Menu
Effective 01 October 2018
Introduction
This policy summarises the key points about how The Gallaher Corporate Trustee Limited (as the corporate trustee of The Gallaher Trust) collects, uses and discloses personal data and ensures compliance with the GDPR and Data Protection Act.
Definitions
Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The Gallaher Corporate Trustee Limited is the Data Controller of all Personal Data used in the carrying out of its activities;
Data Subject: any living individual who is the subject of Personal Data;
Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and includes data held electronically or in a Relevant Filing System;
Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Relevant Filing System: any paper filing system or other manual filing system which is structured so that information about an individual is readily accessible according to specific criteria;
Special Categories of Data: data that relates to racial or ethnic origin of the data subject, political opinions, religious beliefs or other beliefs of a similar nature, trade union membership, physical or mental health or condition, sex life or sexual orientation, genetic data and biometric data.
Data in relation to criminal offences and proceedings is not included in the definition of Special Categories of Data, but similar safeguards will apply in relation to processing such data;
Responsibilities
The Gallaher Corporate Trustee Limited is the data controller of the personal data it may process and therefore is responsible for ensuring its systems, processes, suppliers and other contractors comply with data protection laws in relation to the information it handles.
All Board Members of the Gallaher Corporate Trustee Limited, and the Protector of The Gallaher Trust, must abide by this policy when handling personal data and must take part in any required data protection training. Any failing will be taken seriously and may result in action being taken to remedy the failing and to protect the reputation of the Gallaher Corporate Trustee Limited.
Principles of Data Protection
The Gallaher Corporate Trustee Limited has adopted the principles below to govern its use, collection and disclosure of personal data. Data will be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (‘data minimisation’);
(d) accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; (‘storage limitation’);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Collection, Use and Disclosure
The Gallaher Corporate Trustee Limited may collect and process data falling into one of the following categories:
– personal data obtained and created in relation to providing a financial grant or award under the terms of the Trust;
– personal data relating to suppliers of goods and services to the Gallaher Corporate Trustee Limited;
– personal data relating to subscribers to its promotional materials.
Personal data will only be processed where one of the following conditions is met:
– the processing is necessary for the purposes of the legitimate interests of the Gallaher Corporate
or contractual requirement, or a requirement relating to entering into a contract, if you fail to provide that data it might affect the ability of the Gallaher Corporate Trustee Limited to enter into a contract with you or to make a grant or award to you.
– The tables below provide a summary of how the Gallaher Trustee Limited;
– the processing is necessary for compliance with any legal obligation to which the Gallaher Corporate Trustee Limited is subject;
– the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
– the data subject has consented; or
– the processing is necessary to protect the vital interests of the data subject or another person.
Where the provision of personal data is a statutory or contractual requirement, or a requirement relating to entering a contract, if you fail to provide that data it might affect the ability of the Gallaher Corporate Trustee Limited to enter into a contract with you or to make a grant or award to you.
The tables below provide a summary of how the Gallaher Corporate Trustee Limited collects and uses personal data:
Making a grant or award
Types of Data | Collection | Use | Disclosure |
|---|---|---|---|
Information processed for file or enquiry opening procedures such as name, business information and identification documentation. Additional personal data will be processed when individuals are named in matters relevant to a grant or award under consideration. | File or enquiry opening information is collected from the data subject directly and further information (e.g. to verify identity) may be collected from third parties, such as publicly available sources. All additional personal data is collected when supplied to the Gallaher Corporate Trustee Limited or created by the Gallaher Corporate Trustee Limited in connection with a matter relevant to a grant or award under consideration. | File or enquiry opening data is used for considering making a financial grant or award under the terms of the Trust. All other personal data will be used for the purposes of considering making a financial grant or award under the terms of the Trust and to comply with legal or statutory/ regulatory obligations/internal compliance/security. | Personal data: - may be transferred to service providers; - which is shared with service providers will be limited to that which is required for providing the service and will be adequately protected; - may be disclosed to regulatory bodies, such as the Charity Commission for Northern Ireland or the Information Commissioner; -may be disclosed to other third parties including, but not limited to, National Crime Agency, insurers, brokers, auditors and professional advisors. |
Suppliers of goods and services
Types of Data | Collection | Use | Disclosure |
|---|---|---|---|
Personal data such as name, address, contact details, financial information including bank details. | Personal data will be collected from a number of sources including invoices and contracts. | Personal data will be used for administration and management purposes. All other personal data will be used for the purposes of considering making a financial grant or award under the terms of the Trust and to comply with our legal or statutory/ regulatory obligations/internal compliance/security. | Personal data: - which is shared with service providers will be limited to that which is required for providing the service and will be adequately protected; -will be disclosed where required to comply with legal obligations. |
Subscribers to promotional material
Types of Data | Collection | Use | Disclosure |
|---|---|---|---|
Information such as name and business information (email address, job title, Firm/company). | Data is collected in our system when you register to receive promotional materials. You will also be provided with the option to opt out and/ or be removed from the database with each such communication you receive from us. | Personal data will be used to contact you with communications about matters which the Gallaher Corporate Trustee Limited thinks may be relevant to your interests. | Personal data: - which is shared with service providers will be limited to that which is required for providing the service and will be adequately protected; - will not be given to other third parties. |
Individual’s Rights
Personal data must be processed in line with individuals’ rights, including the right to:
– request access to their Personal Data;
– receive certain information about the Gallaher Corporate Trustee Limited’s processing activities;
– request that their inaccurate Personal Data is corrected;
– restrict processing in specific circumstances;
– erasure;
– object to processing;
– rectify inaccurate data;
– to withdraw consent to processing if that is the basis on which the data is processed;
– be notified of a Data Breach which is likely to result in high risk to their rights and freedoms; and
– complain to the Information Commissioner’s Office
Should you wish to make a request in line with your rights as an individual, please forward it to greg@thegallahertrust.org. Further information on these rights is available at the Information Commissioners website https://ico.org.uk/.
Data Retention
The Gallaher Corporate Trustee Limited destroys manual files after 7 years.
How to Make a Complaint
You should direct all complaints relating to how the Gallaher Corporate Trustee Limited has processed your personal data to greg@thegallahertrust.org.
Security
Information security is a key element of data protection. The Gallaher Corporate Trustee Limited takes appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage.
Registered Charity No. NIC106498
© Copyright The Gallaher Trust 2021 All Rights Reserved