Privacy Policy

1. How we use your personal data

We are committed to protecting your personal data. The only data we collect from you is as submitted by you, as the applicant or you as the parent/guardian, on the grant application form attached to this privacy notice. We will use your personal data to (i) register you as a new applicant or as parent/guardian/step parent as applicable (ii) to decide if you or the applicant (as applicable) is eligible for a grant, (iii) to manage our relationship with you, (iv) to make payment of a grant if your/your child’s application is accepted.

We will not share your details with third parties for marketing purposes.

Special category data (sensitive data)

We do not generally collect any special category (sensitive) data about you, unless you enter (although not required) any such information into any section of our application form. Sensitive data includes data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

We will require your explicit consent for processing any special category data, so if you do submit any such details, we will send you a further communication asking for you to confirm your consent to this processing.

Our legal basis for processing your data

We will only use your personal data when legally permitted.

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
• When we have your explicit consent for processing sensitive data, in the unlikely event that you provide us with such data (please see the section on special category data above).

2. Disclosure of your personal data

We may have to share your personal data with (i) service providers who provide IT and system administration support, (ii) professional advisors including lawyers, bankers, auditors and insurers (iii) HMRC and other regulatory authorities (iv) to education professionals for the purposes of discussing your application.

We require any third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions. We will not share your details with third parties for marketing purposes.

3. International transfers

Some of our third party providers may be businesses outside of the EEA in countries which do not always offer the same levels of protection for your personal data. We do our best to ensure a similar degree of security by ensuring that contracts, code of conduct or certification are in place which give your personal data the same protection it has within Europe. If we are not able to do so, we will request your explicit consent to the transfer and you can withdraw this consent at any time.

4. Data security

We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those trustees who have a need to know such data in order to agree your application. They will only process your personal data on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.

In certain circumstances you can ask us to delete your data. See the section entitled ‘your rights’ below for more information. We may anonymise your personal data (so that you can no longer be identified from such data) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

5. Data retention

We will only keep your personal data for as long as is necessary to fulfil the purposes for which we collected it. We may retain your data to satisfy any legal, accounting, or reporting requirements so for example we need to keep certain information about you for 6 years after your application is made.

You have the right to ask us to delete the personal data we hold about you in certain circumstances. See section 6 below.

6. Your rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.
• Request transfer of your personal data.
• Right to withdraw consent.

You can see more about these rights at:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individualrights/

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you wish to exercise any of your rights or make a Subject Access Request, please contact: Mr D. Orr, Clerk to Clingans Trust, PO Box 9624, Poole, Dorset, BH14 4GR – or email clerk@clinganstrust.co.uk

7. Keeping your data up to date

We have a duty to keep your personal data up to date and accurate.

If there are any changes to your personal data (such as a change of address) please let us know as soon as possible by writing to or emailing the addresses set out in section 6 above.

8. Complaints

We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.