Privacy notice for Sustainable Development Fund (SDF) grant applicants

Posted On : 21/08/2020

The privacy notice below describes how we will treat the personal information you provide to us during the Sustainable Development Grant application process and throughout the life of the grant and all other information you provide during the application process.

Who are we?

The Pembrokeshire Coast National Park Authority’s (PCNPA) Sustainable Development Fund (SDF) is a fund supporting community projects in and around the Pembrokeshire Coast National Park. When you interact with us online, over the phone or face-to-face, The PCNPA will collect your personal data and are responsible for how we store and use it.

PCNPA Authority was created as a freestanding special purpose local authority under the 1995 Environment Act (the Act). You can find out more about us via our About the National Park Authority page and view our overarching privacy notice.

PCNPA is registered as a Data Controller with the ICO (Information Commissioners Office). Registration number: Z6910336.

 

What data we need

If you apply to us for funding, we will ask for the following information:

Applicant/s ·      Name, position, telephone number(s), work address, email address and signature.
Organisation’s bank account details: ·      If your application is successful, you may be asked to provide a copy (either an electronic or hard copy) of a recent bank statement from your organisation’s main bank account

·      Names of signatories for your organisation’s bank account

During the life of the grant, we will ask for the following information:

End of grant report ·      Upon completion of a grant, we will ask you to complete an end of grant report back form to tell us how the funds have been spent and what you have achieved. Within this document we will ask for the name and signature of the main contact for the grant.

We may also use your personal data to evaluate and research the impact of our grant and to tell you about the results of any evaluations and research. The results of our evaluations and research may be published but we won’t publish your personal data without your agreement.

How the law protects you

Your privacy is protected by law and this section explains how that works.

We set out how we meet accountability measures in the law and how we keep your information safe in our Data Protection Policy.

Your rights

Under data protection regulations you have the following rights:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

The lawful basis of processing influences which rights are available to the individual.

Why we need it – Proper reasons (lawful basis) for using your personal data

We need this information to assess your proposal and, if your application is successful, enter into a contract with you. If your application is successful we will need to ensure that funds are paid into a bona fide account of the organisation we are funding.

We may use the information for the purposes of internal audit, monitoring the fairness of, and trends in, application decisions and for statistical purposes. The information may also be used for external audits from the Welsh Government who have a responsibility for auditing the Authority.

We may also use your personal data to evaluate and research the impact of our grant and to let you know about our grant and other activities. The results of our evaluations and research may be published but we won’t publish your personal data without your agreement.

We will not collect and use personal data for purposes beyond our statutory duties except where we have your consent or notified you of the relevant legal basis for processing.

 

How we hold your personal information

Data Protection law says that we are allowed to use personal information only if we have a proper reason (lawful basis) to do so. This includes sharing personal information with others outside the Authority.

We need this information to assess your proposal and, if your application is successful, enter into a contract with you. If your application is successful we will need to ensure that funds are paid into a bona fide account of the organisation we are funding.

What we use your personal information for Our reasons
Processing Grant Application and payments Fulfilling contracts
Our legal obligations

We may use the information for the purposes of internal audit, monitoring the fairness of, and trends in, application decisions and for statistical purposes. The information may also be used for external audits from the Welsh Government who have a responsibility for auditing the Authority.

What we use your personal information for Our reasons
Information required for financial or regulatory auditing requirements Fulfilling contracts
Our legal obligations

 

What we use your personal information for Our reasons
Evaluation and Research into the impact of our grant Legitimate Interest Impact of the Grant can be evaluated effectively. Keeping you informed of outcome of any research or evaluations of the Grant.

At the end of our retention period for applicants or grant recipients the main contact person for the organisation will be contacted to enquire whether they would like to remain on our project management database (Customer Relationship Management) as a stakeholder in order to receive details about further funding opportunities through the SDF Committee.

What we use your personal information for Our reasons
Keep you up to date about further funding opportunities through the SDF Committee.  Consent

We will not collect and use personal data for purposes beyond our statutory duties except where we have your consent or notified you of the relevant legal basis for processing.

 

How we hold your personal information

Your data will be processed by our staff. The data we process will be held internally on our own managed systems and externally on cloud based services in terms of our project management database (Customer Relationship Management) system. We are committed to storing data securely wherever it is held, and ensuring it is only accessible to authorised personnel.

We will keep your personal data up to date and store it securely.

We will put appropriate technical measures in place to protect it from loss, misuse, unauthorised access and disclosure, and not collect or retain excessive amounts of personal data.

When we have held your personal data for the maximum period of time allowed under our retention schedule and relevant laws, we will destroy it securely.

We may keep in contact with you throughout the life of your grant and we may send you advice about your grant.

If you provide us with personal data of people who benefit from your project’s work, we will treat this in the same way. You must tell the individuals and if they have any questions about this, you must refer them to this notice.

We may also use your personal data to evaluate and research the impact of our grant and to tell you about the results of any evaluations and research. If an external contractor is used for this work  we will only share personal data needed to carry out their evaluation work, and will do so subject to appropriate safety measures that are designed to ensure your personal data remains secure and is only used for the intended purpose. We will notify you if an external organisation is carrying out evaluation activities on our behalf.

 

How long we keep your information for – Unsuccessful applications

Data Retention Period Reason
Contact details of applicant. Application form. Supporting documents required to enable decision making, such as Accounts, Governing Documents and records of Trustees / Management Committee members. Any correspondence relating to the application, including the original enquiry made.

 

12 months after the date the decision is notified to the applicant. After this time the application form and all electronic documentation is deleted. Hard copies are destroyed via our confidential waste company. This is in case of complaint or request for additional information on the decision.

Please note, we do keep a record of your organisation applying on our project management database (Customer Relationship Management), within the assessment documents and within the minutes of the decision-making meeting, but all other documentation is deleted as per the above retention policy.

 

How long we keep your information for – Successful applications

Data Retention Period Reason
Contact details of applicant. Application Form. Supporting documents required to enable decision making, such as Accounts, Governing Documents and records of Trustees / Management Committee members. Any correspondence relating to the original application and grant awarded. An electronic copy of the application form is saved on our project management database (Customer Relationship Management).

All documents are retained to the end of the project plus six years to allow for any evaluation / dissemination activity. At the end of this time the application form and supporting documents are deleted from our systems, along with any other documents generated during the term of the grant.

Effective administration and processing of the Grant. Auditing and accountability requirements relating to the Grant. Evaluation and dissemination activity at the end of the grant.
Hard copy signed contract Length of the contract and for six years afterwards Limitation Act 1980 – Contract Law

Access is restricted to staff processing or assessing the proposals.

Please note, we do keep a record of your organisation applying on our project management database (Customer Relationship Management), within the assessment documents and within the minutes of the decision-making meeting, but all other documentation is deleted as per the above retention policy.

 

Who we share your personal information with

We may share your personal information internally with relevant departments within PCNPA but only for specified purposes.

We may share your personal information externally with these organisations and for the following reasons:

Organisations Our Reason
Government bodies, law enforcement bodies and regulatory authorities Auditing purposes, Fraud and crime detection

 

SDF Committee Fairness and transparency in our funding process is important to us. Decisions on the award of grants are made by the SDF Committee, which is comprised of National Park Authority Members and advisory members.
Organisations carrying out evaluations on our behalf Evaluate impact of our grants. We will only share personal data needed to carry out their evaluation work, and will do so subject to appropriate safety measures that are designed to ensure your personal data remains secure and is only used for the intended purpose. We will notify you if an external organisation is carrying out evaluation activities on our behalf.
Government departments or other third parties who have provided funds to the SDF grant Relevant personal data will be shared with them if this is a condition of funding they provide to the SDF grant.
People you agree to us sharing your data with You have consented for data to be shared

 

Fraud Prevention

If you apply for a grant or receive a grant from us, we may undertake checks for the purposes of preventing fraud and money laundering and to verify your identity. These checks require us to process personal data you have provided about you and your nominated representatives and data we have received from third parties.

We and fraud prevention agencies may also enable law enforcement agencies, regulators, Government, and other funders to access and use your personal data to detect, investigate and prevent crime.

Fraud prevention agencies can hold your personal data for different periods of time. If you are considered to pose a fraud or money laundering risk, your personal data can be held for up to six years.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to award a grant and we may withdraw existing grants.

A record of any fraud or money laundering risk will be retained by us and the fraud prevention agencies, and may result in others refusing to provide you with services, financing or employment. If you have any questions about this, please contact us on the details below.

 

How to get a copy of your personal information (Subject Access Request)

You can access your personal information we hold relating to the Sustainable Development Grant by writing to us to the address below:

Administration and Democratic Services Manager
Pembrokeshire Coast National Park Authority
Llanion Park
Pembroke Dock
Pembrokeshire
SA72 6DY

If you need assistance please contact: info@pembrokeshirecoast.org.uk , Tel: 01646 624800.

 

Letting us know if your personal information is incorrect

If we hold information about you, you can ask us to correct any mistakes by contacting us at info@pembrokeshirecoast.org.uk, phoning us on 01646 624800, writing to us or contacting the Sustainable Development Grants Team directly. We will take reasonable steps to check the accuracy of the data we hold and correct it.

 

What if you want us to stop using your personal information?

You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it.

There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it.

We may sometimes be able to restrict the use of your data. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.

You can ask us to restrict the use of your personal information if:

  • It is not accurate
  • It has been used unlawfully but you don’t want us to delete it
  • It is not relevant any more, but you want us to keep it for use in legal claims
  • You have already asked us to stop using your data but you are waiting for us to tell you if we are allowed to keep on using it.

If you want to object to how we use your data, or ask us to delete it or restrict how we use it or, please contact us at DPO@pembrokeshirecoast.org.uk.

 

How we use your personal information to make automated decisions

Currently we don’t use your information to make automated decisions. If this changes in the future we will update this section of the notice.

 

If you choose not to give personal information

We may need to collect personal information by law, or under the terms of a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform tasks related to a service you are looking to access.

Any data collection that is optional would be made clear at the point of collection

 

Consent and withdrawing consent

Where individual consent is needed to process personal information we will make you aware. Consent will not generally be a precondition of signing up to a service.

You can withdraw your consent at any time. Please contact us if you want to do so at info@pembrokeshirecoast.org.uk or the relevant team within the Authority who you provided consent to.

If you withdraw your consent, we may not be able to provide certain information or services to you. If this is the case, we will tell you.

 

Cookies

To find out more about how we use cookies on our website please see our cookie policy.

 

Sending data outside the EEA

We will only send your data outside of the European Economic Area (EEA) to:

  • Comply with a legal duty
  • Or, when data processors we use send data outside the EEA, but have relevant safeguards in place.

 

How to complain

Please let us know if you are unhappy with how we have used your personal information. Please contact our data protection officer at DPO@pembrokeshirecoast.org.uk or 01646 624800

You also have the right to complain to the Information Commissioner’s Office (ICO). Find out on the ICO website how to report a concern. Their helpline number is 0303 123 1113.

 

Questions

If you have any questions about the personal data we hold about you or how we use it you can contact our Data Protection Officer who will make every effort to help you.

If you have any questions, or want more details about how we use your personal information, you can contact our Data Protection Officer.

DPO@pembrokeshirecoast.org.uk

01646 624800

You can also write to us at:

Data Protection Officer
Pembrokeshire Coast National Park Authority
Llanion Park
Pembroke Dock
Pembrokeshire
SA72 6DY