Privacy and data protection statement
1. City Bridge Trust and Privacy and Personal data
1.1 The City Bridge Trust is committed to protecting your privacy when you use any of our services. This Privacy Notice explains how we use information about you and how we protect your privacy.
1.2 City Bridge Trust is the funding arm of the charity Bridge House Estates. The sole corporate trustee of the Bridge House Estates is The City of London Corporation (City of London), PO Box 270, Guildhall, London, EC2P 2EJ.
1.3 The City of London Corporation is the registered data controller in respect of processing personal data and is required under data protection legislation to notify you of the information contained in this privacy notice. The City of London’s Data Protection Officer is the Comptroller and City Solicitor and can be contacted at the above address or by email at email@example.com.
1.4 The following notice provides details of privacy and data protection provisions specific to City Bridge Trust’s work. The full City of London privacy notice can be found here: https://www.cityoflondon.gov.uk/about-our-website/Pages/privacy-notice.aspx
2. Why and how does City Bridge Trust collect personal data?
2.1 City Bridge Trust collects personal data in order to accept and process funding applications, manage funding relationships and to offer other relevant services including its website, events and newsletter. It collects this through a range of methods including online application forms, assessment visits, email and telephone contact, online monitoring forms, ad-hoc surveys and sign-up forms for events and newsletters.
3. What personal information does City Bridge Trust collect?
3.1 The personal information City Bridge Trust collects includes:
- Contact details including name, email address, address and telephone number.
- Name, contact details and job description details of postholders funded by a grant.
- We do not usually ask for special category data although we may ask if you have a disability or any dietary requirements in order to make sure any events we run are accessible.
- We may ask grant applicants and holders to tell us about the users/beneficiaries you work with including through case studies or statistical summaries which might include special category data (e.g. the % of users with a disability). We ask that this data is aggregated and anonymised. We do not require individual beneficiary details.
4. Why does City Bridge Trust need your personal information?
4.1 City Bridge Trust will use your personal information to deliver the services and support you have requested from the Trust. This might include:
- To receive and assess funding proposals.
- To manage funding relationships including monitoring grant progress through reports and visits.
- To make grant payments.
- To undertake due diligence and prevent fraud.
- To undertake statistical analysis and research.
- To run events.
- To contact you about relevant services including capacity building services and City Bridge Trust related news.
4.2 Generally, we collect and use personal information where:
- you have given consent;
- you have entered into a contract with us;
- it is necessary for archiving, research or statistical purposes.
5.1 If we have consent to use your personal information for any particular reason, you have the right to withdraw your consent at any time. If you want to withdraw your consent, please contact firstname.lastname@example.org and tell us which service you are using, so we can deal with your request.
6. Your rights
6.1 The law gives you a number of rights in relation to what personal information is used by the City Bridge Trust, and how it is used. These rights are listed below, and full details can be found in the City Corporation’s Data Subject Rights Policy (https://www.cityoflondon.gov.uk/about-the-city/access-to-information/Pages/data-protection-policy.aspx).
6.2 You can ask us to:
- provide you with a copy of the personal information that we hold about you.
- correct personal information about you which you think is inaccurate.
- delete personal information about you if you think we no longer should be using it.
- stop using your personal information if you think it is wrong, until it is corrected.
- transfer your personal information to another provider in a commonly used format.
- not use automated decision-making processes to make decisions about you.
7. Do we share your personal information?
7.1 City Bridge Trust will share your personal data with other Departments within the City of London Corporation if this is a necessary part of delivering the services you have requested or, in the case of a funding relationship, where we have concerns about the possible breach of the terms and conditions of our funding. For example, financial information is shared with the City of London Corporation’s finance department (Chamberlain’s) in order to complete financial assessments of grant applications.
7.2 In some circumstances, we use other organisations to either store personal information or use it to help deliver our services to you (e.g. our database provider). Where we have these arrangements, there is always an agreement in in place to make sure that the organisation complies with data protection law.
7.3 As part of the assessment process applications for funding are shared in public papers. Individual contact details are removed from these papers. This is explained on the online application form and applicants are required to consent to this before applying for funding.
7.4 City Bridge Trust conducts statistical analysis of funding application received and grants awarded which may be shared publicly. This uses aggregate data and does not include identifiable personal data.
8. How long will City Bridge Trust keep my data?
8.1 Personal data will be retained for the duration of the funding period. City Bridge Trust will evaluate this data periodically to determine whether it should continue to hold such data. Archived grant records will be held by the London Metropolitan Archives in publicly accessible records following a review for GDPR compliance (e.g. any personal identifiable data will be reviewed).
8.2 Subject to any legal retention requirements, e.g. VAT regulations require appropriate financial records to be retained for six years, you may notify the City Bridge Trust if you do not wish data to be continually held by the City Bridge Trust.
8.3 Personal data provided will be stored outside of the UK by Blackbaud, who are delivering services on our behalf and have an agreed contract in place with City Bridge Trust, which includes the EU terms and conditions to allow personal data to be processed within the EU. They will not use the data to market their own services to you.
9. City Bridge Trust website
9.1 The City Bridge Trust may provide aggregate statistics about traffic patterns and related site information on the Website and also provide statistics to Central Government, Government agencies and other public bodies, but these will not include any personal identifying information. Please note in particular that statistical records are maintained of pages visited by users whether or not they have registered.
9.2 The City Bridge Trust may monitor user traffic on an aggregate basis in order to help it develop and improve the Website for the benefit of all users.
9.3 You are advised that the Internet is not a secure medium. The City Bridge Trust will use all reasonable endeavours to keep your information confidential and store it on a secure server which is password protected and hidden behind a firewall from the outside world. Internal procedures cover the storage access and disclosure of your information. The City Bridge Trust will not sell or pass your information on to any third parties without first obtaining your consent.
9.4 Because the Internet infrastructure is global and it is not possible to predict the routes that information sent over the Internet will take, the information you provide may be transmitted temporarily via a route which takes it outside the European Economic Area (EEA) as it passes between you and the City Bridge Trust. By submitting your information you consent to such transmission.
9.5 The City Bridge Trust shall not transfer user data outside the EEA except where it is necessary to fulfil an order for goods or services placed by a user in a country or territory outside the EEA. The City Bridge Trust will only be storing the information supplied together with details of the activities you have undertaken with the City Bridge Trust and mailings that have been sent. You acknowledge that countries or territories outside the EEA do not provide the same level of data protection as the EEA. By submitting an order for goods or services with the City Bridge Trust you consent to such transfer
9.6 The City Bridge Trust Website has links to other websites which will have different privacy, trading and use policies and conditions and you should familiarise yourself with the same.
9.7 A cookie is a small file which stores information that a website puts on your hard disk so that it can remember something about you at a later time. Typically, a cookie records your preferences when using a particular site. View the City Bridge Trust’s guide to cookies.
10.1 The City Bridge Trust may disclose personal information if required to do so by Law or in good faith believes it is required to do so by any order of the Courts or other competent body or agency or may do so to protect or defend the rights or property of the City Bridge Trust or to protect the personal safety of the City Bridge Trust’s employees or the public at large.
11. Data protection
11.1 The City Bridge Trust uses all reasonable endeavours to comply with the Data Protection Act 2018, which integrates the General Data Protection Regulations and the following principles:
(a) Personal data should be processed fairly and lawfully This means that individuals should not be deceived or misled into supplying information.
(b) Data should only be obtained for a specified purpose and should not be used for any other purpose. Limited to what is necessary.
(d) Personal data should be accurate and up to date where necessary.
(e) Personal data should not be kept for no longer than is necessary for the purposes for which the personal data was processed.
(f) Processed in a manner that ensures appropriate security of the personal data.
12. Further information
12.1 For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office
Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.