top of page

Privacy Policy

Introduction

Preservation of your privacy is important to the RIDGES Foundation (the 'Foundation' 'we', 'our' or 'us' being interpreted accordingly) and we are committed to letting you know how we use your personal information and to making only responsible and lawful use of your data.

 

The Foundation is part of Prism The Gift Fund, a company limited by guarantee registered in England & Wales with company number 04677253 and whose registered office address is at 20 Gloucester Place, London, W1U 8HA.

 

Personal information relating to you or another individual from which they can be identified is called personal data ('Personal Data'). We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the UK General Data Protection Regulation (also called the 'UK GDPR') and the UK Data Protection Act 2018 as may be amended or updated from time to time, together with other applicable laws that regulate the collection, processing and privacy of your Personal Data (together, 'Data Protection Law').

 

This privacy notice ('Privacy Notice') tells you about the Personal Data we collect; how we handle or process such Personal Data during the course of our relationship, such as when you visit our website www.ridgesfoundation.org (the 'Website'), sign-up to our email newsletter, or in connection with our fundraising activities, grant-making activities or the administration of the Foundation, and who we may share it with. This Privacy Notice also provides information on any legal rights that you or another individual has in relation to their Personal Data.

Changes to this Privacy Notice

From time to time we may change the way we use your Personal Data and amend this Privacy Notice. Please check that you have seen the latest version.

 

When we make significant changes to this Privacy Notice we will take reasonable steps to inform you, for example by including a prominent link to a description of those changes on our Website for a reasonable period of time.

What Personal Data do we collect and use?

The Personal Data that we collect and use includes the following:

  1. name, title, address, phone, email and other contact details;

  2. financial details;

  3. data in relation to your preferences and any feedback you provide us;

  4. information about how you use the Website; and

  5. your preferences in receiving marketing communications from us,

as well as any other Personal Data that you, or another individual or organisation with your consent, may provide to us from time to time.

 

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your Personal Data but is not considered Personal Data since it will not directly or indirectly reveal your identity.

 

We do not collect any special categories of Personal Data about you (such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We do not collect any information about criminal convictions and offences.

 

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your personal details or other information we hold about you changes during your relationship with us.

How your Personal Data is collected

We collect Personal Data in various ways as follows:

  1. through communications and other direct interactions that you or others have with us with us from time to time, including your use of the Website;

  2. through the use of automated technologies when you use the Website;

  3. through communications and interactions with third party partners; and

  4. through third party legal and regulatory authorities.

Information about third parties

Please ensure that any Personal Data which relates to third party individuals is only provided to us with that person's knowledge of our proposed use of their Personal Data.

 

To the extent that you provide information to us about another individual as part of an application for grant-funding or as is otherwise necessary, you should only provide us with such information where you have obtained that individual’s prior, explicit consent. We will ask you to confirm that you have such consent as part of your application and, where you are acting on behalf of another individual, we also reserve the right to request documentary evidence from you in the future in order to verify that you have obtained the requisite consent and/or have continuing authority to act for that person.

What we use your Personal Data for

We will only use your Personal Data when the Data Protection Law allows us to. Most commonly, we will use your Personal Data in the following circumstances:

  1. the management and administration of the day-to-day activities of the Foundation;

  2. to contact you regarding donations made to the Foundation;

  3. to keep and administer our records;

  4. to manage the Foundation's fundraising activities with its partners;

  5. to fundraise and promote the interests of the Foundation in any other way;

  6. where you have given your consent for us to use your Personal Data for a particular purpose (such as providing you with information about the Foundation and its activities);

  7. to enforce and/or defend any of our legal claims or rights; and/or

  8. for any other purpose required by applicable law, regulation, the order of any court or regulatory authority.

 

Please note that, where applicable, you have the right to withdraw consent to marketing communications from the Foundation at any time by contacting us.

The lawful grounds on which we collect and process your Personal Data

We process Personal Data for the above purposes relying on one or more of the following lawful grounds:

  1. where an individual has provided their specific, informed and unambiguous consent;

  2. in order to set up and perform our contractual obligations to the individual whose Personal Data we process;

  3. where it is necessary for our legitimate interests (or those of a third party) such as administration of any grants (provided these do not unjustifiably override your rights); and/or

  4. where we need to comply with a legal obligation or for the purpose of us being able to establish, exercise or defend legal claims or enforce our rights.

 

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

 

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Disclosing your Personal Data to third parties

We may need to disclose or make Personal Data available to certain third party organisations who are processing data in accordance with our instructions under contract (called ‘data processors’) in the following circumstances:

  1. companies and/or organisations that act as our service providers or professional advisers, such as lawyers or external auditors;

  2. partner charitable organisations that are involved in collaborative projects with the Foundation; and

  3. companies and/or organisations that assist us in processing and/or otherwise fulfilling our grant-making activities.

 

We may also disclose your Personal Data to third parties who make their own determination as to how they process your Personal Data and for what purpose(s) (called ‘data controllers’), such as:

  1. where you have made an application on an individual’s behalf, to that individual; or

  2. any regulator of the Foundation or other central or local government agency.

 

The third party data controllers external to us with whom we deal as described in this Privacy Notice will handle the Personal Data provided to them in accordance with their own chosen procedures and you should check the relevant privacy notices of these companies or organisations to understand how they may use your Personal Data. Since they are acting outside of our control, we have no responsibility for the data processing practices of these data controllers.

 

Other than as described above, we will treat all Personal Data we receive as private and will not disclose or make Personal Data available to third parties without you knowing about it.  The exceptions are:

  1. in relation to legal proceedings or where we are legally required to do so and cannot tell; or

  2. where we use third party data processors who are engaged under contract to handle data on our behalf (for example an IT supplier or database hosting provider), we will make sure that they act only in accordance with our instructions and that adequate safeguards are put in place by them to protect Personal Data they handle on our behalf.

 

In all cases we always aim to ensure that your Personal Data is only used by third parties for lawful purposes and in compliance with applicable Data Protection Law.

International data transfers

We will not transfer your Personal Data outside of the UK or European Economic Area.

 

How long we retain Personal Data for

We will only retain your Personal Data for as long as is reasonably necessary to fulfil the purposes we collected it for. This includes for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements or where we need to retain information regarding grants or agreements entered into with you in order to deal with possible future legal claims in line with legal limitation periods.

 

We have a data retention policy (which we may make available on request) that sets out the different periods we retain data for in respect of relevant purposes in accordance with our duties under Data Protection Law. The criteria we use for determining these retention periods is based on various legislative requirements; the purpose for which we hold data; and guidance issued by relevant regulatory authorities including but not limited to the UK Information Commissioner’s Office (ICO).

 

Personal Data we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it.

 

Security that we use to protect Personal Data

We will take reasonable precautions to prevent the loss, misuse or alteration of information you give us.

 

We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.

 

We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data sent to us, including Personal Data.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

 

We use traffic log cookies to identify which pages of our Website are being used. This helps us analyse data about web page traffic and improve our Website in order to tailor it to user needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

 

Overall, cookies help us provide you with a better Website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Please note this may prevent you from taking full advantage of the Website.

 

The table below lists the cookies we collect and what information they store.

Cookie Name

Cookie Description

[x]

[x]

[x]

Your data subject rights

In accordance with your legal rights under applicable law, where we are handling your Personal Data you have a ‘subject access request’ right under which can request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to as well as certain other information. Usually we will have a month to respond to such as subject access request. We reserve the right to verify your identity if you make such a subject access request and we may, in case of complex requests, require a further two months to respond. We may also justify a refusal or charge for administrative time in dealing with any manifestly unreasonable or excessive requests for access. We may also require further information to locate the specific information you seek before we can respond in full and apply certain legal exemptions when responding to your request.

 

Under Data Protection Law, where we are handling your Personal Data, you also have the following rights, which are exercisable by making a request to us in writing:

  1. that we correct Personal Data that we hold about you which is inaccurate or incomplete;

  2. that we erase your Personal Data without undue delay if we no longer need to hold or process it;

  3. to object to any automated processing that we carry out in relation to your Personal Data;

  4. to object to our use of your Personal Data for direct marketing;

  5. to object and/or to restrict the use of your Personal Data for purpose other than those set out above unless we have a legitimate reason for continuing to use it; or

  6. that we transfer Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform contact with you and is being carried out by automated means.

  7. to withdraw your consent to the processing of your Personal Data at any time.

 

All of these requests may be forwarded on to a third party data processor who is involved in the processing of your Personal Data on our behalf.

 

If you would like to exercise any of the rights set out above, please contact us at the address below.

How to contact us

If you have any questions about this Privacy Notice or our privacy practices, please contact us via email at info@ridgesfoundation.org

 

If you are concerned that we have not complied with data protection law or responded appropriately to you when exercising your rights, you have the right to make a complaint at any time to the ICO (see www.ico.org.uk/make-a-complaint/). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

bottom of page