Privacy notice

In providing our Site and conducting our Activities, we may collect and process different types of personal data about you for different processing purposes. The types of personal data we collect depends on who you are and how you use our Site and interact with our Activities and includes the following:

• Identity Data - Title, first name, last name.
• Contact Data - Postal address; email address; telephone number; contact preferences.
• Application Data - First name, last name, email address, country, company name, job title, any other personal data that you may provide when you apply for funding or make some other application to us.
• Demographic Data - Details of the demographics who may be recipients of the Activities, including age ranges and ethnicities.
• Behavioural Data - Data relating to your browsing activity or interaction with our emails, obtained through the use of cookies, pixel tags and other similar technologies, information about when your current or previous sessions started; details about any activities you viewed or applied for through the site.
• Technical Data - IP address, browser type and operating system, geolocation, to ensure we’re showing you the correct notices and information, any other unique numbers assigned to a device.
• Marketing and Communications Data - Marketing preferences, service communication preferences. 

We collect and process personal data from the following people:

• Site visitors - If you browse our Site or submit an application on our Site, we will collect and process your personal data in connection with your interaction with us and our Site.
• Applicants - If you apply for a grant, either on your own behalf or on behalf of an organisation, we may collect and process your personal data in connection with the carrying out of our Activities.
• People who contact us with enquiries - If you contact us with an enquiry, submit a complaint through or provide any feedback to us in our surveys and feedback forms, whether through our Site, by email, post or telephone, we will collect and process your personal data in connection with your interaction with us and our Site.
• People who work for our suppliers - If you work for one of our suppliers and have responsibility for administering your organisation’s relationship with us, we will process your personal data in connection with your organisation’s relationship with us.
• Event attendees - If you attend one of our events, we will process personal data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other document relating to the event.
• Job applicants - If you apply for a job or volunteer position with us, whether through the Site or otherwise, we will collect and process your personal data in connection with your application.

We use your personal data for the purposes set out in this section. If we wish to make any changes to these purposes, or if we wish to use your personal data for any purpose that is not listed in this section, we will notify you using the contact details we hold for you.

• If you contact us about our activities - We collect and maintain personal data that you submit to us for the purpose of carrying out our activities.  We may collect and process Identity Data, Contact Data, Application Data and Demographic Data whether you are interacting with us on your own behalf or on behalf of any organisation you represent.  We process this information so that we can supply our activities, maintain our user databases and to keep a record of how our activities are being used. Our legal basis for processing is our legitimate interests.
• If you browse our Site - When you browse our Site, we collect and process Behavioural Data and Technical Data to help us understand how you are using and navigating our Site.  We do this so that we can better understand which parts of our Site are more or less popular and improve the structure and navigation of our Site. Our legal basis for processing is consent.
• If you sign up for and/or attend one of our events- From time to time, we organise and host events for the purpose of promoting our activities. We may process your Identity Data and Contact Data to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you. Our legal basis for processing is our legitimate interests.  We may also specifically ask your permission to use your photographs, quotes, testimonials, or other content that you make available or publish at the event.  Where this is the case, our processing of your such personal data will be based on consent.
• If we need to use your personal data to receive products and services from our suppliers - If we have engaged you or the organisation you represent to provide us with products or services (for example, if you or the organisation you represent provide us with services such as IT support), we will collect and process your personal data in order to manage our relationship with you or the organisation you represent. Our legal basis for processing is our legitimate interests.
• If we need to use your personal data to comply with our legal obligations or in connection with the administration of our business - We may use your personal data: (i) to comply with our legal obligations; (ii) to enforce our legal rights; (iii) to protect the rights of third parties; and (iv) in connection with a business transition such as a merger, reorganisation, acquisition by another company, or sale of any of our assets. Where we use your personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so.  For all other purposes described in this section, we have a legal obligation to use your personal data to comply with any legal obligations imposed upon us, such as a court order.
• If we send you marketing communications by email/ We use your Identity Data, Contact Data and Marketing and Communications Data to send you (or the organisation you represent) marketing communications by email. It is in our legitimate interest to use your personal data for marketing purposes, for example to decide what marketing content we think may appeal to you.  It is in our legitimate interest to use your personal data to send our marketing to you by post. However, we will only send marketing communications to you by email where you have consented to receive such content by email, or where we have another lawful right to do so.

We only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.

Your data may be shared with the third parties listed below This list is non-exhaustive and there may be circumstances where we need to share personal data with other third parties.

• Other members of our group - We share data with other organisations in our group who provide services to us.
• Third-party suppliers who provide applications/ functionality, data processing or IT services - We share personal data with third parties who support us in providing our Site and help provide, run and manage our internal IT systems and provide other administration. In particular this includes but is not limited to Heathrow Airport Limited, who administer our website and The Groundwork South Trust Limited who provide grant administration support.   
• Event partners and suppliers - When we run events, we will share your personal data with third-party service providers that are assisting us with the operation and administration of that event.  If we are running an event in partnership with other organisations, we will share your personal data with such organisations for use in relation to the event.
• Payment providers and banks - We share personal data with third parties who assist us with the processing of payments and refunds.
• Third-party post/email marketing and CRM specialists - We share personal data with specialist suppliers who assist us in managing our marketing database and sending out our post and email marketing communications and account-related communications.
• Auditors, lawyers, accountants and other professional advisers - We share personal data with professional services firms who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes we may become involved in.
• Law enforcement or other government and regulatory agencies and bodies - We share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation.
• Another corporate entity in connection with a business transition - If we are involved in a business transition such as a merger, reorganisation, acquisition by another company, or sale of any of our assets, we may share or transfer personal data to a third party.  Any new owner of our business may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Notice.
• Other third parties - Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

We may share your personal data within our group of companies which involves transferring your data outside the United Kingdom or the European Economic Area (EEA).

Countries outside of the United Kingdom or the EEA do not always offer the same levels of protection to your personal data, so UK and European law has prohibited transfers of personal data outside of the UK and EEA (respectively) unless the transfer meets certain criteria.

Many of our third parties service providers are based outside the UK or the EEA so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:

• We will only transfer your personal data to countries that the European Commission or Information Commissioner’s Office have approved as providing an adequate level of protection for personal data by; or
• Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission or Information Commissioner’s Office which give personal data the same protection it has in Europe; or

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data.    They will only process your personal data on our instructions and they must keep it confidential.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.