THE AARON LEWIS FOUNDATION DATA PRIVACY POLICY
About this Policy
This policy explains when and why we collect personal information, how we use it, how we keep it secure and your rights in relation to it.
We may collect, use and store your personal data, as described in this policy and as explained when we collect data from you.
We reserve the right to amend this policy in order to maintain currency with UK General Data Protection Regulations (GDPR), and/or as required, with the revised policy being re-published on the Aaron Lewis Foundation website.
We will always be compliant with UK GDPR when dealing with your personal data and, for the purposes of this policy, will be known henceforth as ‘the controller’ (further detail on UK GDPR can be found on the Information Commissioner website at www.ico.org.uk).
Who are we?
We are an all volunteer charity established in memory of Lieutenant Aaron Lewis. Further information about us as individuals and as a charity can be found at www.aaronlewisfoundation.org.uk and from the Charity Commission website (Charity Registration Number: 1151539).
What information we may collect & why?
| Type of Information | Purpose | Legal Basis of Processing |
| Applicant name, address, telephone number(s) and e-mail address | To permit correspondence regarding grant request or event participation | Performing the Foundation’s business with the applicant and for the legitimate interests of establishing contact with applicants |
| Applicant personal financial information | To permit an assessment (if required) of applicant financial need when approaching the Foundation for grant support | Although the Foundation will make grant payments where the financial position is not always a factor, an understanding of an applicant’s financial position forms part of the due diligence process |
| Beneficiary photos and/or videos (only with express prior approval) | Placing on the Foundation website and social media tools for publicity purposes | For the purpose of our legitimate interests in promoting the Foundation and informing supporters of the work that is being done |
| Beneficiary bank details | To permit the payment of grants (where a direct payment has not been possible) | For accounting and audit purposes |
| Volunteer name, address, telephone number(s) and e-mail address | For role correspondence and for reporting to governing bodies (i.e. The Charity Commission) | For Foundation administrative and due diligence processes |
How we protect your personal data
We will never transfer your data outside of The Foundation without your express written consent.
We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, unauthorised alteration or destruction. This includes password protection of e-documents containing personal data (especially where shared via e-mail), up to date anti-virus and anti-spyware software, restricted and encrypted website write access and reduction of e-records in favour of hard-copy records. However, it should be noted that no information transmitted to/by us over the Internet can be guaranteed as 100% secure.
We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
Who else has access to the information you provide us?
We will never sell your personal data. We will never share your personal data with third parties unless we need to in order to meet your request and have your express prior written consent to do so (which you are free to withhold) except where required per the table of information above, or where required to by law.
How long will we keep your information?
We will hold your personal data for as long as we need it for our legitimate interests in managing Foundation business in support of your needs and for as long as is necessary to comply with our legal obligations (i.e. for audit purposes and the establishment, exercise or defence of legal matters if needed). We will review your personal data annually to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except that data required in an archived format to enable compliance with future legal obligations (per above).
Your rights
Under UK GDPR, you have the right to:
– access your personal data;
– be provided with information about how your personal data is processed (this document);
– have your personal data corrected if wrong;
– have your personal data erased (in certain circumstances);
– object to or restrict how your personal data is processed;
– have your personal data transferred to yourself or to another organisation (in certain circumstances).
You have the right to take any complaint about how we process your personal data to the Information Commissioner:
The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
For more information about this policy or for any requests regarding your personal data and the way that we manage it, please contact us at info@aaronlewisfoundation.org.uk