Privacy Policy

INTRODUCTION

Lund Trust is committed to safeguarding your personal information. This policy explains how Lund Trust (“we“, “our“, “us”) collects, processes, stores and uses personal information. It also explains why we collect such information and how we ensure that we handle it in a secure, responsible manner, following the UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018. Finally, it explains your rights in relation to the personal information we hold.

WHO WE ARE

Lund Trust is a family charitable fund. We are run by a small London-based team which is part of Arcadia Administration Limited, a private limited company (company no 07107300). Arcadia Administration Limited is registered with the Information Commissioner’s Office (ICO) as a data controller with registration number ZA065387.

WHEN AND HOW WE COLLECT, PROCESS, STORE, SHARE AND USE INFORMATION ABOUT YOU, AND WHY WE COLLECT THIS INFORMATION?

1. When you submit a grant proposal or when you have a grant with us

We will collect information about you to process your grant proposal to us. This information is either publicly available or information that you submit to us. The lawful bases we rely on for processing this information are: your consent; our contractual obligation if your application is successful; our legal obligation to ensure that our funding supports lawful activities; and our legitimate interest to make grants that contribute to achieving our aims, to improve our decision making and to contribute to effective philanthropy.

We will only ask you for as much information as we need to effectively consider your grant proposal and manage it if your application is successful. By submitting a grant proposal, you are agreeing to us collecting, processing and using your data for these purposes.

To collect information, we use email and meetings (in person or online). Most of this information is organizational information, but it may also include information about people involved in your project or organization or information from referees.

We may share this information with our team and Arcadia’s team, including consultants, our Donor and Advisory Boards and referees including those nominated by you (we will assume that they have given you permission to share their details with us). We also share information on awarded grants with our trustees, Talvik Administration Services (a licensed trust company regulated by the Liechtenstein Financial Market Authority) and the Charities Aid Foundation (CAF), that also support our grants administration.

We may also collect sensitive personal data for some projects to help us monitor the equity of our grant-making.

We store grant information on a secure filing systems (OneDrive and SharePoint) and on our grants management system, Fluxx. You can view Fluxx’s privacy policy here.

If you have a grant with us, we will ask you to provide information about the work we fund and update us on any change to the information you have previously provided. Talvik or CAF will also contact you to ask for or verify information they need for processing your grant payments. Talvik and CAF will only collect and store the information they need to complete Arcadia’s contractual obligation with our grantees. Talvik will store this data on its accounting system. You can view CAF’s privacy policy here.

We keep records of completed grants to help us assess any future applications from you. We keep these records for learning purposes to improve our processes and to maintain a history of our funding. This includes all personal data related to the administration of the grant, including grant contacts’ names, email addresses and phone numbers, key people in the organization, assessment notes and details of referees.

We publish limited information (no personal data) about our funding on our website and on 360Giving under the Creative Commons CC0 waiver.

Except as required by law, we do not disclose your personal information to third parties not involved in our grant-making process.

We send our grant award letters for signature using Docusign. You can read Docusign’s privacy policy here.

2. When you visit our website

We collect information about how visitors use our website via a third party, Google Analytics. We collect standard internet usage information and details of visitor behaviour patterns. The lawful basis we rely on for processing this information is our legitimate interest to improve the way we deliver information online.

As soon as this information is collected through Google Analytics, users’ IP addresses are made anonymous. We will not attempt to find out the identities of those visiting our website.

Our website contains links to other websites. This privacy notice only applies to this website so when you link to other websites you should read their own privacy policies.

3. When you sign up to our newsletter

We produce a ‘quarterly digest’ on news related to our areas of work. You can voluntarily subscribe to the digest by providing your name and email address. You can unsubscribe at any time by clicking on the unsubscribe link at the bottom of the email you receive. We send our digest via MailChimp. You can view MailChimp’s privacy policy here. We gather statistics on opening emails and links to help us monitor and improve our digest.

4. When you contact us

We do not accept funding applications. If you email us or contact us by phone, we will store your details only for as long as necessary to enable us to respond to your enquiry. Our standard data retention period for general enquiries is six years from the date you have contacted us.

5. When you apply for a vacancy

If you apply for a vacancy with us, we will only use the information you provide during the application process and will only use it for the purpose of assessing your application, or to fulfil legal or regulatory requirements if necessary. The lawful bases we rely on for processing this information are: your consent as an applicant; our legal obligation to check that you have the right to work in the UK; and our legitimate interest to assess your suitability for the role.

We may use recruitment agencies to assist us with recruitment. Details of the privacy policies of these third parties will be available on their websites. We will not share any of the information you provide during the recruitment process with any third parties for any other purpose.

We will not collect more information than we need to fulfil our purpose. We will use the information you provide to get in touch with you during your application process and to assess your suitability for the role. You do not have to provide the information we ask for, but it might affect your application if you do not.

As part of your application process, we will ask you for contact details of your referees and will get in touch with them about your application. We will assume that they have given you permission to do so. We may also ask for your consent to share your information with a third party for background checks.

If you are unsuccessful at any stage of the process, we will keep the information you have provided for six months. We will also keep any information from the assessment process, including references and interview notes, for six months.

6. When you attend our events

If you attend an event that we organize, we may ask you for some relevant personal information, including your name, email and phone number. We may also ask for sensitive personal data (for example, dietary or access requirements). We use this information so that we can get in touch with you and cater for your needs. We may share some of this information with third parties that help us run the event. We manage guest lists and send invitations via Paperless Post. You can view Paperless Post’s privacy notice here.

7. When we have a contract with you

If we have an obligation to pay you (e.g. following delivery of services) we will collect personal data from you to enable us to complete this contractual transaction. We will process and store this data in our accounting system, and use online banking to make payments.

YOUR RIGHTS

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your information, please email us at info@lundtrust.org.uk. We will ask you to verify your identity before we provide the information.

We want to make sure your personal information is accurate and up to date. You may ask us to correct or remove information you may think is inaccurate.

We try to meet the highest standards when collecting and using personal information. If you have any question or would like to raise a concern, please get in touch with us at info@lundtrust.org.uk.

If you wish to make a complaint about the way we have processed your personal information, you can contact the ICO as the statutory body which oversees data protection law ico.org.uk/concerns.

UPDATES TO THIS POLICY

We will review and update this privacy policy regularly. We last updated this policy on 8 March 2023.