This explains how we, the Commercial Education Trust (CET) store and process data regarding living individuals. CET aims to operate with the highest integrity and will fully comply with the law and GDPR in terms of data privacy and data protection.
Our policy respects the six principles of GDPR, ensuring your personal data should be:
- processed fairly, lawfully and transparently;
- collected for specified, explicit and legitimate purposes and not further processed in a way which is incompatible with those purposes;
- adequate, relevant and limited to what is necessary for the purpose for which it is held;
- accurate and, where necessary, kept up to date;
- not kept longer than necessary; and
- processed in a manner that ensures appropriate security of the personal data.
Why do we need your information?
CET supports various charities in order to promote career/business and enterprise education, primarily within the UK. We also fund lectures, evaluations and research so as to develop and share knowledge and expertise in our field of education. We use your personal data in the administration and development of our grant-making programmes and charitable activities, the organisation of events and the dissemination of news and reports.
Whose data do we collect?
We hold data on those who work in the field of education, those who apply to the Trust for grants, employers and those who may give financial and other support to the Trust.
How do we obtain your data?
Most of our data comes directly from you, given to us freely in order for us to retain contact. This could be by swapping business cards at events or by submitting to us an application for a grant. In some cases, we may collect data from someone else, for example where existing contacts feel that you would be interested in our work and suggest your name. We may also collect data from publicly available sources such as news articles or LinkedIn. We may also use publicly available directories and similar information such as Companies House.
What data do we store?
CET may store personal data such as:
- name, postal and email address, phone number and other relevant contact details and preferences
- occupation, skills and professional and employment details
- information on our relationship with you, such as correspondence or your attendance at events
- any other information needed for the assessment of a grant or contract which may include financial, education and employment, results of vetting checks.
- records of donations, Gift Aid status etc
- records of volunteering for CET
- information about our relationship with you, correspondence, meeting notes, attendance at events etc.
Storing your data
CET is committed to taking appropriate technical, physical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. We have taken steps to ensure that all external databases we use are also GDPR compliant. We have Data Protection and Data Retention and Destruction policies in place. These can be obtained from CET should, you wish to review them.
CET will keep your data for as long as is necessary for the reason it was originally obtained. For Grantees this could be the life of a project and the following years in order to monitor any impact. We also value the relationships we have with any person or organisation which could be interested in our work, so we will keep your data to retain contact with you for as long as you wish to hear from us. You are able to view our Record Retention and Destruction Policy on request.
Sharing your data
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put agreements or contracts and security mechanisms in place to protect data and to comply with our data protection and confidentiality standards.
Data held by us may be transferred to:
- processors, who provide specific services to us. A contract is always in place with a Data Processor.
- volunteers working with CET who assist us our committee work (for example, grant applications)
- basic information may be shared with attenders at a function or event or with the host of one of our events
- third party organisations that assist us in providing services; our auditors and other professional advisers.
The Data Protection Act also recognises that it is sometimes appropriate to disclose personal data for certain purposes to do with the criminal justice or the taxation system. In these cases, individuals’ rights may occasionally need to be restricted.
Legal basis for holding and processing your data
The law requires us to tell you the basis on which we process your data. We will keep data for as long as is needed to complete the task for which it was collected. For example:
- in response to information requests about the Trust and our work
- for our service providers we hold your personal data to fulfil a contract with you.
- or grantee and prospective grantees, we process your data for reasons of “legitimate Interest.” Broadly speaking legitimate interest means that we can process personal information if we have a genuine and legitimate reason and we are not harming any of the rights and freedoms of the individual.
If the law requires your consent to process data in a certain way, then we will obtain it before carrying out that activity.
You have the right of access to personal data held by us as a Data Controller. To update personal data submitted to us, you may email us at firstname.lastname@example.org, or where appropriate contact us at the CET address, below.
Where practically possible, once we are informed that any data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information. Should you wish to be removed from our systems at any time you may contact us to do so. As long as we are not keeping your details for any other legal reason or to fulfil a contract we will remove you without delay.
If you have any questions regarding the above or complaints on how we store or process data, please contact us:
33 Queen Street, London EC4R 1AP
T: +44 (0)20 7203 1909
You may also contact the Office of the information Commissioner (‘ICO’) or other relevant authority. Please refer to the ICO website.