This explains how we, the Commercial Education Trust (CET) store and process data regarding living individuals. CET aims to operate with the highest integrity and will fully comply with the law and GDPR in terms of data privacy and data protection.
Our policy respects the six principles of GDPR, ensuring your personal data should be:
CET supports various charities in order to promote career/business and enterprise education, primarily within the UK. We also fund lectures, evaluations and research so as to develop and share knowledge and expertise in our field of education. We use your personal data in the administration and development of our grant-making programmes and charitable activities, the organisation of events and the dissemination of news and reports.
We hold data on those who work in the field of education, those who apply to the Trust for grants, employers and those who may give financial and other support to the Trust.
Most of our data comes directly from you, given to us freely in order for us to retain contact. This could be by swapping business cards at events or by submitting to us an application for a grant. In some cases, we may collect data from someone else, for example where existing contacts feel that you would be interested in our work and suggest your name. We may also collect data from publicly available sources such as news articles or LinkedIn. We may also use publicly available directories and similar information such as Companies House.
CET may store personal data such as:
CET is committed to taking appropriate technical, physical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. We have taken steps to ensure that all external databases we use are also GDPR compliant. We have Data Protection and Data Retention and Destruction policies in place. These can be obtained from CET should, you wish to review them.
CET will keep your data for as long as is necessary for the reason it was originally obtained. For Grantees this could be the life of a project and the following years in order to monitor any impact. We also value the relationships we have with any person or organisation which could be interested in our work, so we will keep your data to retain contact with you for as long as you wish to hear from us. You are able to view our Record Retention and Destruction Policy on request.
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put agreements or contracts and security mechanisms in place to protect data and to comply with our data protection and confidentiality standards.
Data held by us may be transferred to:
The Data Protection Act also recognises that it is sometimes appropriate to disclose personal data for certain purposes to do with the criminal justice or the taxation system. In these cases, individuals’ rights may occasionally need to be restricted.
The law requires us to tell you the basis on which we process your data. We will keep data for as long as is needed to complete the task for which it was collected. For example:
If the law requires your consent to process data in a certain way, then we will obtain it before carrying out that activity.
You have the right of access to personal data held by us as a Data Controller. To update personal data submitted to us, you may email us at email@example.com, or where appropriate contact us at the CET address, below.
Where practically possible, once we are informed that any data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information. Should you wish to be removed from our systems at any time you may contact us to do so. As long as we are not keeping your details for any other legal reason or to fulfil a contract we will remove you without delay.
If you have any questions regarding the above or complaints on how we store or process data, please contact us:
33 Queen Street, London EC4R 1AP
T: +44 (0)20 7203 1909
You may also contact the Office of the information Commissioner (‘ICO’) or other relevant authority. Please refer to the ICO website.