Chairman's Trust

Changing Lives for Children

Privacy Statement

Chairman’s Trust Privacy and Data Protection Policy

 

Privacy Statement

 

The Chairman’s Trust collects personal information via the online application form so that Trustee’s can determine whether they can make a financial award for residential visits for the applicants.   The information collected includes the following personal information:

  • the applicant’s name,
  • their date of birth
  • their school,
  • their unique pupil reference number
  • information about why an award would benefit the applicant. Information is also collected about the applicant’s or their representative email address and contact information.
  • the IP address of the computer the application was submitted from

 

The information is submitted by the applicant or their representative and controlled by the Chair of the Trust.

Information is processed by Edsential Community Interest Company to support the Trustees in processing applications.  All applications that are presented to the Trustee’s are anonymised.

Application information is retained until the pupil is in their 19th year of age, or, for successful applicants, 7 years following their application, whichever is later, at which point it will be deleted from the systems.

Subject Access requests can be made to Mark Aspden at mark.aspden@edsential.co.uk

 

The Rights of the Individual Data Subject

 

Each of the individual applicants has a right to know what data the Chairman’s Trust has recorded about them.  Data subjects can request amendments to the personal information provided.

Data subjects can request that information pertaining to unsuccessful applications can be deleted.

Successful applications are retained for a minimum of 7 years after the award has been made for financial records.  After that point, the information can be deleted if requested by the Data Subject or kept in relation to the Chairman’s Trust retention schedule.

 

Data Subjects can contact mark.aspden@edsential.co.uk in relation to requesting information that the Chairman’s Trust holds on them.

 

Data Subject Access

TimeScale

The right of access 30 calendar days
The right to rectification 30 calendar days
The right to restrict processing 30 calendar days
The right to erasure 30 calendar days

 

 

The Way We Process Information

 

The Chairman’s Trust collects information about applicants via an online application form on our website at www.chairmans-trust.com.

 

The Process for managing applications is:

  1. Applicants make an online application via chairmans-trust.com, either by a representative from the applicant’s school, or by the applicant themselves, on the recommendation of the school.
  2. Information is downloaded from the site to Edsential Community Interest Company’s Microsoft Remote Desktop
  3. Applications are anonymised and printed out via a mail merge for Trustees to consider.
  4. Anonymised applications are considered at a Trustee meeting where results are collated into the application spreadsheet.
  5. Paper copies are destroyed via Edsential’s confidential waste after the meeting.
  6. Applicants are contacted via email to inform them of the result of their application.
  7. An encrypted email is sent to the Treasurer with the list of names to issue cheques to.
  8. Applicants are asked to complete an online evaluation form after their visit.
  9. Evaluations are anonymised, printed and shared with Trustees.
  10. Anonymised evaluations are securely destroyed via Edsential’s Confidential Waste after the meeting.
  11. As a condition of receiving an award data subjects consent to anonymised information being used in case studies to promote the work of the Trust.

 

Applications are processed by Edsential staff who are DBS checked.  Information is stored on the Edsential server and kept until the year the applicant is in their 19th year or, for successful applicants, 7 years following their application, whichever is later, at which point it will be deleted from the systems.

 

Breach Notification

 

The Chairman’s Trust is a small organisation processing a limited number of applications each year and as such has no need to appoint a Data Protection Officer as laid out by the General Data Protection Regulations, and the Working Party Article 29 guidance.

 

In the event of a breach of personal data the Chairman’s Trust would be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the ICO will be informed within 72 hours.

 

The Chairman’s Trust website is hosted in the European Union by a GDPR compliant provider.