Privacy Policy

/Privacy Policy
Privacy Policy2018-07-20T13:31:08+00:00

The Mainstay Foundation (“we”) is a Charitable Incorporated Organisation registered with the Charity Commission of England and Wales (No. 1166017).

This privacy policy explains how we use any personal data we collect from you, in our capacity as the ‘controller’ of personal data.

Where we collect personal data from

We only collect personal data that you directly provide to us, which could include special types of information, depending upon the capacity in which you are providing personal data to us.

We collect such information from you through our:

  • Sign up information forms/sheets: These include sign up forms/sheets for future events, projects and initiatives, in which we require your consent.
  • Application forms: these include application forms for any activities we offer, typically grant making.
  • Contact details forms: these include any forms that are completed for the purposes of communication with us, maintain records with us, or as part of any application-based activity, including grant provision, or for any other reason.

Please note, the above list is not exhaustive.

What personal data we collect

We limit the collection of personal data to what is necessary in relation to the purposes for which it is processed and administered. Inaccurate or out of date personal data will be destroyed securely , and we ensure that personal data which is inaccurate is corrected. The type of personal data and quantity of personal data you provide to us depends upon each context

Supporters:

If you support us as a volunteer or by attending or signing up for an event or project, we will collect information on the following:

  • Your name
  • Your contact details
  • Your date of birth

For volunteers, this may also include information on:

  • Past work experiences
  • Referees contact details
  • Primary contact reference

Donors:

As an donor, we will request the following information:

  • Your name
  • Your contact details
  • Your date of birth
  • Your bank details
  • Your address
  • Your occupation details
  • Interests/charitable objectives
  • Charitable activities

Beneficiaries:

As a beneficiary, we only require information of employees who are authorised by the Organisation (Beneficiary) to complete the grant request process. In the individuals capacity as signatories, we require the following basic information:

  • Your name
  • Your contact details
  • Your date of birth

We may require more advanced information for individuals within senior management positions and trustees for due diligence checks and verification processes.

Beyond this, all information that is needed is related to that of the Organisation, i.e. the beneficiary.

Why we need it

We will only process your personal data for the specific  purposes which you have been informed about upon your personal data being obtained. We will mainly use your personal data you have directly provided to us so that we can provide you with the services, information, and activities you asked for, or requested to be involved in, in addition to understanding how we can improve our services, information and activities. Further uses of your personal data involve administering and processing your donations, grant awards, which also involves carrying out due diligence (if a donor, individual, trustee or senior manager) based upon necessary information for the administration of your donation and grant awards. As part of our recording process, we will also use your personal data you have directly provided to us so that we can keep a record of your relationship with us, in your capacity as either a supporter/donor/beneficiary.

Who has access to your personal data

All of your personal data is processed by our staff in the UK.

We use the services of Xero UK to process accounts and book keeping matters. Donors data and beneficiaries in cases of individuals receiving grants may be processed by Xero UK.

We may also processes personal data of donors, trustees and or senior managers for due diligence checks for cases where funds are being received/ sent.

Individuals receiving grants and donors personal data may also be shared with our accountants, financial service providers and auditors only where necessary.

We will also share personal data where the law strictly requires us to do.

How we safeguard your data

All of the personal data you provide directly to us is processed and administered by our staff in the UK, and any maintenance or IT hosting of this information is kept strictly on servers within the European Economic Area. If any personal data is transferred outside the European Economic Area, we ensure that certain steps are taken so that personal data is properly protected, as determined law and best practise.

All of our staff and volunteers have been trained and equipped to deal with safeguarding and processing your personal data.

We always ensure that there are advanced network security and control procedures to protect your personal data. In addition, all of our records are kept in a secure location.

How long we keep your data

We ensure that we do not keep personal data for longer than we need for the purpose it was collected for. This means that personal data that we destroy or erase personal data once it is no longer needed. Retention of data varies according to the purpose for which the personal data is collected. As an example, a donor or beneficiaries personal data is retained longer than that of a supporter. Critically, we ensure that all subjects of personal data collection are informed of either the retention period of their personal data, or the criteria used to determine the retention period. 

What are your rights?

If at any point you believe the personal data we process and administer on you is incorrect, or for any other reason you can request to see this information (information access report) and even have it corrected or erased (the right to be forgotten).

You also have the right to ask us to stop processing your personal data, and if it is not necessary for the purpose you provided it to us for, we will do so immediately.

If you wish to raise a complaint on how we have handled your personal data, or for any other reason you can contact our Data Protection Officer, who will immediately investigate the matter.

If you believe that our Data Protection Officer’s investigation and response is not satisfactory, or for any other reason you can complain to the Information Commissioner’s Office (ICO).

You can contact our Data Protection Officer Mohammad at admin@themainstay.org.uk for fulfillment of any of your rights.

To request an information access report (free of cost),  please send us a description of the personal data you would like to see to : Data Protection Officer, The Mainstay Foundation, Office 11, Abji Bapashree House, 211 Kingsbury Road, London, NW9 8AQ

Upon receipt of the request for an information access report, we will provide a full response within 30 days.

Policy Updates

The Mainstay Foundation reserves the right to make alterations from time to time. Any alterations deemed significant to your personal data will be relayed to you directly or made clear on this web page.

This policy was last updated on  20/07/2018.

Further Information

If you require help or further information on our privacy policy, or for any comments, suggestions please do not hesitate to contact us on admin@themainstay.org or by calling us on 07507 899 044. Alternatively you can send us any correspondence to The Mainstay Foundation, Office 11 Abji Bapashree House, 211 Kingsbury Road, London, NW9 8AQ.