The Rufford Foundation Privacy Policy

Introduction

In this Policy where you see the words " Rufford Foundation", or " we", " us" it refers to the Rufford Foundation, who are the designated data controller for the information we collect from you. We are a charity specifically established for the development of Rufford Small Grants for Nature Conservation (RSGs); our grants fund nature conservation projects across the developing world. We also run a conference programme, in order to encourage the sharing of knowledge and practice throughout the developing world.

This Policy covers www.rufford.org, www.ruffordsmallgrants.org andapply.ruffordsmallgrants.org, which we refer to in this Policy as " our website".

Our website is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 13. If you are under the age of 13, you may use the website only with consent from a parent or guardian.

Table of contents

1. Policy Overview

Scope of this policy

This Privacy Policy concerns all the information that we collect, use and otherwise process about you.

Policy updates

We keep this Privacy Policy under regular review to make sure we're being transparent about how we use your personal information. Any changes to our Privacy Policy will be reflected at https://www.rufford.org/privacy_policy.

2. About Us

Who are we?

We are The Rufford Foundation, a registered charity in the UK with registered charity number 1117270. You’ll find our registered address below.

How to contact us

If you have any questions about this Privacy Policy or the ways in which we handle your personal information, please contact us as follows:

FAO: Terry Kenny, Trust Director
Address: 6th Floor, 250 Tottenham Court Road, London, W1T 7QZ
Email: terry@rufford.org

3. What Information do we Collect About You?

What types of information do we collect about you?

The type of information we collect about you depends on the nature of your interactions with us. Depending on the circumstances, we collect any of the following:

  • Details about you. Your name, email address, address, telephone number, date of birth, job title, gender, nationality, education details, work experience, financial details (which may include bank account details in order to pay grants), social media handles and any information to the extent that it is relevant for your application for a grant, provided by a grant applicant in order for you to act as their referee, provided by a grant applicant because you are a part of their project team or when you contact us to organise or attend an event;
  • Identification documents. Identification documents in order to verify your identity;
  • References. Opinions of your referees about you as part of your application for a grant;
  • Opinions. Opinions of third party conservation experts for the external assessment of your grant application;
  • Your interactions with us. Information about your interactions or conversations with us and our people, including when you make enquiries to us, attend our events and make applications to us;
  • Information contained in correspondence. For example, if you contact us using a query button on our website or by email or telephone or social media, we may keep a record of that correspondence;
  • Job applications. If you apply for a job with us, your CV, work history, educational details, the role you're applying for, references and any other such similar information;
  • Account profile data. if you're registering for an account you may also provide a username, password, email address;
  • Your use of our systems and services. Details of the way in which you use our site and/or social media pages (please see the "Cookie Use Policy" section below for further details); and

4. How we Collect Information About You?

How we collect information about you will depend on how you interact with us. Depending on the circumstances, we collect information in any of the following ways:

  • When you apply for a grant;
  • When you provide a reference for a grant applicant;
  • When you organise an event with us;
  • When you browse our site;
  • When you contact us via social media, post or email;
  • When you register to attend and/or attend any events we host or hosted in connection with us by a third party;
  • When you 'follow', 'like', or 'post' on our social media accounts, including Facebook, Instagram and Twitter; and/or
  • When you submit content to be used on the site or on our social media accounts (for instance, reviews, photographs, videos, posts).

5. In What Circumstances do we Need to Collect Your Sensitive Information?

We will ask you to provide information that is deemed sensitive, and additionally may indirectly collect such data. This is most likely to include information of a sensitive nature you may give us in connection with your application, although we do not request such information. This may include information about your health, for example if you require any assistance with your application, and information such as religion or race which you may have provided to us in your application.

We seek to limit any sensitive personal data that we collect and, unless we have other specific lawful reasons to use this information, we will ask for your consent to collect it.

6. How we use Your Information

For what purposes do we use your information?

We'll use your information for a variety of different purposes, some of which will depend on what you engage us for. This includes:

  • To process your grant application. We will use your information to process your application for a grant (on the basis of our legitimate interests to assess your application).
  • To pay grant money to you. We will transfer grant money to you when your grant application has been successful, if applicable (on the basis of performing our contract with you).
  • To provide the public with information about the project for which you have received a grant. If you receive a grant from us, we will use your information to set out the details of your conservation project on your project page of our site to allow interested parties to contact you directly about your project (on the basis of performing our contract with you).
  • To evaluate your project. We will use your information to evaluate the final project (on the basis of our legitimate interests to evaluate the project for which we have provided a grant).
  • To assist you in organising a conference. We will use your information when you have contacted us to organise a conference (on the basis of legitimate interests to assist you in organising the conference).
  • To invite you to a conference. We provide your information to third parties so that they can invite you to conferences that they are organising (on the basis of your consent).
  • To send you communications and updates on your grant application. We will use your information to send you any communications relevant to your application (on the basis of our legitimate interests to keep you informed of your application status).
  • To communicate with you about the event you are organising or are interested in organising. We will use your information to answer any enquiries you or your organisation may have made to us such as requesting information about conferences (on the basis of our legitimate interests to communicate with you about such events).
  • To process your job applications. We will use your information to process any job applications that you submit to us (on the basis of our legitimate interest to recruit new employees or contractors).
  • To register your account. When you sign up to use our website, we will use the details provided on your application form (on the basis of performing our contract with you).
  • To provide access to our website. We will use your information to provide you with access to our website in a manner convenient and optimal including sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner).
  • To respond to posts and interactions on our social media accounts. We will use your information to respond to interactions with us on our social media accounts, like Facebook, Instagram and Twitter (on the basis of our legitimate interest to respond to communications directed at us).
  • Relationship Management. We will use your informationto manage our relationship with you, which will including notifying you about changes to our terms of use or privacy policy, and asking you to leave a review or take a survey (on the basis of performing our contract with you, to comply with our legal obligations and on the basis of our legitimate interests to keep our records updated and study how our website and services are used).
  • For fraud prevention purposes. We will use your information to verify your identity for fraud prevention purposes (on the basis of our legitimate interests to ensure that our grants are lawfully acquired).
  • To comply with our legal obligations. In certain circumstances, we will need to use your information to comply with our legal obligations, for example to comply with any court orders or subpoenas, enforce our legal rights and or to protect the rights, property or safety of our workers (on the basis of our legitimate interests to operate a safe and lawful organisation or where we have a legal obligation to do so).
  • Analytics. We use data analytics to improve our website, services, marketing and experiences (on the basis of our legitimate interests in defining types of users for our website and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).

On what grounds will we process your information?

We will use your information for the purposes listed above, either:

  • When it is necessary for the performance of a contract;
  • To comply with a legal obligation we have;
  • For our legitimate interests (we explain what we mean by this below);
  • With your consent; and
  • For establishing, exercising or defending legal claims.

What do we mean by "legitimate interests"?

As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties, but this is provided your interests and fundamental rights do not override those interests. By "legitimate interests" we mean our interests in conducting and managing our charitable activities and to ensure that we are guaranteeing the best service and experience for you. This involves:

  • Ensuring that our systems and sites are secure;
  • Determining the effectiveness of our site / tools / services and improving the security and optimisation of our network, sites and services;
  • Communicating with you about your grant application or event you are interested in organising;
  • Personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;
  • Detecting, monitoring and preventing fraud or other unlawful acts, and operating a lawful charity; and/or

Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don't automatically override yours, and we won't use your information if we believe your interests should override ours unless we have other grounds to do so (such as when we have your consent, or we have a legal obligation to use your information in that way). If you have any concerns about our processing please refer to details of "YOUR RIGHTS" section below.

As we outline in "YOUR RIGHTS" section below, from 25 May 2018 you will have the right to object to our using your information for our legitimate interests. However, please keep in mind that your objection to this sort of processing may affect our ability to carry out the tasks that we have set out above.

7. Who do we Share Your Information With?

In connection with the purposes and on the lawful grounds described above, where relevant, we share your personal information with the following third parties:

  • The general public on your project page on our site. To provide information about the project for which you have received a grant and to provide you with a platform to showcase your work to the general public, who may be based both inside and outside the EEA.
  • Social media organisations. To post details of projects (including new projects, project updates and reports) our social media accounts (including Facebook, Instagram and Twitter) to promote projects and provide additional exposure for your work. The social media organisations we share your personal information with are based in Ireland.
  • Third party conservation experts. To provide us with an external assessment of your grant application. The third party conservation experts we share your personal data with are based in the EU.
  • Third party non-governmental organisations. For identity verification, fraud prevention and detection services based in the EU.
  • Other third party suppliers that we work with** in connection with our business.** We share your information with third party suppliers that provide us with services in connection with our business and the provision of our services to you. This includes for example: IT developers, service providers and hosting providers, third parties that process our grants, and banks, based in the United Kingdom and the USA.
  • Courts or advisors. We share your information with other international third parties (including legal service providers, accountants, auditors, insurers and other professional advisors, tax authorities (including HM Revenue & Customs), regulatory authorities, courts and government agencies where necessary to enable us to enforce our legal rights or where such disclosure may be permitted or required by law.
  • Third parties which are successors of the charity. Your information may be disclosed to any successors of our charity, in the event of a re-organisation, merger or sale, for them to use for the purposes as set out in this Privacy Policy.

Where we do share your information with third parties, we will require them to maintain appropriate security to protect your information from unauthorised access or processing, unless we have no ability to do so (for example, where we are sharing information with government agencies).

8. Marketing

When you'll hear from third parties

We will share your contact details with third party event organisers to invite you to events that we think might be of interest / relevant to you if you have indicated that you are happy for us to do so.

If you no longer want to hear from such third parties, you should contact them directly.

9. Our Site and Cookies

What we collect when you interact with our sites

As you may already know, most sites collect certain information automatically in log files about the way in which you interact with them. This might include your IP address, geographical location, device information (such as your hardware model, mobile network information, unique device identifiers) browser type, referral source, length of visit to the site, number of page views, the search queries you make, and similar information.

This information will be collected by us or by a third party site analytics service provider and will be collected using cookies.

As we've described above, we use this information to help improve our functionality and services, run diagnostics, analyse trends, track visitor movements, gather broad demographic information and personalise our services.

What do we mean by "cookies"?

Cookies are small amounts of information in the form of text files that we store on the device you use to access our site. Cookies allow us to monitor your use of our services and improve them. For example, a temporary cookie is also used to keep track of your "session". Without that temporary cookie you will not be able to use some services via our site.

We also use cookies for site analytics purposes. We use this information to try to improve the relevance and tone of our future communications to ensure we're serving you as best as we can.

If you don't want cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings, please consult the "Help" section of your internet browser or visit http://www.aboutcookies.org. Please note that if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the site.

For details of all of the cookies that we use and the purposes we use them for, please visit https://www.rufford.org/cookies.

Our website also contains content and links to other sites that are operated by third parties that may also operate cookies. We don't control these third party sites or cookies and this Privacy Notice does not apply to them. Please consult the terms and conditions and Privacy Notice of the relevant third party site to find out how that site collects and uses your information and to establish whether and for what purpose they use cookies.

10. Your Rights

Overview of your rights

You have certain rights in respect of the personal information that we hold about you, including:

  • The right to be informed of the ways in which we use your information, as we seek to do in this Privacy Policy;
  • The right to ask us not to process your information for marketing purposes;
  • The right to request access to the information that we hold about you;
  • The right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
  • In certain circumstances, the right to ask us to stop using information about you; and
  • The right to lodge a complaint about us to the UK Information Commissioner's Office ( https://ico.org.uk/).

Please note that we reserve the right to retain certain information for our own record-keeping and to defend ourselves against any claims.

We also need to send you service-related communications, e.g. updates relating to your website user account, changes to our terms and conditions and privacy notice. These are important updates (and are not marketing communications), so you will receive these communications even where you have requested not to receive marketing from us.

Some upcoming new rights…

From 25 May 2018, you will have certain additional rights in respect of the information that we hold about you, including:

  • In addition to your right to lodge a complaint about us to the UK Information Commissioner's Office ( https://ico.org.uk/), you will also be able to lodge a complaint with the relevant authority in your country of work or residence ;

  • The right to withdraw consent that you have provided to us to use your personal information (refer to the 'HOW WE USE YOUR INFORMATION' and 'MARKETING' sections of this Privacy Notice to see when we are relying on your consent);

  • The right to object to our using your information on the basis of our legitimate interests (see paragraph 6 above to see when we are relying on our legitimate interests) (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground; and

  • The right to receive a copy of any information we hold about you (or request that we transfer this information to another service provider) in a structured, commonly-used, machine-readable format, in certain circumstances; and

  • The right to ask us to limit or cease processing or erase information we hold about you in certain circumstances.

How to exercise your rights

  • Contacting us. You can exercise your rights by contacting us using the details in the "ABOUT US" section above, or in the case of preventing processing for marketing activities also by checking certain boxes on forms that we use to collect your data to tell us that you don't want to be involved in marketing.
  • We will comply with your requests unless we have a lawful reason not to do so.

What we need from you to process your requests

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

From 25 May 2018, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Keeping us informed

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by updating your account information or contacting us via the contact details below.

11. Where is Your Information?

Our service providers and suppliers

Our organisation is based in the United Kingdom. However, in certain circumstances information that we collect about you will be transferred to and held by us in countries outside of the EEA where we work with suppliers and service providers that are either based outside of the EEA or have servers based outside of the EEA.

We use providers based in the US and transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us using the contact details at the top of this Privacy Notice if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

12. How we Look After Your Information

Our security measures

We strive to constantly keep our security practices under review to make sure that we're keeping your information as safe as possible. We use a variety of appropriate technical and operational security measures to protect your information against unauthorised access or unlawful use. For example we:

  • Ensure the physical security of our offices;
  • Ensure the physical and digital security of our equipment, devices and systems by mandating appropriate password protection, encryption and access restrictions;
  • Ensure appropriate access controls so that access to your information is only granted to those of our people that need to use it in the course of their work; and
  • Maintain internal policies to make sure our people also understand their responsibilities in looking after your information and commit to taking appropriate measures to enforce these responsibilities.

How you can help ensure the security of your information

You can also play a part in helping to keep your information safe. Here are a few useful starting points:

  • Choose a strong password and change regularly;
  • Use different passwords for different online accounts;
  • Make sure you log out of the website each time you have finished using it. This is particularly important when using a shared computer;
  • Let us know if you know or suspect that your account has been compromised, or if someone has accessed your account without your permission;
  • Keep your password confidential, and avoid sharing with anyone else or using your password for multiple accounts;
  • Keep your devices protected by ensuring that you're using the latest version of your operating system and have suitable anti-virus software, if applicable; and
  • Be alert to any fraudulent emails that may appear to be from us, but aren't. Any emails that we send will come from [staff member name]@rufford.org, or apply@ruffordsmallgrants.org.

13. How Long we Keep Your Information For

We keep your information for as long as is reasonably necessary to enable us to process your grant application, to comply with any legal obligations that require us to keep information, or for as long as we reasonably require for our legitimate interests, including for example for the purposes of exercising our legal rights or defending ourselves against claims. We operate a data retention policy and look to find ways to reduce the amount of information we hold and the length of time that we need to keep it. For example:

  • We try to adopt a paperless approach wherever possible and securely destroy any paper correspondence we receive on a regular basis unless we are required to retain it for evidential or legal purposes;
  • We retain grant applications until a funding decision has been made;
  • We retain successful applications for up to 7 years from the date the grant is dispersed;
  • We retain any unsuccessful CVs or job applications that we receive for a period of up to 1 year in case we think you might be suited to another opportunity that becomes available in the near future; and
  • We retain the basic information that you provide in your grant application for a period of 5 years.

14. Complaints

If you have any comments, questions or concerns about the contents of this Privacy Policy or the way in which we use your information, we encourage you to contact us using the details in the "ABOUT US" section above to see if we can help resolve the issue in the first instance.

However, if you'd still like to make a formal complaint or have concerns regarding the ways in which we use your information, you can contact the Information Commissioner's Office (also known as the " ICO"). The ICO is an independent authority and the UK's supervisory authority for information rights.

You can register your concerns on the ICO site by clicking here https://ico.org.uk/concerns/handling/

15. Sharing Data Directly With Third Parties

You might end up providing personal information directly to third parties as a consequence of your interactions with our website. For example, your name and other personal information will be shared with other website users when you correspond with them using the contact details provided on a project, or you may attend an event hosted by us where you communicate personal information directly with other attendees. We are not responsible for how such third parties use personal data provided by you.

Please be responsible with personal information of others when using our website and the services available on it. We are not responsible for your misuse of personal information, or for the direct relationship between you and others when takes place outside of the website or our services.

The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

LAST UPDATED: 29 May 2018