Data Protection Policy
Last updated: March, 2025
Trustees:
Kathleen Anchant
Jenni Bickerdyke
Linda Elizabeth Silliman Millar
Grant Applications
The type of personal information we collect
We currently collect and process the following information:
- Personal names, date of birth, bank details (name on account, sort code, account number) brief income details, and personal circumstances, provided to us via email from official organisations only.
Data we do not collect
- National insurance numbers, telephone numbers, home addresses, email addresses, financial statements or dates of birth, names etc of any other family members.
How we get the personal information and why we have it
All of the personal information we process is provided to us directly by a third-party making a referral to us via email on your behalf for the following reason:
- To make an application to us for emergency financial assistance.
We do not collect any data for grant applications from any other external sources.
We use the information that you have given us in order to create a case to be presented to the Biscuit Fund for consideration for financial help.
We do not share this information with any other organisation. The only organisation we communicate with about you is the organisation that made the initial referralfor you, in order to update them as to the success or not of the grant.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
(a) Consent: By requesting that your details be sent to us you are giving clear consent for us to process your personal data.
(b) Contract: We have a contractual obligation which is necessary to carry out our duties for a specific purpose (making a grant).
(c) Legal Obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
(d) Vital and Legitimate Interest: We have a vital and legitimate interest in ensuring that the data we hold is correct and that the integrity of the fund is protected at all times.
Gift-aided donations
The type of personal information we collect for
For gift-aided donations the data we collect is your name, address, email address and the amount you wish to make as a donation.
How we get the personal information and why we have it
This data is provided by you, following an emailed request from the fund, or following an online donation. The purpose of this is to permit the fund to claim the gift-aided portion of your donation from HM Revenue & Customs.
We retain this information for as long as the fund is in operation. If you cease to be a donor or to cease being a gift-aided donor, the data will be kept in accordance with HM Revenue & Customs’s requirements.
We do not share this information with any other organisation other than the HM Revenue & Customs for the purpose of a gift-aid claim.
For all data
How we store your personal information
The security of your personal data is a very major concern for us. We have legal obligations to keep it safe and handle it with care.
All website data is kept on high quality UK based servers, which meets the European Commission standards for data protection. We do not store your data offline.
With respect to the issue of grants we keep your data for as long as the fund is in operation in order to protect the fund as we offer one-time help only. We never share your data with third parties. This data is kept in the cloud on UK servers.
With respect to gift-aided donations, we retain your data for as long as you are a gift-aided donor and to satisfy the requirements of HM Revenue & Customs.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us if you wish to make a request.
We use cookies on our website.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at info@biscuitfund.org
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Our contact details