Open Menu

PRIVACY POLICY

GENERAL

 

The Sir Jules Thorn Charitable Trust (“we” and “us”) is committed to protecting your data and privacy in accordance with the provisions of the Data Protection Act 1998 and the General Data Protection Regulations (GDPR) which came into force on 25 May 2018.

This Privacy Policy explains how we use the information we collect about you, how you can instruct us if you prefer to limit the use of, update or erase that information and procedures that we have in place to safeguard your privacy.

When submitting information to us through the website or by any other means, you will be asked to give your consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy.  If you change your mind, you may withdraw your consent by notifying the Trust in writing, electronically or on paper.  If you do not agree with this Privacy Policy, you should not submit information to us through, or in connection with our website or by any other means, but you should be aware that the Trust is unable to process an application without the personal information requested.

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

 

The Sir Jules Thorn Charitable Trust
24 Manchester Square
London
W1U 3TH
United Kingdom

Tel: 0207 487 5851

E-mail: [email protected]

A Charity Registered in England and Wales, number 233838

The Sir Jules Thorn Charitable Trust has applied to be registered as a “Data Controller” under the terms of the Data Protection Act 1998 and GDPR 2018 and we shall ensure we comply with all the protection these regulations afford to you. Our registration number is ZA286019.

2. DATA PROTECTION OFFICER

 

Richard Benson
Trust Director

The Sir Jules Thorn Charitable Trust
24 Manchester Square
London
W1U 3TH
United Kingdom

Tel: 0207 487 5851

E-mail: [email protected]

3. WHY WE COLLECT YOUR DATA

 

We ask for your personal information (name, work e-mail address and work contact telephone number) so that we can assess your grant application, award grants effectively, pay grants promptly, monitor the impact of the Trust’s investment and shape future grant-making policy.  We ask for your name and work contact details so that we can be sure the application is genuine and to provide us with a point of contact.  We are not able to process an application without this personal information.

The legal basis for collecting this data is contained in GDPR Article 6, paragraph 1, sub-paragraphs a, b, c and e.  The public interest referred to in sub-paragraph e is to ensure the validity of applications, verifying the status of applicant organisation and the public benefit it provides.

4. THE INFORMATION WE COLLECT FROM YOU

 

When you apply for a grant from us we will collect, process and store some personal information that relates to, and identifies you.  This information includes, but is not limited to, your name, postal address (work), work e-mail address, work telephone number (landline or mobile), and any other information collected on registration, on making an application and through surveys to the extent reasonably necessary to process your application, and manage any grant that we may decide to award.

5. DATA NOT PROVIDED BY YOU

 

We will gather additional information about your organisation for due diligence purposes.  This additional information will be gathered from publicly accessible sources such as the websites of the Charity Commissions of England & Wales, Scotland and Northern Ireland, your own organisation’s website and other sources relevant to your application.

We will not gather additional personal information about you unless you are applying for The Sir Jules Thorn Award for Biomedical Research.  For these applications, we may gather personal information from your parent institution’s website, from online medical research databases (i.e. European PubMed) and other publicly available sources directly relevant to your application.  We will seek the opinion of external experts (reviewers) in order to assess fully your application and to ensure that your application receives the objective and independent consideration.  Reviewers will be provided with a copy of the application you have submitted to us.

6. WHY WE PROCESS YOUR INFORMATION

 

We process your information for the purpose of:

  1. Dealing with your enquiries and requests;
  2. Providing and personalising our services;
  3. Compiling your profile (medical research applications only);
  4. Administering application records;
  5. Maintaining information as a reference tool or general resource to develop grant-making policy;
  6. Auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes.

We also gather information and statistics for the purposes of monitoring website usage via Google Analytics and may provide such aggregate information to third parties.  These statistics will not include information that can be used to identify you.

7. HOW WE PROCESS YOUR DATA

 

The information you provide to us using our online application system will be transferred to and held in our contact relationship management (CRM) system.  We currently use Form Assembly to capture and transfer your information to our Salesforce CRM system.

Our Trustees will view the information you have provided, together with any additional information gathered from publicly available sources, in order to assess whether a funding award will be made.

If an award is made we may ask for extra information about your organisation to help us pay and monitor the award.  To help us do this we will use a commercial accounting package (currently Financial Force) and store documents electronically in the Cloud using the Box system.

8. AUTOMATED DECISION MAKING

 

As part of the online application process for some of our grant programmes, we ask you to complete an eligibility questionnaire.  This is to ensure that your application and organisation is compliant with the criteria set by our Trustees for that programme.  Your response to the eligibility questionnaire is assessed automatically.  If your response is incompatible with the criteria for that programme your application will be halted and you may be invited to contact us.  No personal information is required to complete the eligibility questionnaire.

We do not use any other automated decision making.

9. WHERE THE PROCESSING TAKES PLACE

 

We process your data at the Trust office in London (see above address).

10. WHO WILL SEE YOUR DATA

 

Your information may, for the purposes set out in this Privacy Policy, be disclosed for processing to:

  1. Our employees;
  2. Our Trustees
  3. Our Medical Advisory Committee (medical research applications only)
  4. Our affiliates (if any);
  5. Successors in title to our activities;
  6. Third party consultants, contractors or other service providers who may access your personal information when providing services (including but not limited to IT support services, external experts for peer review purposes) to us;
  7. Government bodies and law enforcement agencies and in response to other legal and regulatory requests;
  8. Auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes.

We may also publish the names of organisations that have received grants from us in our annual report and accounts (submitted to the Charity Commission) and/or on our website.

 11. TRANSFER OF YOUR DATA TO A THIRD COUNTRY/INTERNATIONAL ORGANISATION

 

We will not transfer your data to another country or international organisation except for full applications to The Sir Jules Thorn Award for Biomedical Research where we may share your application with selected international experts who have been asked to provide an opinion on the application (peer review).  We will endeavour to seek peer reviews from experts located in countries within the European Union or countries that have been assessed by the EU as having data protection provision equivalent to GDPR (see http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm).  However, in order to fulfil our commitment to secure an objective and independent assessment of your application, we may seek the opinion of an expert located in a country outside the EU and/or not having been assessed by the EU as having data protection provision equivalent to GDPR.

12. PERIOD FOR WHICH THE DATA WILL BE STORED

 

The period for which we will retain your data is determined by the time needed to assess your application, the duration of any grant award that may be made to your organisation, the duration of any grant management function that may arise from your application and the need to aggregate data to inform grantmaking policy/processes.

13. COMMUNICATION WITH YOU

 

We will only send you communications directly relating to your application or role with the organisation (i.e. staff, Trustees, specialist advisers etc.).  We will not send you marketing communications unless it is to raise awareness of a grant programme offered by the Trust that is of direct relevance to your organisation.

14. INFORMATION SECURITY

 

We believe that we have appropriate policies, rules and technical measures to protect the personal data which we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.

All of our employees and data processors who have access to, and are associated with, the processing of your personal information are obliged to respect the confidentiality of your information.

We ensure that your information will not be disclosed to government institutions or authorities except if required by law or when requested to by regulatory bodies or law enforcement organisations.

Your information is stored and processed using the following cloud based service providers (click to link to the providers’ security statement):

  1. Microsoft Office 365 – https://www.microsoft.com/en-us/trustcenter/security/office365-security
  2. Salesforce – https://www.salesforce.com/uk/company/privacy/full_privacy.jsp
  3. Box – https://www.box.com/en-gb/security and https://www.box.com/en-gb/legal/termsofservice. Box is regulated under the EU-US privacy shield
  4. Form Assembly – https://www.formassembly.com/privacy-policy/#privacyshieldInfo

Please be aware that communications over the Internet, such as emails/webmails are not secure unless they have been encrypted.  Your communications may route through a number of countries before being delivered – this is the nature of the World Wide Web/Internet.  We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

15. CONSENT

 

When submitting any personal information (including, without limitation, your application) to us you will be asked to indicate your consent to the use of information as set out in this policy.  We reserve the right to amend or modify this policy and if we do so we will post the changes on this page of this website.  It is your responsibility to check the policy every time you submit information to us.  We will record that you have consented to our use of your personal information.

In the event that the purposes for processing change, then we will contact you as soon as practicable and seek your consent where such notification relates to a new additional purpose for processing.

16. YOUR RIGHT TO WITHDRAW CONSENT

 

You have the right, at any time, to withdraw your consent for us to hold and/or process your personal information.  If you wish to withdraw your consent please contact the Data Protection Officer whose details are at the start of this policy.

17. YOUR RIGHT TO REQUEST ACCESS, RECTIFICATION, ERASURE, OBJECT TO/RESTRICT PROCESSING AND PORTABILITY

 

You have the right to contact the Trust at any time to:

  1. Request access to your personal data
  2. Request rectification of any inaccuracies in your personal data
  3. Request that your personal data be erased from our database
  4. Object to the processing of your personal data
  5. Request that we restrict the processing of your personal data
  6. Request that we send your personal data to another controller in a commonly used format

When submitting a request to our Data Protection Officer at the above address please provide your name and address.  We should be grateful if you would also give brief details of the information set which you would like a copy or which you would like to be corrected (this helps us more readily to locate your data).

We will require proof of your identity before providing you with details of any personal information we may hold about you.

18. YOUR RIGHT TO LODGE A COMPLAINT WITH THE UK SUPERVISORY AUTHORITY

 

If you feel that we have not responded fully to your requests you have the right to submit a complaint to the UK Supervisory Authority at:

The Information Commissioner’s Office
Wycliffe House,
Water Lane,
Wilmslow
Cheshire SK9 5AF

Tel. +44 1625 545 745

E-mail: [email protected]

Website: https://ico.org.uk/

19. OTHER RELEVANT TRUST DOCUMENTS

 

This Policy should be read in conjunction with the Website Terms and Conditions of use for www.julesthorntrust.org.uk.org.uk (the “Website”) and General Grant Terms and Conditions of which they form part (the “Terms”).