Introduction

The Illum Davis Charitable Foundation (the “Foundation”) treats your privacy rights seriously. To comply with enhanced data protection requirements under the General Data Protection Regulation (“GDPR”), which became effective 25 May 2018, this Privacy Policy sets out how the Foundation will deal with your personal data i.e., information that identifies and relates to you.

What information the Foundation collects

The Foundation only collects the minimum amount of personal information about you that befits the prevailing circumstance. Normally this will comprise:

• Name
• Telephone number
• Email address

This information is used to keep you updated on events and activities.

On occasions, but only with your prior permission and with an undertaking of confidentiality from the Foundation that such data will only be used for the purpose intended, the Foundation will collect other personal details to support the Foundation’s fundraising activities. Such information will include date of birth, medical conditions, passport details, etc.

Disclosing and sharing data

The Foundation does not share personal information externally other than for the purpose intended.

How the Foundation collects information

The Foundation only collects information that has been made available to it on a voluntary basis either verbally, in writing or via the Foundation’s website.

Keeping your information safe

The Foundation ensures your information is secure and looked after in accordance with best practice. Unless authorised by you, your personal data will be retained for a maximum period of 2 years on a password protected computer.

After 2 years, because of the possible requirement to refer to it for legal reasons or otherwise, your personal data will be transferred to a USB memory stick and locked in a secure safe at the Foundation’s Registered Address.

Cancelling consent

If you decide you no longer want the Foundation to contact you or hold any level of personal data, please email paul.oneill@nsmtrust.com and your data will be completely deleted from the Foundation’s records.

This Privacy Policy is available on the Foundation’s website www.illumdavisfoundation.org.However, the Foundation may change this Privacy Policy from time to time. Any significant changes in the way your personal information is handled will be made clear on the Foundation’s website or by contacting you directly.

This policy is written in accordance with the General Data Protection Regulation (EU) 2016/679, commonly referred to as GDPR. If you have any questions, comments or suggestions, please contact paul.oneill@nsmtrust.com.

Data Protection Principles

Introduction

This document has been produced following the introduction, with effect from 25 May 2018, of enhanced data protection regulations throughout the European Union as specified within the General Data Protection Regulation, commonly referred to as GDPR. It sets out the general principles of data protection and how the Illum Davis Charitable Foundation (the “Foundation“) applies them.

Policy Statement

The Foundation is committed to providing you with a secure, safe and user-friendly experience whether your dealings with the Foundation are as a beneficiary of the Foundation’s grant distribution programme, fundraiser, supplier, the media or in any other capacity whatsoever.

Who We Are

The Illum Davis Charitable Foundation registered in Guernsey, Charity No: CH1021.

Council Members (as at 01/05/2023):

NSM Limited
Lisbeth Illum
Stanley Davis
Morten Illum
Russell Davis

Contact Details:

Email: enquiries@nsmtrust.com
Telephone: 01481 239095

By post to registered address below

Registered Address:

Les Echelons Court
Les Echelons
St Peter Port
Guernsey
GY1 1AR

Why Information is Collected

Personal data is maintained for contact with:

• Organisations who benefit from our grant-giving programme
• Fundraisers
• The Media
• Individuals in the normal course of our business

The Foundation does not collect data, either through our website or by other means, for the purposes of selling.  The information collected through our website is via an enquiry form which sends an email to info@illumdavisfoundation.com.

Data Protection Policy

As with all organisations in the Bailiwick of Guernsey, and indeed elsewhere, which hold personal data on individuals it is necessary for the Foundation to adhere to the relevant rules and legislation in force from time to time to ensure suitable protection is provided to individuals.  These individuals are generally known as Data Subjects, in respect of sensitive and confidential personal data held by the Foundation for legitimate reasons.

This document sets out the general principles of the Data Protection Law, and their relevance in the context of the Foundation and the procedures under which the Foundation and its Foundationees will handle and collate personal data when required to do so.

The Foundation has nominated NSM Limited as the Foundationee responsible for this Policy, with oversight of the operation of the data handling procedures as outlined hereunder.

It should be noted that any breaches arising under these procedures at any time, whether by mistake, advertent or inadvertent must be immediately reported to NSM Limited to consider any corrective action required and onward reporting if appropriate.

Responsible Council Member: NSM Limited
Telephone: 01481 755860
Email: enquiries@nsmtrust.com

Please take note that a separate document sets out in concise terms the Foundation’s Privacy Policy, which is available on request and on our website www.illumdavisfoundation.org.

This Data Protection Policy has been agreed by all Council Members of the Foundation and is effective from 14^th September 2022.

Data Protection Principles

The over-riding principles of Data Protection in simple terms equate to:

1. Keep data secure;
2. Only hold personal data for a specific purpose and use it only for that purpose;
3. Ensure the data subjects are aware of what the personal data is being used for, and allow them free access on request;
4. Permit access on a need-to-know basis;
5. Keep the data up to date and accurate; and
6. Maintain the data as long as only necessary and then destroy the data (unless there are over-riding reasons that apply).

The following information contains the Personal data that is held at any time:

1. Name
2. Email address
3. Telephone no

In certain circumstances, where more details personal data is required for legal, medical, travel or insurance purposes, some or all of the following information will be held by the Foundation:

1. Date of birth
2. Passport details
3. Allergies
4. Medical conditions

All such personal data is subject to correct handling by the Foundation.  Always and in general terms, the following principles will be remembered and complied with:

1. Data Processing – must be lawful, transparent and fair;
2. Purpose – data must only be held for the required purpose and cannot be used for any other purpose;
3. Accuracy – data should be kept up to date as is possible and either rectified or deleted when no longer required or appropriate;
4. Data Security – data is to be held with access on a need-to-know basis only in a securely protected environment;
5. Data Minimisation – the minimum amount of personal information should be held for the specific purpose required and must be relevant to that specific purpose;
6. Data Retention – data should be retained no longer than is necessary;
7. Data Breaches – in the event of a breach of data security, this will be reported to NSM Limited who will determine the action that needs to be taken, which may involve change of data handling procedures, training and if deemed appropriate, a report to the Data Protection Commissioner; and
8. Accountability – the Responsible Foundationee must demonstrate adherence to rules at all times, if required to do so.

Data Handling Arrangements

Unless authorised in advance personal data is not shared outside the Foundation.

Data Subject Requests

Under the Data Protection law each Data Subject is entitled to request copies of their personal data held by the Foundation.

The Foundation is obliged to provide copies of the relevant data within one monte of the request being received.

Data Subject leaving the Foundation

An over-riding principle of the Data Protection Law is for Data Controllers to hold individual data for the specified purpose only and for only as long as required to meet the requirements of the Foundation. The data subject may request that their data is destroyed.

Data Breaches

Certain types of data breach must be reported to the Data Protection authorities in Guernsey (the Data Protection Commissioner) but is only required in cases where the breach could result in damage to reputation, loss of confidentiality discrimination or social disadvantage. The responsible officer will make the determination on a case-by-case basis.

The Data Protection Commissioner will also handle any complaints raised by a Data Subject on the handling by the Data Controller of any personal data held on that individual.

Data Processor

The Foundation does not currently use or have a requirement for a separate Data Processor to process the personal data held on individuals.

Information Provided to Data Subjects

Data Protection Law requires certain information to be given to Data Subjects so that those Data Subjects are kept properly informed on relevant matters.  The salient point to remember is that the Data Subjects have rights of access to and security of their personal data, and can request access to their data, make formal complaints about the handling of their data and when no longer required, have the right for their data to be deleted (the Right to be Forgotten).

Foundation Responsibility

The Foundation acknowledges the incumbent responsibilities in connection with the processing and holding of personal data as required under Data Protection Law.

This Policy will be reviewed on a regular basis and amended in light of changes in Data Protection Law or general practice.

NSM Limited
Council Member
01/05/2023