Skip to Main Content

Data Privacy Policy

We're committed to safeguarding your personal data.

This policy sets out how we will treat your personal information in compliance with General Data Protection Regulation (GDPR) which came into law on May 25th 2018.

Data protection can be confusing so we’ve tried to avoid too much ‘legal-ese’.

For enquiries on data protection please contact Genevieve Maitland Hudson (Director of Learning & Influence).

Key Pledges

  • We collect and use your personal data to improve your experience and the experience of charities and social enterprises we support.
  • Trust is important to us and we’re dedicated to protecting your personal data to the best of our ability.
  • We want to be as transparent as possible with how we use your data. This means no surprises.
  • We want to communicate with you in the right way based on the information we have. This means sending relevant messages. No spam.
  • We only keep things as long as we need to. We don’t hold your data indefinitely.

 

1. How we manage your data

2. What kind of data we collect and why

3. Your rights as a data subject

4. How we protect your data

5. On what grounds we use your data

6. How long we hold your data

7. Sharing your data

8. Marketing and website ‘cookies’

9. Profiling 

10. Changes to our data privacy policy

 

1. How we manage your data

Social Investment Business is a data controller registered with the ICO. We decide how and why our data is used (as a controller) while also working with the data to achieve a purpose (as a processor).

Back to top

2. What kind of data we collect and why

We may process certain types of personal data about you as follows:

  • Identity data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.
  • Contact data may include your address, email address and telephone numbers.
  • Financial data may include your bank account and payment card details.
  • Transaction data may include details about payments between us.
  • Technical data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
  • Profile data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses.
  • Usage data may include information about how you use our website, products and services.
  • Marketing and communications data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.

We use your data for the primary goal of delivering our service to support charities and social enterprises. Like many organisations, processing data is critical for the day-to-day operations of our business; from marketing to fund management.

Personal data of job applicants will be shared for the purposes of the recruitment exercise. This includes our HR team, interviewers (who may include other partners in the project and independent advisors), relevant team managers and our IT service provider if access to the data is necessary for performance of their roles. We do not share your data with other third parties, unless your application  for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you. We do not transfer your data with former employers to obtain references for you. We do not transfer your data outside the European Economic Area.

We may also process sensitive personal data, for example, health records of staff or criminal records for recovery funds. We require your explicit consent for processing sensitive data, so when you submit your details, we will ask for your explicit agreement in providing this information to us.

We process personal information about:

  • employees
  • job applicants
  • customers and clients
  • suppliers
  • complainants, enquirers
  • professional advisers and consultants

Back to top

3. Your rights as a data subject

If we hold your personal data you have rights outlined by General Data Protection Regulation and the Data Protection Act 1998/2018.

  • You have the right to be informed about the collection and use of your personal data when it is obtained.
  • You have the right to be forgotten i.e. for us to no longer store your information. However, there are instances such as statutory/contractual agreements which mean we may have to keep hold of some details.
  • You have the right to ask for a subject access request (SAR). This means you can ask us for all the information we hold on you and we are obliged to provide this to you in a portable format by one month (30 days). Please note that requests deemed as ‘excessive’ can be denied or charged for. To request a SAR please contact us.
  • You have the right to complain to the ICO if you believe your personal data is compromised in any way.

Back to top

4. How we protect your data

We have various security measures in place to protect all personal data we hold.

Internally, we maintain strict staff permission sets and a control group policy which limits data access to the relevent staff. We also educate staff on data protection through practical workshops and training at the start and throughout their employment with us.

To protect ourselves from external threats, we maintain active cyber security management (e.g. SSL encryption) and have a robust emergency response plan in place in the event of a data breach.

As part of our ongoing contractual agreements with third-party processors, we adhere to strict rules and guideline policies.

Back to top

5. On what grounds we use your data

There are several rules that guide how we use your data.

Basis Examples of how we do this
Consent If you apply for a fund we will ask you to confirm that you are happy for us to inform you about future funds.
Contract If you receive funding from us it will be necessary for us to maintain certain details for administrative purposes.
Legal obligation If you enter into a legally-binding financial agreement with us certain personal information will need to be kept.
Legitimate interest Our legitimate interest is to provide support to organisations through finance and related services. We need to prove that this is balanced with your rights as a data subject.

Back to top

6. How long we hold your data for

We have varied retention periods for each type of data we process but will always try to limit the length of time we hold your data.

Reason for retaining Example Retention period
Statutory Information on staff Data on ex-employees must be kept for six years (from the end of employment).
Contractual Applications for funding Length of time specified in contract.
Administrative Email enquiries to helpline No longer than necessary for the purposes we obtained it for.

If you would like more detail on how long specific type of data is kept please get in touch.

Back to top

7. Sharing your data

We may disclose information about you to any of our employees, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy.

We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.

Occasionally, Social Investment Business will act as a ‘joint controller’. This means we will share information between us and a partner organisation – for example, on a collaborative fund where another controller is providing business support. We don’t share your information without your consent.

Third party organisations which we use for data processing are chosen on the grounds of their adherence to a Privacy Shield Agreement (US-EU, Swiss Shield).

We may provide third parties with aggregated but anonymised information and analytics about our customers and, before we do so, we will make sure that it does not identify you.

Back to top

8. Marketing and website ‘cookies’

We want to promote our new fund launches, resources and news with you. We do this in the following ways:

  • Emailing website visitors that consent to our email marketing.
  • Emailing organisations that have applied to our fund programmes who we might assume may be interested in hearing about similar funds.
  • Promoting our funds to our ‘followers’ across social media platforms.

You can unsubscribe from our fund updates from this at any time or tailor what you would prefer to receive via our email preference centre.

We use cookies to track the use of our website. We do this in order to monitor and improve the user experience through Google Analytics.

A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies.  For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.  Blocking all cookies will, however, have a negative impact upon the usability of many websites.

Back to top

9. Profiling

We operate a limited form of profiling in the interests of providing relevant targeted marketing communications to our stakeholders. For example, news subscribers who have willingly given us the information that they work in the physical health or sports space may receive an alert about a sports fund launch.

We do not currently have any automated or AI-based decision-making in place.

Back to top

10. Changes to our data privacy notice

We may change this page from time to time, to reflect how we are processing your data.

If we make significant changes, we will make that clear on our website or contact you so that you are able to review the changes before you continue to let us use your data.

Back to top

Contact us

For enquiries on data protection please contact Genevieve Maitland Hudson (Director of Learning & Influence) below.

Data Privacy Policy

Who we are

Suggested text: Our website address is: http://www.sibgroup.org.uk.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Suggested text: Visitor comments may be checked through an automated spam detection service.