The Access Foundation Privacy Policy

About Us

The Access Foundation is a charity registered with the Charities Commission for England and Wales (Reg No: 1194267). Our registered address is 3 Marlborough Park, Southdown Road, Harpenden, AL5 1NL. The Access Foundation provides funding to charitable causes. It receives applications for grants and if awarded may continue to work with the recipient to monitor the use of the funding and outcomes.  We have a nominated member of staff who serves as our Data Protection Lead. If you have any questions regarding our Privacy Policy, please email DataPrivacy@theaccessgroupfoundation.com.

This privacy policy relates to personal information that The Access Foundation collects and uses.

Keeping your personal information safe is very important to us. We are committed to complying with privacy and data protection laws and being transparent about how we use personal data.

The type of personal information we collect

We currently collect and process the following information:

  • Contact details such as name, address, email address, and phone numbers
  • Information relating to an application that you may make for funding which may include personal information from your organisation
  • Information gathered about your organisation, people involved, projects and activities which may reference data subjects; this may include employees, officers, volunteers, recipients of charitable activities, third parties or partners related to an activity but this list is not exhaustive
  • Case studies and updates on activities, outcomes and funding
  • Financial information
  • Where we have a genuine need we may also request information about age, ethnicity, gender and nationality for the purpose of analysis

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • to conduct enquiries that either you or we may initiate relating to funding
  • to receive applications for funding and subsequent correspondence
  • to receive information on the activities of your organisation relating to an application for funding or to receive updates on funded activities
  • to store information about 3rd parties or partners that may participate or contribute in the activities of the Access Foundation, a funding applicant, or a funding recipient

We also receive personal information indirectly, from the following sources in the following scenarios:

  • to retrieve information about your organisation and related individuals this includes but is not limited to such resources as Companies House, Charities Commission, social media platforms and news outlets
  • We use the information that you have given us in order to progress applications for funding; review and conduct due diligence on any applicant, third party or partner; to monitor and review funded activities; and to continue to maintain a network of contacts for present and future engagement.
  • Where necessary we may share your information with our marketing resources for the purposes of publishing, (with your consent) the activities of the Access Foundation.

Your data we collect will be processed in line with the Principles and Individuals’ Rights of The General Data Protection Regulation & UK DPA 2018.

Legal bases for Processing this personal information

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are :

  • We have a legitimate interest in processing your data to contact you about opportunities for funding, to process enquiries and applications for funding, to monitor funding activities and to continue engagement with recipients and potential recipients of grants
  • We may also request your specific consent to share your information where we publish information about your grant and activities. Your consent may be given or withdrawn in relation to these processing activities at any time by contacting DataPrivacy@theaccessgroupfoundation.com
  • We will retain your data where we have a legal obligation to keep records of our activities to meet our regulatory and statutory obligations

Storage & Disposal

Your information will not be transferred out of the UK/EU without your prior consent.

We will only share your personal information where we need to, where someone’s life is at risk or we are required to do so by law. We may share your personal information with third party organisations who will process it on our behalf (for example a mailing house, our website administrator, or a printing supplier).

We may also share your information with our bank to process a payment; our professional advisers (such as our legal advisers) where it is necessary to obtain their advice; and our IT service providers and data storage providers.

Where required, we will process personal information to comply with our legal obligations. In this respect we may share your personal data to comply with subject access requests; tax legislation; for the prevention and detection of crime; and to assist the police and other competent authorities with investigations including criminal and safeguarding investigations.

On occasion we may share this information with our funders primarily Board members of Access UK Limited and their investors

Information will be stored in a secure cloud-based domain with appropriate restrictions and access enforced. Additionally, our Head of Trustees will hold an off-site backup of data on a secure USB drive with firmware based encrypted password access.

If we do not have continuing engagement / communication with you then your personal data will be deleted after 7 years.

Visitors to our Website

When someone visits our website we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We collect information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit, entry and exit points and the number of page views). We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website. You can find more information on how cookies are used on this website in the Cookies Policy below. If we do want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

When You Contact Us Via Our Forms

Our website has forms built using Gravity Forms. When you use our contact forms the information submitted is emailed to us so that we can correspond with you. Your personal data will be stored in the website’s database. Your data is encrypted with the Gravity Forms Encrypted Fields plugin before it is saved to the database. We store your data on our website database so that if an email doesn't get through we can check the website and access the request to ensure we don't miss any enquiries or leads.

Security

Our website has HTTPS encryption via a Let's Encrypt SSL certificate to ensure any data passed between your browser and the webserver (where this website is hosted) is encrypted. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.

Data Retention

This website and its database are automatically backed up every day using a third party service ManageWP. Backups are stored for 90 days in the EU Region.

Cookies

Cookies are small text files that store information on your hard drive or browser which means that we can recognise that you have visited our website. They make it easier for you to maintain your preferences on our website. A cookie often includes a randomly generated number which is stored on your device. Many cookies are automatically deleted after you finish using the website.

Use of Cookies

This website does not store any information that would, on its own, allow us to identify individual users of this service without their permission. Any cookies that may be used on this website are used either solely on a per session basis or to maintain user preferences. Cookies are not shared with any third parties. Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third-party cookies. For example, in Chrome, you can block or allow all cookies by default. On your computer, open Chrome. At the top right, click ‘More Settings’, then under 'Privacy and security', click Cookies and other site data and select an option. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one. Types of cookies that may be used during your visit to the website are listed below:

Cookie NameExpirationWhat It Does
_ga2 yearsUsed to distinguish unique users by assigning a randomly generated number as a client identifier.
_gid24 hoursUsed to distinguish users.
_gat1 MinuteUsed to throttle request rate. More info.
privacy_embeds30 DaysUsed to manage third party content

Third Party Embeds

The below section lets you control the privacy settings for third-party embeds on this site. We provide you with the choice to accept these third-party embeds or not. The checkboxes below show you all the embeds you have consented to so far. You can opt out any time by un-checking them and clicking the update button.

Changes to this Privacy Notice

We keep our privacy notice under regular review. This privacy notice was last updated on 05/12/22.

Your rights

If you no longer wish to receive communications from us, please contact DataPrivacy@theaccessgroupfoundation.com

You can also unsubscribe at any time to emails that we may send to you about the funding and services that we think will be of interest to you.

You also have the right to:

  • Ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
  • Tell us to change or correct your personal information if it is incomplete or inaccurate.
  • Ask us to restrict our processing of your personal data or to delete your personal data if there is no compelling reason for us to continue using or holding this information.
  • Receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, so that you can send it to another organisation.
  • Object, on grounds relating to your specific situation, to any of our processing activities where you feel this has a disproportionate impact on you.

For all requests please contact us at DataPrivacy@theaccessgroupfoundation.com

We will respond to any request within 28 days.

Please note that we may be entitled to refuse requests where exceptions apply; for example, if we have reason to believe that the personal data we hold is accurate or we can show our processing is necessary for a lawful purpose set out in this Privacy Policy.

How  to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at DataPrivacy@theaccessgroupfoundation.com.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk