Last updated: 15 April 2019
1.1 We, The Gen Foundation (with the 'Foundation', 'we', 'our' or 'us' being interpreted accordingly) are committed to protecting your privacy and personal information. Personal information relating to you from which you can be identified that we collect or which you provide is called personal data ('Personal Data').
3. What Personal Data do we collect and use?
3.1 The Personal Data about you that we collect and use includes the following:
(a) your name, address, phone and other contact details;
(b) nationality and an identifying passport photo; and
(c) references and academic opinions.
as well as any other Personal Data that you may provide to us from time to time.
4. How your Personal Data is collected
4.1 We collect Personal Data about you in various ways as follows:
(a) from that provided in your application form to us for a grant; and
(b) through your relationship and any other communications you have with us from time to time.
5. Information about third parties
5.1 Please ensure that any Personal Data you supply to us which relates to third party individuals is provided to us with their knowledge of our proposed use of their Personal Data.
6. What we use your Personal Data for
Other than as stated above, we may use your Personal Data for one or more of the following purposes:
(a) reviewing and determining your eligibility for a grant;
(b) monitoring the use of any grant awarded;
(c) maintaining your relationship with the Foundation in the future;
(d) the publishing details of grant recipients in connection with a booklet commemorating the Foundation's achievements;
(e) to enforce and/or defend any of our legal claims or rights; and/or
(f) for any other purpose required by applicable law, regulation, the order of any court or regulatory authority.
7. The lawful grounds on which we collect and process your Personal Data
7.1 We process your Personal Data for the above purposes relying on one or more of the following lawful grounds:
(a) In particular cases where you have freely provided your specific, informed and unambiguous consent for a particular purpose;
(c) where we need to comply with a legal obligation or for the purpose of us being able to establish, exercise or defend legal claims.
8. Our Legal Obligations regarding your data
8.1 We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) ('GDPR') and the UK Data Protection Act 2018 ('DPA') together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, 'Data Protection Law').
9. Disclosing your Personal Data to third parties
9.1 We will usually treat your Personal Data as private and will not disclose your Personal Data to third parties without you knowing about it. The exceptions are:
(a) in relation to legal proceedings or where we are legally required to do so and cannot tell you;
(b) where we use third party data processors who are engaged under contract to handle data on our behalf (for example an IT supplier or database hosting provider). In relation to these data processors, we will make sure that they act only in accordance with our instructions and that adequate safeguards are put in place by them to protect your Personal Data; and
(c) as required from time to time by our regulators, such as the Charity Commission.
9.2 In all cases we always aim to ensure that your Personal Data is only used by third parties for lawful purposes and in compliance applicable Data Protection Law.
10. International Transfers
10.1 We may transfer your Personal Data to Japan which is a territory outside the European Union whose laws are currently not considered to meet the same legal standards of protection for Personal Data as set out under the GDPR. However, in order to safeguard your Personal Data, we only conduct such a transfer under a contract or another appropriate mechanism which is authorised under Data Protection Law. This is to make sure that your Personal Data is safeguarded in accordance with the same or similar legal standards to protect your data in the United Kingdom.
11. How long we retain your Personal Data for
11.1 We only retain Personal Data identifying you for as long as you have a relationship with us; or as necessary to perform our obligations to you (or to enforce or defend contract claims); or as is required by applicable law.
11.2 We have a data retention policy for the different periods we retain data for in respect of relevant purposes in accordance with our duties under Data Protection Law. The criteria we use for determining these retention periods is based on various legislative requirements (such as having to retain tax records); the purpose for which we hold data; and guidance issued by relevant regulatory authorities including but not limited to the UK Information Commissioner's Office (ICO).
11.3 Personal Data we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it.
12. Security that we use to protect Personal Data
12.1 We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
12.2 We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data sent to us (including Personal Data).
13. Your personal data rights
13.1 In accordance with your legal rights under applicable law, you have a 'subject access request' right under which can request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to as well as certain other information. Usually we will have a month to respond to such as subject access request. We reserve the right to verify your identity if you make such a subject access request and we may, in case of complex requests, require a further two months to respond. We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests for access. We may also require further information to locate the specific information you seek before we can respond in full and apply certain legal exemptions when responding to your request.
13.2 Under Data Protection Law you also have the following rights, which are exercisable by making a request to us in writing:
(a) that we correct Personal Data that we hold about you which is inaccurate or incomplete;
(b) that we erase your Personal Data without undue delay if we no longer need to hold or process it;
(c) to object to any automated processing (if applicable) that we carry out in relation to your Personal Data, for example if we conduct any automated credit scoring;
(d) to object to our use of your Personal Data for direct marketing;
(e) to object and/or to restrict the use of your Personal Data for purpose other than those set out above unless we have a legitimate reason for continuing to use it; or
(f) that we transfer Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform contact with you and is being carries out by automated means.
13.3 In dealing with these requests we may consult with our third party data hosting provider who is involved in the processing of your Personal Data on our behalf.
13.4 If you would like to exercise any of the rights set out above, please contact us at the address below.
13.5 If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner's Office (ICO) – see https://ico.org.uk/.
Soo Ryun Song Farr
The Gen Foundation
Telephone: 020 7495 5564