The following principles are complied with when processing personal data:
- Data is processed fairly and lawfully
- Data is processed only for specified and lawful purposes
- Processed data is adequate, relevant and not excessive
- Processed data is accurate and, where necessary, kept up to date
- Data is not kept longer than necessary
- Data is processed in accordance with an individual’s consent and rights
- Data is kept secure
- Data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection
Lawful Basis of Processing Data
The lawful basis of processing of data will always be determined prior to any data being processed. The applicable laws for processing personal data under the GDPR are as follows:
- Consent – the individual has given their Consent to the processing of their personal data
- Contractual – processing of personal data is necessary for the performance of a contract to which the individual is a party with Montpelier Foundation
- Legal Obligation – processing of personal data is necessary for compliance with a legal or regulatory obligation to which Montpelier Foundation is subject
- Legitimate Interests – processing of personal data is necessary under the Legitimate Interests of Montpelier Foundation or a Third Party, unless these interests are overridden by the individual’s interest or fundamental rights
- Public Task – processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
- Vital Interests – processing of personal data is necessary to protect the vital interests of the individual or another individual
Montpelier Foundation processes personal data under one, or more, of the following Lawful Bases:
- Legal Obligation
- Legitimate Interest
Type of Personal Data Being Processed
Montpelier Foundation collects and uses limited personal data about individuals save for its employees. Where it does use such personal data, this will normally be incidental to a professional relationship with a current or prospective customer seeking grants or investments, supplier, or where we work with nominated contacts at such organisations who hold relevant positions, such as a programme manager, contract manager, or other key decision-makers in respect of our professional relationship. In this case, we will use work based on contact information about you to liaise and keep in touch with you, as a representative of our employer or organisation in relation to our professional relationship with them.
The type of personal data being processed will typically include:
- Email Address
- Job Title
- Telephone Number
- Business Name
Montpelier Foundation may obtain personal data about you otherwise where:
- you are a director, shareholder, or key person at an organisation Montpelier Foundation is considering funding or investing in;
- you are applying for a job through Montpelier Foundation;
- you make a request or enquiry to us.
We will sometimes obtain personal data from other sources, such as from other third parties or publicly available online sources or official records, where the data is relevant to our hiring or funding decisions for grants or investments.
How Personal Data is Collected
Personal data is obtained from one or more of the following:
- Parties entering into agreements with Montpelier Foundation or the Hampshire Foundation Inc, our sister foundation based in the US
- Parties approaching Montpelier Foundation to enquire about potentially receiving grants or investment from Montpelier Foundation or the Hampshire Foundation
- Requests for information about products and services offered by Montpelier Foundation
- Employment enquiries either at Montpelier Foundation itself or any of its affiliated organisations including portfolio organisations
Why Personal Data is Collected
Personal data is collected to provide legitimate business services which include:
- Meeting our legal obligations (including any contractual obligations and performance under grant and investment agreements);
- Fulfilling our legitimate interests in administering grants and investments and the Montpelier Foundation correctly and effectively, in particular for fraud detection and prevention;
- Using the information in relation to a legal claim.
There may be circumstances where we need consent to process your data. If we do, we will ask you for it. In those cases where processing is based on consent and subject to applicable local law which provides otherwise, you have the right to withdraw your consent at any time. Where you choose not to provide us with information set out above for the purposes related to the assessing a grant or investment or with regard to the performance of our grant or investment agreements, this may prevent your ability to be eligible for a grant or investment from Montpelier Foundation.
How Personal Data is Used
Personal data may be used to:
- Process requests for further information, to maintain records and to provide ongoing service levels to stakeholders;
- Carry out our obligations arising from any contracts entered into by you and us;
- Comply with legal requirements including anti-money laundering checks;
- We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use our site and issuing our emails for us;
- Notify you of changes to our services;
- Send you communications which you have requested or that may be of interest to you. These may include information about referrals, introductions, Montpelier Foundation updates, or events;
- Process a job application.
Where Personal Data is Stored
How Long Personal Data is Stored
We review our retention periods for personal data periodically. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold personal data on our systems for the period of your relationship with us, and then, after that period ends, for as long as is necessary in connection with both our and your legal rights and obligations, or as long as is set out in any relevant contract you hold with us. This may mean that we keep some types of personal data for longer than others, but we will only retain your personal data for a limited period of time. This period will depend on a number of factors, including:
- any laws or regulations that we are required to follow;
- whether we are in a legal or other type of dispute with each other or any third party;
- the type of information that we hold about you; and
- whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
Who Has Access to Personal Data
- Employees and board members of Montpelier Foundation;
- Board members of the Hampshire Foundation;
- Authorised third party agents, service providers, and/or subcontractors of Montpelier Foundation;
- Competent public authorities, government, regulatory, or fiscal agencies where it is necessary to comply with a legal or regulatory obligation to which Montpelier Foundation is subject to or as permitted by applicable local law.
Staff are trained on security systems and relevant processes and procedures which are reviewed regularly for ongoing effectiveness and suitability for purpose. All employees are kept up-to-date on the Montpelier Foundation security and privacy practices. Employees are notified and reminded about the importance we place on privacy, and what they can do to ensure that customer information is protected.
Non-sensitive details (your email address and other requested information) are transmitted normally over the Internet and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
We will not sell or rent your information to third parties.
Third-Party Service Providers working on our behalf:
From time to time, we may ask third parties to carry out certain business functions for us, such as helping to organise events or supporting our due diligence process. We will disclose your personal data to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service, and we will enter into a contract that requires them to keep your information secure. Examples of these third party service providers include IT support, back up, and server hosting providers.
We may also share your personal data with other third parties, as directed by you.
Different rules apply depending on the type of Lawful Processing being undertaken. Many of the following individuals’ rights apply, however, whatever the basis of processing:
- The right to be informed how personal data is processed
- The right of access to your personal data
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
The accuracy of personal data is imperative. We aim to keep it updated at all times. The personal data we hold on you is available upon request by contacting firstname.lastname@example.org or calling us on +44 (0) 207 591 2191. You can request that your data is updated and/or deleted at any time, unless Montpelier Foundation can justify that it is retained for legitimate business or legal purpose. When updating your personal data, you may be asked to verify your identity before your request can be actioned.
Like many websites, our website uses “cookies”. A cookie is a piece of data stored on a user’s device containing information about the user’s visit to a website (including this website).
Our website uses Google Analytics cookies which collect information in an anonymous form, including the number of visitors to the site, the IP address of the visitor, time zone, where visitors have come to the site from and the pages they visited. As with many websites, we use this information to compile statistic reports of our users’ browsing patterns so that we can improve our website and enhance user experience of it.
You can change your user settings in your browser to prevent us storing cookies on your device. You can find out how to do this, and find more information on cookies, at: www.allaboutcookies.org. Your browser’s help function should also provide information on how to change your cookie settings. Please note that if you adjust your internet browser settings to refuse the setting of cookies, you may be unable to access or fully use certain parts or functionality of the website.
For your convenience, we’ve provided links to the cookie management page for the most popular browsers:
By continuing to use this website, you consent to us storing and accessing the above cookies on your browser or device.
We may revise this policy at any time. We suggest you review the policy periodically for changes.
4 July 2018