Esmée Fairbairn Foundation (EFF) takes your privacy seriously. We are committed to looking after your personal information, handling it in a responsible manner and securing it with industry standard administrative, technical and physical safeguards.
EFF follows two guiding principles when it comes to your privacy:
- Transparency. We work hard to be transparent about what personal information we collect and process.
- Simplicity. We strive to use easy-to-understand language to describe our privacy practices to help you make informed choices.
Esmée Fairbairn Foundation (EFF) is registered as a data controller with the Information Commissioner’s Office (ICO). It is also a registered charity (registration number 200051) with its main place of business at Kings Place, 90 York Way, London, N1 9AG. If you have any queries about this privacy notice or about any aspect of EFF’s data management please contact our data protection lead at info@Esméefairbairn.org.uk.
This Privacy Notice will be regularly updated to ensure that it continues to comply with the latest regulation and best practice. It was last updated on 14/09/2020.
Our privacy notice is a detailed guide to how we use your information. It sets out our approach to how we handle your personal information in the following areas. Please click on the links below to access information that is relevant to you and your relationship with us.
Visitors to our website
When someone visits esmeefairbairn.org.uk, we use a third party service, Google Analytics, to collect standard internet usage information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. As soon as this information is collected through Google Analytics, users’ IP addresses are made anonymous, and we will not make any attempt to find out the identities of those visiting our website.
Our websites are hosted by Hactar. Apart from the analytical data captured by Google Tag Manager and Google Analytics, the website will also capture all requests made to the server to detect and prevent fraud and unauthorised access and to maintain server security.
Grant applicants, current and former grant recipients
Application and grant management
We will only ask for as much information as we need to effectively consider a grant application, to manage an award if you are successful and to monitor its progress. In submitting an application, you are agreeing to us processing your data for these purposes and in the ways outlined in this section. To collect information, EFF uses a combination of Typeform (to host our funding eligibility quiz) and FormAssembly (to host our application form).
We may collect sensitive personal data for some grant schemes to enable us to monitor the diversity of our applicants and we sometimes use a premium version of SurveyMonkey, complete with
SurveyMonkey’s Data Processing Agreement, to capture this data. This data will be anonymised once it has been matched to the grant award or declination decision and the progress of the application logged.
We use Salesforce to store grant data. Our Salesforce instance is hosted in the EEA and complies with GDPR. More information on Salesforce Privacy Information is available here.
If you apply, we will keep a record to enable us to maintain records of your application history should you apply again, including assessment notes. In addition to application data, we will retain any personal data related to the administration or operation of the grant, including name, email address and phone number.
We may use assessors, advisors, consultants, judges or working group members to assist us with the grant application and management process, including evaluation and research activities. Before data is shared with any party, we ensure a data processing agreement which meets the standards of GDPR is in place.
Data about what we fund
Information regarding grants and social investments awarded is published on the EFF’s website and in its annual accounts which are submitted to Companies House and the Charity Commission. We also publish our funding data as part of 360 Giving. This will include the title and description of the funding, name of the recipient, date of the award, its duration and the amount awarded. We will not publish address details of individuals who are awarded funding except where these are also the registered addresses of organisations we fund. If you use a personal address for an organisation and do not wish us to publish this information, you must inform us at the point of the funding being awarded.
We may also include information on funding awarded in presentations about the EFF’s work.
There may be times we share information with a third party organisation such as a charity or other funder who may contact us for a reference. Most information will be organisational and not personal, but at times personal data (for example the names of senior staff) may be included. This is a legitimate interest as it will improve funding to the sectors we fund.
We may collect personal data from business contacts to enable us to undertake the legitimate activities of the Foundation.
Research undertaken by EFF
From time to time, the Foundation may undertake research which will involve the collection of personal data. Where possible, this data will be anonymized before publication. Where anonymization is not possible, data will only be shared if explicit consent is received. We may use SurveyMonkey for some of this research. Any identifiable personal data will be held for up to one year following completion of the project.
Members of the public who make enquiries
If you contact EFF with an enquiry, we will store your details only for as long as necessary to enable us to respond to your enquiry and for up to 3 months after our response. This may be by telephone, email or written correspondence. If your enquiry is for pre-application advice, we will hold your details for up to 18 months to ensure we have the data to refer to in the case of you making an application.
Visitors to our office
If you visit our office, we will ask you to provide your name and contact details to enable us to keep track of attendees in the building. We will not use it for any other purpose. We will however retain details about the numbers of visitors to our offices, for monitoring purposes.
Suppliers and others to whom we make payments
If we have an obligation to pay you (e.g. following delivery of services or to reimburse expenses) we will collect personal data from you to enable us to complete this contractual transaction. We will store this data in our accounting system, Sage. use online banking to make supplier payments.
Investment fund administrators and other organisations we contract with are required by anti-money laundering (AML) legislation to verify the identity of their clients. Therefore, for AML purposes we are required to keep personal data about our trustees and directors. This data is reviewed every 6 months to ensure only accurate current copies are retained and out of date information is destroyed. However, EFF will retain copies of AML documentation sent to investment funds to verify identify for the lifetime of that investment where the AML documentation forms part of the contractual arrangement with that fund.
EFF will collect personal data of contacts at investment firms and banks as part of our dealings with them. This will be retained for the length of the contract and then deleted.
IT management systems
EFF uses several systems to manage its IT infrastructure. Personal data of users (normally only staff) is collected to enable us to manage and operate our systems and is logged in our accounts held on these systems. This includes:
- Google – to warehouse our data and provide us with website analytics
- Salesforce – to access, edit and store our data relating to active and previous grants and applications
- Microsoft – to provide Office Suite facilities (such as SharePoint, Word, Outlook, etc), including file storage for EFF day-to-day operations. Microsoft also provide us with our finance system.
- FormAssembly – to collect and store information relating to funding applications
- TypeForm – to collect and store information relating to potential applicant’s eligibility for funding
- SurveyMonkey – to collect information relating to ongoing and previous surveys and research
- Atlassian – to provide project management platforms (Jira and Trello) for EFF staff
In addition, the Foundation contracts with Ramsac to provide IT support. Ramsac have access to all EFF systems for the purposes of support and maintenance only and manages EFF’s backup and spam management systems. Their contract includes a data processing agreement which meets the standards of GDPR.
EFF also contracts with other third parties on a per-project basis. This may necessitate access to specific platforms and the data within. If this is the case, Data Sharing Agreements are put in place between EFF and the third party, and access to any sensitive data is restricted as much as possible.
Job applicants, current and former staff
All the information you provide during the job application process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect your application if you don’t. Information on the equal opportunities form will be treated in confidence and will not be seen by staff directly involved in the selection process. The questionnaire will be detached from the application form before the form is seen by those involved in selection, stored separately and used only to provide statistics for monitoring purposes after which point it will be destroyed.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the campaign.
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.
If you are successful, the information you provide during the application process will be retained by us as part of your employee file. This includes your criminal records declaration, fitness to work, records of any security checks and references. Your employment file will also contain all personal data related to your employment at the Foundation. This will be retained for the duration of your employment plus 6 years following the end of your employment. After that time, we will retain basic details of your name, start and end date and job title only for archive purposes.
Personal contact details of employees will be shared with Foundation managers and trustees for the purposes of emergency contact in line with the Foundation’s Disaster Recovery Plan. Personal contact details of nominated emergency contacts for individual staff members will be held on employee files and will only be used in an emergency. These will be deleted within one month of the employee leaving EFF.
Data processes and HR
We may use recruitment agencies to assist us with filling posts. Details of the Privacy Policies of the agencies will be available on their websites.
We use Cambridge Associates to provide advice to staff on pension and insurance matters.
EFF uses a variety of social media platforms including Twitter, Vimeo and YouTube. We also use Buffer to manage and measure our social media interactions.
Photographs and videos
EFF will often use videos, which may be commissioned by us or submitted by those we work with, to illustrate the work of the Foundation and the projects we support and these may involve personal data which we collect as part of the legitimate activities of the Foundation. Videos may be stored on EFF systems or hosted on Esméefairbairn.org.uk and/or via Vimeo or YouTube.
Videos commissioned by the Foundation may be recorded and edited by external film makers and we will have a data processor agreement which meets the standards of GDPR in place.
From time to time we may showcase videos produced by third parties such as grantees or partners that we work with through our communications channels. In doing so, we will make every effort to ensure suitable permissions and compliance with GDPR are satisfied before use of video.
We may photograph events that EFF host or are involved in and we will inform participants that this is the case either by notice or specific forms. Participants have the right to withdraw their consent by following the instructions given.
We will also take photographs of staff – both headshots and at events. Staff will be asked to provide their consent to the use of these photographs.
We may use the photographs in EFF publications, social media, website or the press. Photographs will be stored on EFF systems and held for up to 5 years, or in the case of staff headshots until the person leaves EFF. If we commission an external photographer, we will put a data processor agreement which meets the standards of GDPR in place and the photographer will be bound by the same photograph retention policy.
From time to time we may request images from those we work with to promote the work that we support through our communication channels. In accessing images, we will make every effort to ensure suitable permissions and compliance with GDPR are satisfied before use of the images.
We may collect personal detail about grantees or other individuals involved in the work of the Foundation in order to produce publications about EFF’s work. We will obtain the consent of the individuals involved to their inclusion. The information that we include in EFF publications is shared through our website and other communications channels, including press releases and social media. In the process of preparing and disseminating publications, we may share information with a variety of third-party processors. For example, graphic designers will often format and arrange printing of content. Proofreaders and / or consultants may be engaged to review work. In all cases we will ensure a data processor agreement is in place which meets the standards of GDPR. EFF will retain digital and hard copies of publications in order to maintain an archive of the Foundation and our grantees’ work.
Audit and regulatory requirements
We may share any data about the operation of EFF with the Foundation’s auditors, KPMG, the HMRC, the Charity Commission, the Information Commissioner’s Office, Companies House and other regulatory bodies should this be necessary to complete statutory audit and regulatory requirements.
Under the General Data Protection Regulation (GDPR) which came into force on 25 May 2018 you have rights as an individual data subject which you can exercise in relation to the information we hold about you. Read more about these rights on the ICO’s website.
Complaints and queries
EFF tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
We would also welcome any suggestions for improving our procedures. To contact us, or raise a concern, email firstname.lastname@example.org.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of EFF’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to our data protection lead at the address in the Introduction above.
If you want to make a complaint about the way we have processed your personal information, you can contact the ICO as the statutory body which oversees data protection law ico.org.uk/concerns
Access to your personal information
EFF tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under GDPR. If we do hold information about you, we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To make a request to EFF for any personal information we may hold you need to put the request in writing addressing it to our data protection lead and emailing info@Esméefairbairn.org.uk or writing to the address provided above.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the data protection lead.
Privacy notice changes