Introduction

  1. This privacy statement describes how Norfolk Community Foundation (NCF) collects and uses personal information about people who visit our website.
  1. NCF is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement. We will respect any personal data you share with us and keep it safe. And we will always aim to comply with the General Data Protection Regulation (GDPR) introduced in 2018.
  1. This statement sets out what we will, and will not do, with your information. We may change the wording of the statement from time to time by updating this page. You should therefore revisit the page occasionally to ensure that you are happy with any changes that we make.

The personal data we collect

  1. The type and quantity of information we collect, and how we use it, depends on why you are providing it. For example, if you are making a donation to the Foundation, we will usually collect your:
  • Name
  • Contact details
  • Date of birth
  • Bank or credit card details
  1. We will mainly use your data to:
  • Provide you with the services or information you asked for.
  • Administer your donation or support your fundraising, including processing gift aid.
  • Keep a record of your relationship with us, e.g. if you attend any of our events.
  • Ensure we know how you prefer to be contacted. In order to comply with fundraising regulations and GDPR requirements, we will, wherever possible, seek a consent opt-in from you.
  • Understand how we can improve our services or information.
  1. We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you.
  1. If you enter your details onto one of our online forms, and you don’t ‘send’ or ‘submit’ the form, we may contact you to see if we can help with any problems you may be experiencing with the form or our website.

How we collect information about you

  1. We collect information in various following ways:
  • When you give it to us directly.
  • You may give us your information in order to sign up for one of our events, tell us your story, make a donation or communicate with us.
  • We may collect data as you use our website or apps. Like most websites, we use “cookies” to help us make our site – and the way you use it – better. Cookies mean that a website will remember you. They are small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. In addition, the type of device you are using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you are using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

How we keep your data safe and who has access

  1. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have suitable physical, electronic and managerial procedures in place to safeguard your personal information.
  1. We undertake regular reviews of who has access to the data we hold to ensure that your information is only accessible by appropriately trained staff or contractors.
  1. If required, we may need to disclose your details to the police, regulatory bodies or legal advisors.
  1. We will only ever share your data in other circumstances if we have your explicit and informed consent. We will not sell or distribute your personal information to third parties unless we are required by law to do so.
  1. Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites. These sites are also not governed by this privacy statement.

Where we store your information

  1. From January 2018, we moved over to a ‘paperless’ working environment, which means that all of your data will be electronically stored going forward. We will not retain your information for any longer than is necessary, and will regularly review what information we hold and delete what is no longer required. The law allows us to process and hold your data if it is in our legitimate interest. For example, information regarding donations and applications submitted to our grant programmes will be retained to allow us to maintain complete and accurate records of transactions internally, and for our donors.

Right of access and correction or deletion of your information

  1. Under GDPR, you have the right to choose to restrict our use of your personal information in the following ways:
  • Whenever you are asked to fill in a form, look for the boxes that you can click to indicate how you would like us to contact you.
  • All of our electronic communications contain an ‘unsubscribe’ link to prevent us from contacting you further.
  1. You also have a right to ask for a copy of the information we hold about you, although we may charge to provide this. If you believe that we are holding any of your information that is incorrect or incomplete, please write to us or email us as soon as possible and we will promptly correct any information found to be incorrect.
  1. If you would like to access your data, please send a description of the information you want to see and proof of your identity by post to Norfolk Community Foundation, St James Mill, Whitefriars, Norwich, NR3 1TN.
  1. If you decide not to support NCF any longer, or request that we have no further contact with you, we will keep some basic information for operational or regulatory compliance. Typically, this might include:
  • Contact name only.
  • Records of previous grant awards to a charity or community group.
  • Details of any donations made by an individual or company to Norfolk Community Foundation.
  1. You can ask us to remove you from our database by emailing us at forgetme@norfolkfoundation.com, by writing to us or calling on 01603 623958.

Reporting a suspected data protection breach

  1. If you need to report a suspected data breach, please contact our nominated Data Protection Officer, Helen Tuttle, in writing or by emailing helentuttle@norfolkfoundation.com. We will ensure that any breach is recorded and investigated immediately in house. If necessary, the breach will be reported to the Information Commissioner’s Office within 72 hours in line with our GDPR Policy.