Thriving Through Recreation Privacy Policy, 2024/2025
Grant Applicants, Referring Professionals, and Activity Providers
Purpose
Thriving Through Recreation is a Charitable Incorporated Organisation registered with the Charities Commission in England and Wales (1204822). This privacy notice describes how we collect and process your personal information when an application for a Thriving Through Recreation Grant is made. We only collect the data that we need in order to award grants and run our charity.
​
Who Is This Policy For?
​
This policy is for Grant Applicants and their Families, Referring Professionals, and Activity Providers.
Principles of Data Protection
​
Thriving Through Recreation regards the lawful and correct treatment of personal information as critical to its successful operation.
​
Thriving Through Recreation fully endorses and adheres to the principles of Data Protection as set out in the Data Protection Act (2018) and the General Data Protection Regulations (GDPR).
​
The GDPR outlines seven key principles for anyone who processes personal data. These are:
-
Ensure that data is fairly and lawfully processed.
-
Process data only for limited purposes.
-
Ensure that all data processed is adequate, relevant and not excessive.
-
Ensure that data processed is accurate.
-
Ensure that data is not kept for longer than is necessary.
-
Process the data in accordance with the data subject’s rights.
-
Ensure that data is secure.
-
Ensure that data is not transferred to other countries without adequate protection.
Thriving Through Recreation is registered with the Information Commissioner’s Office (ICO) and will renew this registration as required.
​
All our Trustees, staff, and volunteers are made aware of data protection policies, and the legal requirements. Thriving Through Recreation will monitor changes to data protection legislation and implement them to remain compliant.
The Data We Collect
Personal information is any information that can be used to identify a living person. We may also collect special category data. This is information about racial or ethnic origin, sexual life or orientation, religious beliefs, physical or mental health/condition, and details of proceedings in connection with an offence or an alleged offence.
The information we collect and process varies depending on whether you are the grant applicant, the parent or carer to the applicant, the referring professional, or the nominated activity provider. We can collect and process the following information about you:
-
Contact Data, including first and last name, address, email address, telephone number.
-
Communications Data, including emails and records of conversations.
-
Relevant Personal Data, including preferred gender, date of birth, reasons for application.
-
Family Data, including others living at the home address.
-
Special Category Data revealing or concerning a person’s racial or ethnic origin, health and medical conditions, religious or political beliefs, sexual orientation.
-
Criminal Offence or related data including information about criminal offences, allegations, proceedings or convictions, descriptions of criminal incidents.
-
Education and Training Data, including school or nursery name, previous and current recreational learning activities.
-
Technical Data, including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the device you use, if you access Thriving Through Recreation’s website and online application form.
-
Usage Data including information about your use of our service, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); elements you viewed; page response times; download errors; length of visits; interaction information (such as scrolling, clicks, and mouse-overs).
-
Evaluation Data, including feedback you share with us when you participate in any reviews, questionnaires and surveys.
We also collect, process and use aggregated data, for example statistical or demographic data to monitor and evaluate the impact of our grant-giving. Aggregated data may be derived from your personal data but is not considered personal data in law, as the data does not directly or indirectly reveal your identity.
​
If we combine or connect aggregated data with your personal data so that it is possible to identify you directly or indirectly, we treat this data as personal data in accordance with this privacy policy.
​
How We Collect Your Personal Information
​
We collect data from you in different ways:
-
Most applications are made using our online application from by a professional referrer, who are professional support workers from public and third sector organisations. We collect this data via a GoogleForm application form. Further data for the awarding of grants, and the monitoring of grant efficacy may be collected during phone calls, video calls, emails, text messages and/or WhatsApp.
-
We collect data when you visit our website, contact us via our website, engage with any questionnaires or evaluative research, correspond with us via telephone, post, videocall, email, or Whatsapp.
-
We may also collect data using third party sources, such as evaluation data, when you participate in surveys using SurveyMonkey and other research activities. Technical and usage data from Wix analytics, who support our website and provide server monitoring tools may be based outside the EEA.
Why We Collect Your Data
We only use your personal data when the law allows us to, in ways you would reasonably expect from us. Under the UK General Data Protection Regulation, the lawful bases we most commonly rely on for processing your personal information are where it is necessary for our legitimate interests and where you have given us consent. When special category personal data is processed, a lawful basis and additional condition will be satisfied.
Where it is necessary for our legitimate interests, and your interests and fundamental rights do not override those interests, in making an application to us we ask for certain personal information about you so that we can work out whether we can provide grant funding to you. We also use the data to understand the impact of that funding and how our grant making might improve.
We gather consent at the point of application. When an application is made on the applicant’s behalf, we ask the referrer to verify they have got your consent to share your data. We ask for consent as an additional legal safeguard as we sometimes collect sensitive category information.
We collect special category sensitive data if you want us to know about it to support your application. If someone is applying on your behalf, the referrer is asked to verify they have your consent to share information. We ask applicants and referrers to share information that is sufficient, relevant and limited to what is necessary for us to make a decision. There are stronger safeguards in place to protect this kind of information, and the law only allows us to use it in certain circumstances.
​
Details of how we use your data, the type of data, and the legal justification we rely on to process your data is set out below:
Purpose
To assess, award, process & review grants; communicate with you.
Type of Data
-
Contact
-
Communication
-
Relevant Personal
-
Family
-
Education and Learning
-
Special Category
Lawful Basis for Processing
Necessary for our legitimate interests to administer grants and/or support to individuals.
Consent - an additional legal requirement to process special category data.
Purpose
To administer our charity and manage our relationship with grant recipients, including review.
Type of Data
-
Contact
-
Communications
-
Relevant Personal
-
Family
-
Education and Learning
-
Special Category
Lawful Basis for Processing
Necessary for our legitimate interests to develop our charity offer and operations effectively, to identify gaps in provision, to answer website enquiries, to keep records updated and to understand our charity’s impact.
Consent - to take part in surveys and evaluation activities.
Purpose
To administer and protect our charity, our website, manage grant giving, reporting and hosting of data.
Type of Data
-
Contact
-
Communications
-
Technical
-
Usage
-
Financial
-
Aggregated
Lawful Basis for Processing
Necessary for our legitimate interests for running our charity, providing administrative and IT services, and network security.
Purpose
To deliver relevant website content, and to use data analytics to improve our website, our services and our support to grant recipients.
Type of Data
-
Contact
-
Communications
-
Technical
-
Usage
-
Aggregated
Lawful Basis for Processing
Necessary for our legitimate interests to keep our website updated and relevant, to develop our charity, and to monitor and improve our grant awards system.
Consent - using cookies on our website.
​
Purpose
To raise public awareness, inform strategy and drive fundraising.
Type of Data
-
Evaluation
-
Aggregated
Lawful Basis for Processing
Necessary for our legitimate interests to raise public awareness, shape our eligibility criteria and grant awards process, and drive fundraising activities.
Consent - to take part in surveys or fundraising activities.
Who We Share Your Information With
There may be circumstances in which Thriving Through Recreation is required by law to pass information to external authorities or organisations. These authorities and organisations will have their own policies relating to the protection of any data that they receive or collect.
To protect or maintain the welfare of children and young people, and in cases of suspected child abuse, it may be necessary to pass personal data on to social workers or other support agencies.
Personal data is indirectly shared with Google LLC, Microsoft and Wix as providers of email, cloud storage and website systems. Their servers may be located around the world. They have their own technical safeguards in place to protect your data.
Funders and evaluation partners may have anonymised data shared with them for the purposes of fundraising and efficacy analysis.
How We Store Your Information
Hard copy data, records and personal information is stored in locked filing cabinets. No hard copies of personal data will leave Thriving Through Recreation’s registered premises. Unwanted paper copies of data will be shredded.
Digital copies of data are stored on password protected laptops, tablets and mobile phones, or within password protected software accounts. Passwords are only known to specified Thriving Through Recreation staff and volunteers. Back-Up copies of personal data is stored on the Microsoft One Drive Cloud.
Your information is securely stored in the EEA apart from data that is processed by Google when you complete the application form using Google Forms and Microsoft One Drive Cloud, which may be stored elsewhere in the world. Any technical or usage data is stored on Wix servers that are located around the world.
We have appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, volunteers and other third parties who have a need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have a procedure to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How Long We Keep Your Information
The secure disposal of redundant data is an integral element of compliance with legal requirements.
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This is usually seven years from the closure of a grant.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes. In which case we may use this information indefinitely without further notice to you.
Your Data Protection Rights
Under data protection law, you have rights including:
-
Your Right of Access: you have the right to ask us for copies of your personal data.
-
Your right to rectification: you have the right to ask us to rectify personal data you think is inaccurate. you also have the right to ask us to complete information you think is incomplete. We may need to verify the accuracy of the new information that you give us.
-
Your right to erasure: you have the right to ask us to erase your personal data in certain circumstances. We may not always be able to comply with your request of erasure for specific legal reasons which we will tell you, if applicable, at the time of your request.
-
Your right to restriction of processing: you have the right to ask us to restrict the processing of your personal data in the certain circumstances. These may include a) if you want us to establish the data’s accuracy; b) where our use of the data is unlawful but you do not want us to erase it; c) where you need us to hold the data even if we no longer require it as you need to establish, exercise or defend legal claims; or d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
-
Your right to object to processing: you have the right to object to the processing of your personal data in certain circumstances. This includes when we are relying on a legitimate interest, but you feel that us processing this data will impact on your fundamental rights and freedoms. In some cases, we may be able to show that we have compelling legitimate grounds to process your information which override your rights and freedoms.
-
Your right to data portability: you have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
-
Your right to withdraw consent: when we solely use consent as our lawful basis you have the right to withdraw our consent.
You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you. Occasionally, if your request is particularly complicated, it may take us longer than a month to respond. In this instance, we will always keep you informed.
​
To make a data protection rights request, please contact us using the contact details in this privacy policy. In some cases, we may ask for specific information from you to confirm your identity and confirm your right to access your personal data. This is to ensure that personal data is never disclosed to anyone who does not have the right to receive it.
​
If you have concerns about our use of your personal data, you can make a complaint to us using the contact details in this privacy policy.
​
If, after raising a complaint with us, you remain unhappy with how we have used your data, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection. Further information can be found at https://www.ico.org.uk/.
How To Contact Us
If you have any questions about your personal data that are not explained here, please feel free to contact us at contact@thrivingthroughrecreation.co.uk.
Privacy Notice Changes
This Privacy Policy was last updated on 9 September 2024.