Privacy Notice for Grantees of the Dorset Coronavirus Community Fund Supported by DCMS funds

Privacy Notice for Grantees of the Dorset Coronavirus Community Fund Supported by DCMS funds

Dorset Community Foundation is offering small grants to voluntary and community organisations to respond to the needs of their communities’ affected by the COVID-19 crisis.

This Privacy Notice explains your rights and gives you the information you are entitled to under the Data Protection Act 2018 and the General Data Protection Regulation (“the Data Protection Legislation”). Note that this section only refers to your personal data that we process (e.g. the details of individuals at your organisation – name, date of birth, home address, email address, phone number, and the details of your organisation’s finances).

Who controls the information you provide?

Background information

The grants for this programme will be made from funds raised by the National Emergencies Trust public fundraising appeal, of which £20 million is provided by The Office for Civil Society, a directorate of the Department for Digital, Culture, Media and Sport (DCMS). This means that not all of the grants will be from DCMS funds. The funds are passed to The UK Community Foundation (an umbrella organisation) and then onto the 50 Partners of the UK Community Foundation including Dorset Community Foundation.

Why are we collecting and processing your personal data?

At the application stage, the personal data we process are the details of a legally responsible individual at your organisation – name, date of birth, home address, email address, phone number – and the details of your organisation’s finances. This is processed by us to conduct organisational checks for the purposes of grant making and fraud detection and error after the grants have been made (this is called “post grant award assurance”). We will also hold contact details (name, phone number, email address) of an individual at your organisation to maintain contact during the programme.

Your data will be shared with the UK Community Foundation and DCMS for the purposes of:

Post grant award assurance activity to enable DCMS or an organisation acting on its behalf to identify funds that have been paid in incorrectly, either because of fraud, error or if a grant duplicates a grant made by another funder. We would usually conduct robust checks before grant making but because of the urgency of the COVID emergency situation it can often be difficult to put in robust up front controls, because of the speed that we have to operate at. This grant making process will therefore be supported by a robust post grant award assurance activity. Our legal basis for processing your personal data DCMS, The UK Community Foundation and Dorset Community Foundation are processing your personal data for a task carried out in the public interest.

Who will we share your personal data with?

We, Dorset Community Foundation, one of the 50 UK Community Foundation Partners will hold the details outlined above on a shared database, so that we, The UK Community Foundation and DCMS or its appointed agents will be able to access your email address to enable them to communicate with you regarding the Programme, monitoring and evaluation.

DCMS may share your personal data with organisations that help to independently monitor and evaluate this programme or that conduct organisational checks and verifications for fraud or error detection at the end of the programme.

We will only share personal data which they need to carry out their work and subject to appropriate security measures.

How long will we keep your personal data?

Your personal data will be retained for five (5) years after the duration of the programme, being erased by May 2025.

Your rights, e.g. access, rectification, erasure

The data we are collecting is your personal data, and you have the right:

• To see what data we have about you
• To ask us to stop using your data, but keep it on record
• To ask us to stop using and delete your data in certain circumstances
• To have all or some of your data corrected
• To lodge a complaint with the independent Information Commissioner (ICO) if you think we
are not handling your data fairly or in accordance with the law.

You can contact the ICO at https://ico.org.uk/ , or telephone 0303 123 1113. ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Should you have any concerns or wish to exercise the rights outlined above in respect of the personal data which:

• DCMS is processing, please contact the DCMS Data Protection Officer at
dcmsdataprotection@culture.gov.uk
• The UK Community Foundation is processing, then please contact the Data Protection Officer
at ismith@ukcommuntiyfoundations.org
• Dorset Community Foundation , then please contact the Data Protection Office at grant@dorsetcf.org

Accuracy

We, DCMS and the UK Community Foundation take all reasonable steps to keep personal data in its possession or control, which is used on an on-going basis, accurate, complete, current and relevant, based on the most recent information available to us. If we are advised of a change in information, we will update the data accordingly. We rely on you to notify us of any changes to your personal data.
Your personal data will not be sent overseas and will not be used for automated decision making.

Security of personal information

We are committed to taking all reasonable and appropriate steps to protect the personal information we collect from you from improper use or disclosure, unauthorised access, unauthorised modification, and unlawful destruction or accidental loss. We have taken and will take appropriate information security, technical, storage and organisational measures to such end, including measures to deal with any suspected data breach. All providers who are associated with the processing of your information are obliged to respect the confidentiality of your personal data.

Deletion Procedure

All parties are responsible for deleting from their server any copies of the personal data held post completion of the programme (usually within three (3) months), unless retained for further purposes by DCMS in which case it will be deleted after five (5) years. Any subsequent research will be completed by the programme’s independent evaluators, who will also be subject to the terms of the GDPR.