Privacy Policy

Step Ahead Trust Privacy Notice

ABOUT THIS PRIVACY NOTICE

At Step Ahead Trust we take the protection of Personal Data seriously. In this Privacy Notice we’ll explain what Personal Data we collect from you, how we use and share that data, how we keep your Personal Data safe, and how long we keep it for. We’ll also explain how we Process your data (and the Legal Basis for doing so) and help you to understand your Personal Data Rights.

ANY QUESTIONS?

Although we have made every effort to keep things simple throughout this Privacy Notice, there are some concepts and legal terms that we'll sometimes need to use. We've tried to use plain English wherever possible.

If you have any questions about this Data Privacy Notice or would like additional clarification, please contact us at info@stepaheadtrust.org.

WHAT DO WE MEAN BY PERSONAL DATA?

Personal Data is any information that could be used (directly or indirectly) to identify you. That could be anything from your name and address, your bank details, your email address, an image or recording of you, your IP address or any other data that could be used to identify you. In some circumstances we may collect and process sensitive Personal Data called Special Category Personal Data. If we collect Special Category Personal data we will always inform you.

WHAT DO WE MEAN BY PROCESSING YOUR PERSONAL DATA?

Processing Data simply means doing something with your Personal Data. That could be as straightforward as collecting it or sharing it, or as complex as modelling the data or appending values to the data. If a company or organisation does anything with your Personal Data, they are Processing it.

THE PERSONAL DATA WE COLLECT

Step Ahead Trust does not capture Personal Data on its website. We share some of the Personal Data you provide with third party Data Processors who provide us with specific services. You can read about those in What we do with your Personal Data. We also use cookies on our site and you can read more about the cookies we use.

WHAT DO WE DO WITH YOUR PERSONAL DATA?

In this section we'll explain how we Process your Personal Data and the Legal Basis for doing so. We'll also explain what a Data Controller and a Data Processor is. We have tried to use plain English wherever possible but it is important you understand what these legal terms mean.

WHAT IS A DATA CONTROLLER?

Step Ahead Trust is a Data Controller. That means we're responsible for determining what happens to the Personal Data we collect, including how we Process it. As a Data Controller we're also responsible for monitoring and approving the Data Processors we pass your Personal Data to.

WHAT IS A DATA PROCESSOR?

Step Ahead Trust may use Data Processors to provide Personal Data Processing services. A Data Processor carries out Processing on behalf of a Data Controller. We might employ the services of another company to carry out Data Processing for us. As an example we (the Data Controller) might ask another company (the Data Processor) to send you an email or letter. We’d need to give that company your contact details so they know where to send the letter.

WHAT IS A LEGAL BASIS TO COLLECT AND PROCESS PERSONAL DATA?

Under GDPR (the General Data Protection Regulation) there are a number of Legal Bases that a Data Controller can use to Process or share Personal Data.

The Legal Bases Step Ahead Trust use to Process your Personal Data

CONSENT

Consent means you've given us clear and informed permission to Process your Personal Data. Consent is a Legal Basis to Process Personal Data. An example might be you have asked us to send you promotional materials. Remember, you can withdraw your Consent at any time.

LEGAL AND REGULATORY

Sometimes we have a Legal or regulatory obligation to Process your Personal Data. These are Legal Bases to Process Personal Data.

LEGITIMATE INTEREST

Sometimes we have a Legitimate Interest to Process your Personal Data. Where we use Legitimate Interest to Process your Personal Data we'll ensure that our Legitimate Interests are proportional and do not compromise your Personal Data rights. You can object to us Processing your data for Legitimate Interests at any time. In some circumstances we may continue to process your Personal Data using Legitimate Interests where we can demonstrate that our interests override your Right to Object.

How we Process the Personal Data we collect

MANAGING RELATIONSHIPS WITH OUR CHARITY BENEFICIARIES

We may use a third party Data Processor for Customer Relationship Management purposes. This helps us process grant applications and manage our relationships with our charity beneficiaries. The Contract successful grant applicants enter into with us is a Legal Basis for Processing Personal Data. The Personal Data we collect is stored for six years after funding has come to an end. This is a legal obligation to help prevent financial fraud.

HOW WE USE COOKIES ON OUR WEBSITE

We use cookies on our website. In this section we’ll explain what cookies are, what cookies we use, and how you can disable cookies (and the implications of doing so) should you wish to.

WHAT ARE COOKIES?

Cookies are small data files that are downloaded to your computer when you visit our website. Cookies help us manage how our website operates and understand how you use it. They also help us integrate social media feeds into our website.

THE COOKIES WE USE

This website uses a Google Analytics tracking cookie to collect anonymous traffic data about your use of this website. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You can reject or delete this cookie here:

http://www.google.com/intl/en/privacypolicy.html

Google Analytics collects information such as pages you visit on this site, the browser and operating system you use and time spent viewing pages. The purpose of this information is to help us improve the site for future visitors.

The social plug-ins for Twitter and Facebook at the top of the page may also set or retrieve cookies on your machine, if you are logged into these websites, or have previously downloaded cookies controlled by these sites.

Cookies are not used to collect any personal information.

DISABLING COOKIES

If you'd prefer not to allow cookies, you can choose to disable cookies via your web browser. Your experience of our website may be compromised if you choose to disable cookies. Disabling cookies varies from web browser to web browser but the links below have instructions for some common browsers.

Please be aware that disabling cookies will disable all cookies in your web browser. If you'd prefer to stop online advertising only you can use ad blocking in your browser. Many web browsers now come with this as standard. For more information about online advertising you can visit www.youronlinechoices.com/uk/

YOUR PERSONAL DATA RIGHTS

Under GDPR (the General Data Protection Regulations) you have a number of Personal Data Rights you can exercise over your Personal Data. We’ll explain those rights and how you can exercise them here.

YOUR RIGHT TO BE INFORMED

We believe it is important that you fully understand what we do with your Personal Data. This is known as the Right to be Informed. This Privacy Notice gives detailed information about the type of Personal Data we collect, how we Process that data, and how we share that data with Data Processors and other Data Controllers. We'll inform you:

Of your Data Protection Rights
When we share your Personal Data with Data Processors or other Data Controllers
If we send your Personal Data outside of the EU
Of the purpose of and Legal Basis for our Processing
About the implications of not providing Personal Data we have requested under a

Contractual or Legal requirement

How to withdraw Consent you have given previously
About any Profiling activity we conduct which results in automated decision making.
This is explained in more detail in Your Right to Object to Profiling
About your Right to Complain to the Information Commissioner
About the length of time we retain your Personal Data for and the reasons we do
If we want to change the way we Process your Personal Data we'll inform you beforehand and give you an opportunity to object
If and how we obtained your Personal Data from a third party

CONSENT CAN BE WITHDRAWN IF YOU CHOOSE

You can withdraw your Consent at any time by emailing info@stepaheadtrust.org.

YOUR RIGHT TO CORRECT PERSONAL DATA WE HOLD

Although we make every effort to ensure your Personal Data is complete, up-to-date and accurate we recognise that sometimes mistakes happen. You can ask us to correct your Personal Data at any time. This is known as the Right to Rectification.

You can ask us to amend your Personal Data by emailing info@stepaheadtrust.org.

YOUR RIGHT TO ACCESS YOUR PERSONAL DATA

You have the right to ask for a copy of your Personal Data and any Special Category Data we hold. You can also request copies of any Personal Data and Special Category Data we have shared with our Data Processors and any other Data Controllers. There are many reasons you might request a copy of your Personal Data:

You'd like to check the details we hold to correct any inaccuracies
To ensure we are processing your data lawfully
To make a Subject Access Request (SAR). This is a specific request to get a copy of the

Personal Data we use, our Data Processors and any joint Data Controllers hold. Data
will be provided in a user-friendly secure format (see Data Portability).

You can ask us for a copy of your Personal Data by contacting Step Ahead Trust.

The more information you provide when you make your request the sooner we'll be able to respond. We aim to provide the data requested within thirty days but more complex requests may take longer (up to three months). We'll let you know if we believe your request could take longer to respond to than one month.

We won’t charge you for making an access request unless we've already provided the Personal Data you ask for. In those cases we'll provide new information only. We may decline excessive requests or unfounded requests (or charge a small fee to provide the information) but we'll always make it clear why we believe that to be the case.

In unusual cases we may decline a request because the data requested contains Personal Data about someone else and we consider that their rights may be compromised by the request.

You might not want us to Process your Personal Data in a certain way or for a specific reason, and can ask us not to where we use Legitimate Interests as the Legal Basis for Processing. What does that mean in plain English? When we're using Legitimate Interests as the basis for Processing your Personal Data, you can ask us not to do this at any time. If we want to continue to process the data we must be able to show that our continued processing is not detrimental to your interests.

YOUR RIGHT TO ACCESS YOUR PERSONAL DATA

You can make a Subject Access Request by emailing us at Step Ahead Trust. We may ask for additional Personal Data to verify your identity before we release your information depending on the nature of your request.

YOUR RIGHT TO ERASURE

We recognise that sometimes you'd rather we erase some or all of the Personal Data we hold. This is known as the Right to Erasure. You might ask us to do this where:

We no longer need the data for the purpose it was gathered
You gave us Consent but want to withdraw that Consent
You object to the automated Processing we carry out
We have Processed your data unlawfully
We have a legal requirement to erase your Personal Data

YOUR RIGHT TO RESTRICT PROCESSING

You have the right to ask us to restrict the way we Process your Personal Data. You can ask us to restrict the ways in which we Process your Personal Data because:

You believe the Personal Data we hold is inaccurate and you'd like us to stop
Processing your Personal Data until it has been corrected.
You believe your Personal Data has been unlawfully processed and you would like us
to restrict our Processing while we investigate.
You may not need the Personal Data any more but you'd like us to retain it while a
legal claim is in process.

You can ask us to restrict our Processing by contacting our Data Protection Officer at Step Ahead Trust.

YOUR RIGHT TO MOVE YOUR PERSONAL DATA

If you want a copy of your Personal Data that you'd like to give to someone else, you can ask us to give you that data in a common, user-friendly and secure format. We can send your Personal Data directly to you or to a third party you specify. This is known as your Right to Portability.

You should be aware that asking for a copy of your Personal Data doesn't mean we'll erase that data unless you specifically ask us to. You can find more about on erasure in your Right to erasure.

You can ask us for a copy of your Personal Data by contacting us at info@stepaheadtrust.org.

YOUR RIGHT TO BE INFORMED IF YOUR PERSONAL DATA IS COMPROMISED

In the unlikely event that the Personal Data we hold is breached or compromised in a significant way that would be a high risk to your rights and personal freedoms, we'll contact you without delay to let you know:

What happened and how it happened
What data was affected and what that means to you
What we're doing about it and how you can stay informed

HOW WE KEEP YOUR PERSONAL DATA SAFE

At Step Ahead Trust information security is very important to our business. We are fully committed to ensuring information security, confidentiality, and integrity.

THE INFORMATION YOU SEND US ONLINE

The methods we use to ensure data is safeguarded while being sent over the internet are industry-standard. When information reaches us we store it securely and only provide access to authorised personnel or Data Processors.

HOW WE RESTRICT ACCESS TO YOUR PERSONAL DATA

Step Ahead Trust maintains strict physical, electronic and administrative safeguards to protect your Personal Data from unauthorised or inappropriate access. Personal Data collected by us is stored in secure operating environments that are not accessible by the public. In the unlikely event that an employee or a Data Processor misuses that information they will be liable to appropriate legal and disciplinary sanctions