Privacy Policy

Privacy Policy - The Portal Trust

Share

Who we are and what we do

We're the Portal Trust. We're an educational charity working in 14 Inner London Local Authority areas. Our mission is to promote the education of young people through:

our grant programmes for individuals, institutions and organisations; and

contributing to and influencing the development of educational policy, practice and research.

Our charitable expenditure is funded by income from our assets, and we don’t fundraise from the general public.

References in this statement to “the Trust,” “we,” “us” or “our” mean “The Portal Trust,” a charity registered in England and Wales (number 312425) Our registered office is at 31 Jewry Street, London EC3N 2EY.

Our Privacy Notice applies to all personal data which The Portal Trust collects and uses for the purpose of fulfilling our charitable objects. The Portal Trust is the Data Controller of all Personal Data we collect and use for that purpose.

When using the term “personal data,” we mean information that relates to you and allows you to be identified, either directly or in combination with other information.

When using the term “data subject,” we mean somebody whose personal data we hold and process.

We are registered with the Information Commissioner’s Office, registration number Z7765677.

Contacting us about your Personal Data

If you have a question or a request about your Personal Data which we hold, or which you believe we may hold, you can contact our designated Data Protection Officer, whose details are:

Richard Foley, Chief Executive
privacy@portaltrust.org

31 Jewry St
London EC3N 2EY

When we collect Personal Data

Most of the Personal Data we use is provided to us directly by the data subjects, for one or more of the following activities:

Grantmaking

When someone enquires about our grants programme;

When an individual applicant applies to our grants programme;

When an organisation applies to our grants programme, and staff or volunteers include some of their own Personal Data along with their application;

Personnel Management

When someone applies for or is appointed to an employment, Board of Governors, or volunteering vacancy.

Event Management

When someone registers for an event we organise.

Media and Public Relations

When someone contacts our office with a general enquiry;

When someone subscribes to our e-newsletter or other mailing list;

When someone takes part in a promotional news story on our website, social media or print media.

The types of Personal Data we collect

We currently collect and process the following types of Personal Data:

Personal identifiers
This includes first and last name, contact details and preferences, and may include date of birth in some circumstances.

Employment, financial and HR information
This includes details of employment history, income, bank accounts, medical conditions, immigration and citizenship status, equal opportunities monitoring data, qualifications, marital status, criminal record disclosures, personal statements and interview notes.

Records of decisions we have made
This may include records of decisions about employment or about grantmaking, or other decisions relating to our relationships with individuals.

We do not currently collect any personal data through web cookies or Google Analytics.

Our lawful basis for processing Personal Data

When we collect and process Personal Data, we do so under one of the following lawful bases:

  1. Our legitimate interests
  2. To meet the terms of a contract
  3. To meet a legal obligation
  4. The explicit and freely given consent of the data subject

Before collecting or processing Personal Data for a new purpose, we record the lawful basis under which we will do so.

Our lawful basis for processing Special Category Data

When we collect and process Special Category Data for employment and HR purposes, we rely on Article 9 (B) of the UK GDPR (employment, social security and social protection) authorised by Schedule 1, Part 1 of the Data Protection Act 2018 (employment, social security and social protection).

When we collect and process Special Category Data for grantmaking purposes or for any other reason, we rely on Article 9 (A) of the the UK GDPR (explicit consent).

Your Data Protection Rights

Under data protection law, you have strong rights which we will always adhere to. These include:

Your right of access
You have the right to ask us for copies of your personal information. This right always applies. You can read more about this here.

Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this here.

Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. You can read more about this here.

Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this here.

Your right to object to processing
You have the right to object to your data being processed, which would prevent us from continuing to process your data unless we could demonstrate a strong and compelling reason. You can read more about this here.

Your right to data portability
You have the right to ask that we transfer the information you gave us which we hold electronically to another organisation, or that give it to you. You can read more about this here.

If you wish to exercise any of these rights, please contact our Data Protection Officer, whose details are above.

Sharing Personal Data with Third Parties

We never sell, trade or give away personal data to any third party organisation.

In some circumstances, third parties undertake work for us under contract, in which they process personal data on our behalf. When this happens, a written agreement is in place between us and the third party to ensure any data they process on our behalf is kept safe and is only processed for the precise purposes set out in the agreement.

Data security – how we protect your data

We follow appropriate security procedures in the collection, storage and use of your information so as to prevent unauthorised access by third parties.

We have security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a legitimate need for access in order to process your data for strictly limited and documented purposes. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach and will notify both the affected data subjects and the Information Commissioner’s Office of a breach as soon as possible once we are aware of it.

We process data at our registered offices at 31 Jewry Street, London EC3N 2EY with access restrictions in place and at the sites of our data processors within the UK. Our IT specialist retains our data at a different location equally protected behind the appropriate firewalls and other security devices.

Please note that the transmission of information is never completely secure. When you send your personal data to us via the internet, or by physical means, you do so at your own risk and you acknowledge and agree that we shall not be responsible for any unauthorised use, distribution, damage or destruction of your Information, except to the extent we are required to accept such responsibility by law. Once we have received your information we will use strong security procedures to prevent unauthorised access to it.

Data Retention

We only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our Data Retention Policy, which is reviewed annually, and which you can request from us by contacting us at privacy@portaltrust.org

CCTV

Please be aware that if you visit our premises, CCTV is in operation for security purposes in some areas.

What to do if you have a concern

Please contact us first on privacy@portaltrust.org and we will do our best to help you.

You can also complain to the Information Commissoner’s Office (ICO) if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow SK9 5AF

Helpline number: 0303 123 1113