Privacy Policy

Portal privacy notice for the Social Enterprise Support Fund

Who we are

Social Enterprise Support Fund (the “Fund”) is a brand name for a partnership of social enterprise investors and support agencies, who have come together to deliver financial support to social enterprises. The Fund is part of the Coronavirus Community Support Fund, a financial support package for voluntary, community sector organisations and social enterprises (“VCSEs”), being delivered through The National Lottery Community Fund (“TNLCF”).

The Partners to the Fund are Big Issue Invest, The Key Fund, Resonance, the School for Social Entrepreneurs (“SSE”) and UnLtd (the “Partners”, “we” or “us”). The Partners will jointly manage the delivery of grant support in connection with the Fund to social enterprises.

This privacy notice governs your use of the web portal operated by the Partners to receive grant applications in connection with the Fund (the “Portal”). It explains how we how we will process any personal information that we collect about you, including information that you give to us. It also tells you our views and practices about your personal data and how we will treat it.

In addition to the Partners, UnLtd will be working with CAF Venturesome, the Young Foundation and Ashoka to identify potential grant applicants. They will refer organisations into this funding programme but will not hold or process any personal data gathered through the Portal or the application process.

For the purposes of applicable data protection legislation, the Partners will be joint controllers in respect of the personal data you provide through the application form and any further personal data collected through the Portal on applicants and approved grantees. We have agreed that we will each take individual responsibility for compliance with data protection laws in respect of the elements of the processing we undertake. This privacy notice is issued jointly on behalf of the Partners.

How to contact us

Should you have any questions about how personal data is used by the Partners, in the first instance please contact the SSE, who are the managers of the application portal. You can email SSE at office@sse.org.uk  stating it is a query about SESF Data Protection.

Contact details for the other Partners can be found at the end of this policy.

What data we collect

The personal data we will collect will principally be the name, date of birth and contact details, including an address, email, telephone number and role description, of grant applicants.

We also ask for equal opportunities monitoring information about the leadership of your organisation and will collect this data where provided, consistently with the provisions of the Data Protection Act 2018 for collecting personal data for equal opportunities monitoring

We may also collect and use publicly available information about you to carry out background checks for the purposes of assessing any risks to public funding in making a grant to your organisation.

If you interact with the Portal, as is the case with most websites, we automatically get some technical details such as your chosen browser and unique IP address. We will also automatically collect information about your visit, including how you are using the Portal, the movement of your mouse and what buttons you click. Please see our Cookies Policy: https://socialenterprisesupportfund.org.uk/cookie-policy for full information.

How we will use your personal data

Your personal data will be used by us for the following purposes:

  • Communicating with you regarding the project’s progress, grant management, evaluation and any other relevant information about the Social Enterprise Support Fund;
  • Administering your grant application, including assessing your application, and undertaking due diligence and identity checks;
  • Providing TNLCF with statistical information in relation to grant applications and such personal data as they require in connection with the running of the Fund;
  • Assessing any risks to public funding in making a grant to your organisation;
  • Analysis and learning about grant-making and the role of social enterprises (on an anonymous or pseudonymous basis wherever possible);
  • Administering the Portal and for internal operations, including troubleshooting, data analysis and testing;
  • Allowing you to use any interactive features of the Portal, when you choose to do so;
  • Keeping the Portal safe and secure; and
  • Complying with our legal and regulatory requirements.

If your application is successful, the relevant Partner will then use your personal data for processing grant payments, grant variations, grant monitoring and reporting. The relevant Partner will be an independent controller in relation to such processing and will contact you separately to provide you with a copy of the relevant Partner’s individual privacy notice, and your personal data will be used in accordance with that privacy notice.

Sharing your personal data

In general, your data is processed by us and we do not pass applicant personal data to third parties unless in the context of the grant applications.  Where we do share your personal data, we do so with the following recipients and categories of recipients:

The Partners

As described above, each relevant Partner will extract a copy of Portal Personal Data relating to specific applicants for the purpose of further evaluating any applicants allocated to them and for ongoing relationship management. Your personal data will be held by any such relevant Partner in its capacity as an independent data controller for data protection purposes. The Partner will share its individual Partner privacy notice with you.

Please refer to the individual Partner privacy notices set out below for further details regarding the processing of your personal data by such organisations:

TNLCF

The Partners will share some of your personal data with TNLCF acting as independent data controllers for the purposes of running the Fund. Your personal data will be held by TNCLF primarily for oversight, audit and assurance purposes to prevent fraud and ensure that the money has been spent in accordance with regulations and the purposes of the programme. Please refer to the TNLCF privacy notice available here: https://www.tnlcommunityfund.org.uk/funding/covid-19/privacy-notice for further details regarding the processing of your personal data by TNLCF.

Service providers including SSE

The development and management of the Portal is being carried out by SSE on behalf of the Partners and using a third party IT service provider. We may also use other third party service providers from time to time to perform functions on our behalf. We may share your personal data with these third party service providers for the purpose of providing services to the Partners/Fund. We will only share your data with any service providers where we have an appropriate data processing agreement (or similar protections) in place and they will not be able to use your data for their own purposes (e.g. for their own marketing purposes).

Fraud Prevention Agencies

Your personal data may be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused grant funding.

Related Entities

We may share your personal data with any current or future member of our respective groups, which includes our subsidiaries, any relevant ultimate holding company and its subsidiaries.

Regulatory bodies

We may disclose your personal data:

  • to data protection regulatory authorities;
  • in response to an enquiry from a government agency; and
  • to other regulatory authorities with jurisdiction over our activities.

Professional advisors and auditors

We may disclose your personal data to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.

Replacement providers

We may also disclose your personal information in the following circumstances:

  • if any Partner sells or buys any business or assets, that Partner may transfer your personal information to the potential seller or buyer of such business or assets; and
  • if any Partner or substantially all of its assets are acquired by a third party, its rights to personal data held by it in the Portal may be one of the transferred assets.

Otherwise, your data will only be disclosed or shared in special exceptional cases, where we are obligated or entitled to do so by statute or upon binding order from a public authority.

Lawful bases for processing your personal data

We rely on the legitimate interest basis to collect and use personal data about applicants and approved grantees. We believe we have a number of legitimate interests in processing your personal data, including but not limited to:

  • administering grant applications;
  • promoting the Fund to suitable applicants;
  • helping us meet our legal obligations; and
  • analysing and learning from the information you provide to better administer grants in the future.

Where we collect information for equal opportunities monitoring purposes we rely on substantial public interest, as further described in paragraph 8 of Schedule 1 to the Data Protection Act 2018.

How long will we keep your personal data?

If your grant application is successful, your personal data will be retained on the Portal for seven years. If your application is unsuccessful, your data will only be retained on the Portal for two years. We may contact you to ask for your consent to retain your personal data for a longer period, in which case we will provide you with an updated privacy notice at the time detailing how we may use your personal data going forwards.

Accuracy

The Partners will take all reasonable steps to keep personal data accurate, complete, current and relevant, if it is used on an ongoing basis and based on the most recent information available to us. If we are advised of a change in information, we will update the data accordingly. Please notify us of any changes to your personal data.

Security of personal information

We are committed to taking all reasonable and appropriate steps to protect the personal data we collect from you from against improper use or disclosure, unauthorised access, unauthorised modification, and unlawful destruction or accidental loss. We have taken and will take appropriate information security, technical, storage and organisational measures to such end, including measures to deal with any suspected data breach. All service providers who are involved with the processing of your information are also obliged to respect the confidentiality of your personal data. We protect your personal data by storing it securely and ensuring only certain personnel with password protected authentication can access personal data.

Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk.  Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet.

If you suspect any misuse, loss, or unauthorised access to your personal data please let us know immediately using the contact details set out in this Privacy Notice. We will investigate the matter and update you as soon as possible on next steps.

Where we transfer your personal data

The personal data that we collect from you may be sent to, and stored at, a destination outside the European Economic Area (which means the 28 European Union member states, together with Norway, Iceland and Liechtenstein, ”EEA”), including by our third party service providers. Your information may also be processed by staff operating outside the EEA who work for us or for one of our service providers. This may include staff working to provide Portal management support services.

In the event that your personal data is transferred to, or stored in a country outside of the EEA, and where the country or territory in question does not maintain adequate data protection standards, we will take all reasonable steps to ensure that any such transfers are undertaken in accordance with applicable data protection and privacy laws and that your data is treated securely and in accordance with this Privacy Notice.

However, please note that where personal data is stored in another country, it may be accessible to law enforcement agencies in accordance with domestic laws.

Your rights

You have various rights in relation to the data which we hold about you as described below.

To get in touch with us about any of your rights under applicable data protection laws, please use the SSE contact details set out above in the first instance. However, you can exercise these rights against each of the Partners if you choose to. We will seek to deal with your request without undue delay, and in any event within any time limits provided for in applicable data protection law (subject to any extensions to which we are lawfully entitled).  Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Access to your information

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please let us know. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost.  Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.

Right to object

This right enables you to object to us processing your personal data where we do so for one of the following reasons:

  • because it is in our legitimate interests to do so (for further information please see below);
  • to enable us to perform a task in the public interest or exercise official authority;
  • to send you direct marketing materials; or
  • for scientific, historical, research, or statistical purposes.

Right to erasure

You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where:

  • the data is no longer necessary;
  • you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
  • the data has been processed unlawfully;
  • it is necessary for the data to be erased in order for us to comply with our obligations under law; or
  • you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.

Right to restrict processing

You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.

Right to rectification

You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

Right to complain

You have the right to make a complaint to your local supervisory authority which is the Information Commissioner’s Office. You can contact them in the following ways:

  • Phone: 0303 123 1113
  • Email: casework@ico.org.uk
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Please raise your concern with us first and we will do our best to help.

Contact Details

You may contact any of the Partners regarding the processing of your personal data using the following details:

Changes to this Privacy Notice

Any changes we make to this privacy notice in the future will be posted on this page and we may email you to tell you about any significant changes. Please check back regularly to see any updates or changes.