Arcadia is committed to safeguarding your personal information. This policy explains how Arcadia (“we“, “our“, “us”) collects, processes, stores and uses personal information. It also explains why we collect such information and how we ensure that we handle it in a secure, responsible manner, following the UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018. Finally, it explains your rights in relation to the personal information we hold.
WHO WE ARE
Arcadia is a family charitable fund. Our founders, Lisbet Rausing and Peter Baldwin, set up Arcadia in 2002. We are run by a small London-based team of experts in their fields. Arcadia Administration Limited is a private limited company (company no 07107300). Arcadia Administration Limited is registered with the Information Commissioner’s Office (ICO) as a data controller with registration number ZA065387.
WHEN AND HOW WE COLLECT, PROCESS, STORE, SHARE AND USE INFORMATION ABOUT YOU, AND WHY WE COLLECT THIS INFORMATION?
1. When you submit a grant proposal or when you have a grant with us
We will collect information about you to process your grant proposal to us. This information is either publicly available or information that you submit to us, by email or through our grants management system, Fluxx. The lawful bases we rely on for processing this information are: your consent; our contractual obligation if your application is successful; our legal obligation to ensure that our funding supports lawful activities; and our legitimate interest to make grants that contribute to achieving our aims, to improve our decision making and to contribute to effective philanthropy.
We will only ask you for as much information as we need to effectively consider your grant proposal and manage it if your application is successful. By submitting a grant proposal, you are agreeing to us collecting, processing and using your data for these purposes.
To collect information, we use email, meetings (in person or online) and set forms (via our online grants management system, Fluxx). Most of this information is organizational information, but it may also include information about people involved in your project or organization or information from referees.
We may share this information with our team, including consultants, our Donor and Advisory Boards and referees including those nominated by you (we will assume that they have given you permission to share their details with us). We also share information on awarded grants with our trustees, Talvik Administration Services (a licensed trust company regulated by the Liechtenstein Financial Market Authority) and the Charities Aid Foundation (CAF), that also support our grants administration.
We may also collect sensitive personal data for some projects to help us monitor the equity of our grant-making.
We keep records of completed grants to help us assess any future applications from you. We keep these records for learning purposes to improve our processes and to maintain a history of our funding. This includes all personal data related to the administration of the grant, including grant contacts’ names, email addresses and phone numbers, key people in the organization, assessment notes and details of referees.
We publish limited information (no personal data) about our funding on our website and on 360Giving under the Creative Commons Attribution 4.0 International License.
Except as required by law, we do not disclose your personal information to third parties not involved in our grant-making process.
2. When you visit our website
We collect information about how visitors use our website via a third party, Google Analytics. We collect standard internet usage information and details of visitor behaviour patterns. The lawful basis we rely on for processing this information is our legitimate interest to improve the way we deliver information online.
As soon as this information is collected through Google Analytics, users’ IP addresses are made anonymous. We will not attempt to find out the identities of those visiting our website.
3. When you sign up to our newsletter
4. When you contact us
We do not accept funding applications. If you write to us at email@example.com, or contact us by phone, we will store your details only for as long as necessary to enable us to respond to your enquiry. Our standard data retention period for general enquiries is six years from the date you have contacted us.
5. When you apply for a vacancy
If you apply for a vacancy with us, we will only use the information you provide during the application process and will only use it for the purpose of assessing your application, or to fulfil legal or regulatory requirements if necessary. The lawful bases we rely on for processing this information are: your consent as an applicant; our legal obligation to check that you have the right to work in the UK; and our legitimate interest to assess your suitability for the role.
We may use recruitment agencies to assist us with recruitment. Details of the privacy policies of these third parties will be available on their websites. We will not share any of the information you provide during the recruitment process with any third parties for any other purpose.
We will not collect more information than we need to fulfil our purpose. We will use the information you provide to get in touch with you during your application process and to assess your suitability for the role. You do not have to provide the information we ask for, but it might affect your application if you do not.
As part of your application process, we will ask you for contact details of your referees and will get in touch with them about your application. We will assume that they have given you permission to do so. We may also ask for your consent to share your information with a third party for background checks.
If you are unsuccessful at any stage of the process, we will keep the information you have provided for six months. We will also keep any information from the assessment process, including references and interview notes, for six months.
6. When you attend our events
If you attend an event that we organize, we may ask you for some relevant personal information, including your name, email and phone number. We may also ask for sensitive personal data (for example, dietary or access requirements). We use this information so that we can get in touch with you and cater for your needs. We may share some of this information with third parties that help us run the event. We manage guest lists and send invitations via Paperless Post. You can view Paperless Post’s privacy notice here.
7. When we have a contract with you
If we have an obligation to pay you (e.g. following delivery of services) we will collect personal data from you to enable us to complete this contractual transaction. We will process and store this data in our accounting system, and use online banking to make payments.
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your information, please email us at firstname.lastname@example.org. We will ask you to verify your identity before we provide the information.
We want to make sure your personal information is accurate and up to date. You may ask us to correct or remove information you may think is inaccurate.
We try to meet the highest standards when collecting and using personal information. If you have any question or would like to raise a concern, please get in touch with us at email@example.com
If you wish to make a complaint about the way we have processed your personal information, you can contact the ICO as the statutory body which oversees data protection law ico.org.uk/concerns.
UPDATES TO THIS POLICY