Data Privacy Notice
Welcome to the Family Business Research Foundation ("FBRF," "we," "our," or "us"). The FBRF is committed to protecting your privacy and handling your personal information responsibly. Your privacy is of paramount importance to us. The FBRF has developed this Data Privacy Notice to provide information on how we process personal information. Your personal data means any information that can identify an individual. The processing of such personal data is governed by the UK Data Protection Act (“DPA”) which is based on the EU General Data Protection Regulation 2016/679.
(i) The type of personal information we collect:
We currently collect and process the following information:
Personal identifiers, name, and contact information such as email address, employer or organisational affiliation, employee data, postal address, phone number, links to web pages and social media
(ii) Web Data Policy
For personal information we collect from activity on our website, please refer to our Website Data Policy.
(iii) How we get the personal information and why we have it
The charity stores personal information to help us administer the work of the charity; deliver our research activities; and disseminate learning and share information about our work. Most of the personal information we process is provided to us directly by you for one of the following reasons:
· Sharing insight – so that we can share our work with our primary audiences and stakeholders.
· Fundraising – so we can communicate with existing and prospective donors and administrate donations and grants made to the charity.
· Events- so that we are able to promote, deliver and share learning from our events.
· Research – so that we can carry out and commission our research and produce new guidance.
· Governance –we keep personal data of trustees and professional advisers/consultants to maintain the charity’s good governance.
· Management/HR – so that we can employ, support and manage our staff and volunteers.
· Administration and finance – so that we can commission services from external organisations, advises and consultants, and make payments for these services
The FBRF collects and stores personal information collected in a variety of ways - by filling in forms (for example, for processing donations), registering at our events, entering into agreements with us or providing us with a service, or by when individuals make contact with the charity directly. Personal information may, on occasion, be obtained from publicly available sources such as websites, social media, reports, and publications.
Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for processing this information are:
· Your consent
· We have a contractual obligation.
· We have a legal obligation.
· We have a vital interest.
· We need it to perform a public task.
· We have a legitimate interest.
You can contact us (details below) to ask us to remove your consent to store your personal information at any time. If you are happy for us to continue holding your personal information and to be contacted in the future by the Family Business Research Foundation about our work, then you do not need to take any action.
It may be necessary for the charity to transfer your information to trusted third-party processors, research providers, or other partners, and we will inform you if this happens.
(iv) How we store your personal information
The FBRF complies with its obligations under the DPA by keeping your personal data accurate, and where necessary, up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of it; by protecting it from loss, misuse, unauthorised access, or disclosure; and by ensuring it is protected using appropriate technical measures.
If you are or have previously engaged with the FBRF, we keep your personal data for no longer than reasonably necessary. Our standard retention policy is to retain such data for a period not exceeding seven years after the date of termination of our engagement. We may exceed this retention period should you require to maintain contact with us, legal matters arise or we have a need to protect our legitimate interests or those of a third party.
(v) Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
(vi) Changes to this policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any revisions will be posted on this page with an updated "Effective Date." We'd like to encourage you to review this Data Privacy Policy regularly.
(vii) How to contact us
If at any point you believe the personal information we possess on you is incorrect, you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, have any concerns about our use of your personal information, you can contact us at:
Family Business Research Foundation, Share London, The Green House, 244-254 Cambridge Heath Road, London, E2 9DA.
E-mail: info@fbrf.org.uk
Web: www.fbrf.org.uk
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
ICO Helpline number: 0303 123 1113
ICO website: www.ico.org.uk