We are committed to protecting your personal data and ensuring that it is only ever used in accordance with your rights and expectations.
This notice applies to all applicants, meaning anyone who applies for and/or receives a grant from us, and when we refer to “we”, “us” or “our”, we mean The Margaret De Sousa-Deiro Fund (whose working name is Margaret’s Fund).
In order to manage the making of grants, we need to process personal data about our applicants. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data. This makes us a “data controller” and requires us to provide you with this privacy notice, outlining why we need your data and what we do with it. It will also explain your rights when it comes to your data.
Who are we?
Margaret’s Fund is a registered charity (with charity number 210615). We make financial grants of not more than £500 for the benefit of women in the UK who are ill and require treatment, care, rehabilitation and aftercare. Priority is given to applicants who are suffering from TB or other diseases of the chest. Applications for grants must be sponsored by a recognised body (such as a health authority, local authority social services department or another charity) who would receive the grant on behalf of the applicant.
What data do we collect and why?
The personal data that we collect will include:
your basic details and contact information (such as your full name, address and date of birth);
information about your financial circumstances, to help us understand your income; and
information about your health, to the extent that this may be relevant to our grant-making activity.
We collect this data in our online application form which is completed by the health care professional (for example, doctor, nurse, charity worker or social worker) who is supporting you and has told you about us.
We use your personal data only for the purpose of processing our grants applications and ensuring that grants are applied in accordance with our charitable purposes and grant-making policy and for investigating any complaints and responding to any questions.
Under data protection law, health related data is a “special category” of personal data and is subject to tighter controls and protection. This data will therefore be processed by us subject to higher controls.
What is the legal basis for processing your data?
We will only use your personal data when the law allows us to. This means we will process your data on the following lawful grounds:
to pursue our legitimate interests in a way which might reasonably be expected, namely to pursue our aim of grant making to women in ill health, and which does not materially impact your rights, freedoms or interests;
so that health or social care or treatment may be provided to you (in relation to your health-related data); and
to comply with legal and regulatory obligations.
Who do we share your data with?
We hold your personal data in the strictest confidence and will not share it with anyone else, other than the health care professional who is supporting you, unless we are required to do so by law.
How do we protect your data?
We take all reasonable steps to protect your data from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. For example, your data will be stored securely, in paper files or on secure servers located in the UK.
How long do we retain your data?
Your personal data will be held only for as long as it is required for our grant-making processes or as long as the law requires. Data on successful applicants will be kept for five years to ensure that multiple grants are not awarded to the same applicant. Data on unsuccessful applicants will be kept for six months to ensure that we can respond to any questions raised on the unsuccessful application. In all cases however, health-related data will be deleted once the grant has been made or once the application has been rejected.
Your rights with respect to your data
The personal data that we keep about you is your data. You have the following rights which you can exercise free of charge and at any time:
to access the personal data we hold about you;
to require us to update or correct the personal data we hold about you; and
to require the erasure of your personal data in certain circumstances;
If you wish to exercise any of the above rights, please contact the Administrator at email@example.com or on 01763 274781.
If you request the information that we hold about you, we will respond within one month.
How to ask questions about this notice
If you wish to talk through anything in this notice, please contact the Administrator at firstname.lastname@example.org or on 01763 274781.
If you are concerned about the way your data is handled and remain dissatisfied after raising your concerns with us, you have the right to complain to the Information Commissioner Office (ICO), the UK supervisory authority for data protection issues. The ICO can be contacted at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or https://ico.org.uk/concerns/ or on 0303 123 1113.
Date of Policy Approval: March 2022
Approved by Trustees: March 2022
Next Date of Policy Review: March 2024