to make donations to SYCF we would never request your bank details directly. BACS payments can be made directly to our business bank account (details of which are available upon request), or via our secure online donations pages (provided by Just Giving).

Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by e mail or our website) are at the user’s own risk.
SYCF makes BACS and cheque payments to community groups if you (they) are successful in being awarded a grant. We will not store your bank details once that payment had been made.

9. RETENTION
We will not retain your information for longer than is necessary. Relationships between donors, grantees and South Yorkshire’s Community Foundation are often long term, and so we expect to keep your data for as long as that relationship exists. Where we can be specific about a timescale, for example, for a grants programme we will inform you of the timescale. Where we cannot give a timescale, we will inform you of the criteria used to determine the period.

If you decide not to support SYCF any longer, or request that we have no further contact with you, we will keep some basic information in order to avoid sending you unwanted materials in the future and to ensure that we don’t accidentally duplicate information.

10. LINKS TO OTHER WEBSITES
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy.

11. CONTROLLING YOUR PERSONAL INFORMATION
We want to ensure you remain in control of your personal data. The new General Data Protection Regulations (GDPR), which are being brought into force in May 2018, give everyone a number of very important rights. These include:
• the right to ask us to remove your personal data from our records (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
• the right to have inaccurate data rectified
• the right to request a copy of the information we hold about you
• the right to ask us to stop using your information for marketing or profiling, and
• where technically feasible, the right to obtain and reuse your personal data for your own purposes

You may choose to restrict use of your personal information in the following ways:
• Whenever you are asked to fill in a form look for the boxes that you can click to indicate how you would like us to contact you.
• Electronic communications will contain an ‘unsubscribe’ link.
• You can ask us to remove you from our database at any time by contacting Jo Reid, Business Support Manager by email, phone or post. Contact details are provided in section 12.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
If you believe that any information we are holding on you is incorrect or incomplete, please contact Jo Reid as soon as possible (contact details are provided in section 12). We will promptly correct any information found to be incorrect.

You may request details of personal information which we hold about you. A small fee may be payable. If you would like a copy of the information held about you, please contact Jo Reid, Business Support Manager by email, phone or post. Contact details are provided in section 12.

12. LEGITIMATE INTEREST
Under the new GDPR laws starting in May 2018, we have a number of lawful reasons that we can use (or ‘process’) your personal information. One of these lawful reasons is called ‘legitimate interests’.
Broadly speaking, ‘legitimate interests’ means that we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests.

So, what does this mean? When you provide your personal details to us we use your information for our legitimate business interests to carry out our work to make South Yorkshire a place of opportunity for all. Before doing this, though, we will also carefully consider and balance any potential impact on you and your rights.
Some typical examples of when we might use this approach are for preventing fraud; direct marketing; maintaining the security of our system; data analytics; enhancing, modifying or improving our services; identifying usage trends; and determining the effectiveness of our campaigns and fundraising.

SYCF will use various ways to achieve our mission and to support our objectives; we believe that people who share our values would love to know how to support us. We will process the personal information you have supplied to us to conduct and manage our business to enable us to give you the most appropriate marketing, information, service and products and provide the best and most secure experience. These are what we consider to be our ‘legitimate interests’ for holding and processing your data.

When we process your personal information for our ‘legitimate interests’, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Remember, you can change the way you hear from us or withdraw your permission for us to process your personal details at any time by contacting us.

13. ANY QUESTIONS?
If you have any questions about this privacy policy, please contact Jo Reid, Business Support Manager, by email: jreid@sycf.org, by post at the address below or by phone on 0114 2424857.
South Yorkshire’s Community Foundation
Riverside Works
Unit 9-12 Jessops Riverside
800 Brightside Lane
Sheffield
S9 2RX

14. WEBSITE COOKIES
For details of how cookies are used to understand the way our website is used please see http://www.sycf.org.uk/cookies-policy

15. MAKING A COMPLAINT OR GIVING POSITIVE FEEDBACK
If you are dissatisfied with our organisation or our work and would like to raise a concern or make a complaint, or if you would like to leave some positive feedback about any aspect of our work, please view our Compliments and Complaints form here.