Northern Consortium is an independent charity providing grants to individuals, charities and not for profit organisations and funding for research projects.
Unless otherwise stated, Northern Consortium is the data controller for the information we collect.
The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We do not share data with anyone else without your permission, except when we believe it is the only way to prevent harm to you or other people. If we do disclose information without your permission, this is authorised by a senior member of staff and we will explain our reason to you at the earliest opportunity.
We require all third parties who provide services for us and who process the data of our service users to comply fully with data protection legislation.
We will never share any of the information you provide with any third parties for marketing purposes.
It is charity policy to respect the right of service users, staff, trustees, volunteers and others whose personal data we hold to privacy and confidentiality as far as possible within the constraints of legal requirements, including legislation on the safeguarding of adults and children and on the prevention of terrorism.
We will not store any of your information outside of the European Economic Area.
Data is kept in accordance with our retention schedules as set out in the appropriate sections of this statement.
This privacy statement tells you what to expect when Northern Consortium collects personal information. More detailed information is set out below for:-
People & organisations who apply to us for funding
We have to hold the details of the people and organistions who apply to us for funding in order to be able to assess the application and provide the service. These details include application forms, case notes, documentation to evidence financial circumstances and support applications as well as bank account details in order to make payments. We only use these details to provide the requested service and for other closely related purposes, for example, to ask for feedback on the way their application has been dealt with and on the impact of our service.
Case notes, which include a record of approval of financial assistance, will be retained for six full financial years following the financial year of the last payment. Other documentation provided to support the application will be retained for one full financial year following the financial year of date of last payment. For unsuccessful applicants, details will be retained for one full financial year. After these retention periods, the data will be deleted or where a statistical record of the service is required, anonymised.
See also the Financial transactions section in this policy for information on retention of payment details.
People who apply for a Northern Consortium bursary (scheme is ending in 2023)
We have to hold the details of the people who apply to us for a Northern Consortiumbursary in order to be able to provide the bursary scheme and assess the applications. These details include an application form, documentation to evidence the applicant’s financial circumstances and, for successful applicants, bank account details in order to make the payment. We only use these details to provide the service the person has requested and forclosely related purposes, for example, to ask them for feedback on the impact of our support.
The individuals details, supporting documentation and record of approval of financial assistance for bursary recipients are retained for six full financial years following the year in which the last payment was made. After this, the data will be deleted or, where a statistical record of the service is required, anonymized.
See also the Financial transactions section in this policy for information on retention of payment details.
Visitors to our website
When someone visits www.nccharity.org.uk we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to the various parts of the site which helps us to tailor our services to the needs of our stakeholders. Further information on Google’s data privacy and security information is available on the Google website:- Google Analytics
People who contact us via social media
We use a third-party provider, Hootsuite to manage our social media interactions. If you send us a private or direct message via social media the message will be stored by Hootsuite for three months. We will not share this information with any other organisations.
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who make a complaint to us
In the event of receiving a complaint, in accordance with our complaints policy we will record the details of the complaint and complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint.
If the complaint was about an individual we may have to disclose the complainant’s identity to them, where, for example, the accuracy of a person’s record is in dispute.
If a complainant does not want information identifying her or him to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
Personal information contained in complaint files will be kept for two years from the complaint being closed.
Job applicants
We will only use the information provided during the recruitment process for the purpose of progressing job applications, or to fulfil legal or regulatory requirements.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information (ie skills, knowledge and experience, education and referees), you provide to assess your suitability for the role for which you have applied.
You will also be asked to complete an anonymous equalities monitoring form. Completion of the form is optional. Data provided will be used only to produce and monitor equal opportunities statistics.
The charity personnel who shortlist applications for interview will not be provided with your name or contact details. If selected for interview you may be asked to complete a written test and we will take interview notes.
We will retain information generated throughout the assessment process, for example interview notes, for 6 months following the closure of the recruitment.
We will retain the information provided by unsuccessful applicants for 6 months from the closure of the recruitment.
Northern Consortium employees
For applicants offered a post, this will be subject to satisfactory checks ie references, evidence of qualifications and right to work in the UK, a criminal records declaration and records will be kept of this in the member of staff’s HR file. We will also retain bank details, in order to process salary and expenses payments, contact details for the staff member and emergency contact details of who to contact should there be an emergency at work.
Senior position holders are required annually to declare if they have any potential conflicts of interest. This information will be held on their HR file.
Relevant details will be provided to Northern Consortium’s payroll provider, Hallidays. This will include your name, bank details, address, date of birth, National Insurance Number, salary, benefits and deductions for loans and similar. They also receive copies of tax coding notices and any legal notices sent to us as your employer in order to comply with legal and tax obligations to make appropriate deductions from pay.
Staff may be enrolled into Northern Consortium’s pension scheme and your relevant details (date of birth, address, national Insurance number and salary) will be provided to the administrators of the Northern Consortium pension scheme, USS. Details of contributions made to the pension scheme will be retained for 6 full financial years following the end of the financial year in which they are paid.
We will retain the information provided by successful applicants for the duration of their employment. We will also retain information relating to annual appraisals, performance management, grievance and disciplinary issues and sickness certification. This information is destroyed after 6 complete financial years following the financial year in which employment ended. Notes of 1:1 meetings recorded by the staff member’s line manager will be destroyed when the staff member leaves unless there is an unresolved ongoing issue. In this case the notes will be destroyed once the issue is resolved.
Trustees
We will only use the information provided during the trustee recruitment process for the purpose of progressing applications, or to fulfil legal or regulatory requirements.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information (ie skills, knowledge and experience, education and referees), you provide to assess your suitability for the trustee role for which you have applied.
You will also be asked to complete an anonymous equalities monitoring form. Completion of the form is optional. Data provided will be used only to produce and monitor equal opportunities statistics.
The panel who shortlist applications for interview will not be provided with your name or contact details. If selected for interview we will take interview notes.
For applicants offered a trustee role, this will be subject to satisfactory checks ie references, a criminal records declaration, anti-money laundering vetting, meeting any requirements set out by the Charity Commission (ie, insolvency register and disqualified Directors checks) a board resolution to appoint, and a declaration of your acceptance of the position and that you meet the stated requirements and are willing to act as a trustee. Records will be kept of this. We will also retain bank details, in order to process expenses payments, contact details for the trustee and emergency contact details of who to contact should there be an emergency whilst carrying out their trustee role.
The charity will record identity details for any period while you are acting as a signatory on a bank mandate or similar for the charity.
In order to meet with legal requirements, personal and other details will be disclosed to the Charity Commission and Companies House. We will also provide details to the charity’s bankers, auditors and other advisers, as required to enter into contracts and manage the charity’s affairs.
All trustees are required to complete an annual declaration of interest and to declare at each board meeting any potential conflicts of interest. This information will be held by the charity.
We will retain the information provided by those who take up a trustee role for the duration of their trusteeship for Northern Consortium plus six full financial years following the date of them ceasing to be a trustee.
We will retain the information provided by unsuccessful applicants for 6 months from the closure of the recruitment.
We will retain information generated throughout the assessment process, for example interview notes, for 6 months following the closure of the recruitment.
See also the Financial transactions section in this policy.
Financial transactions
Except where noted separately in this policy, we are required by law to retain details of any financial transaction with Northern Consortium for a maximum period of seven years following the transaction date. This includes donations received from individuals or corporations, payments made to suppliers, recipients of financial support or bursaries, volunteers, trustees and staff.
Details retained may include name, address, amounts paid or received, gift aid declarations, copy invoices. Bank account details are retained for the purposes of making payments only and once added to our online banking portal at Barclays Bank Plc are not retained on our database. Our online banking system meets with current security standards. Access to online banking is restricted to persons authorised to make payments only.
We only retain the minimum details required to meet our legal and contractual obligations. Bank account details are deleted from our banking system when there is no longer a need to retain them. For example, if we end a contract, a person no longer works or volunteers for the charity or it is agreed that financial assistance is no longer required.
Financial information (including copy bank statements) provided as part of an application for financial support or a bursary is retained as part of the case notes as documented in those sections of this policy.
Supplier and customer contact details may be held on our financial systems hosted by SAGE. Data on this system is backed up and stored in data centres based in the USA. SAGE is a certified member of the EU-US Privacy Shield scheme which approves the mechanisms under which such data transfers are made. For information about about the Privacy Shield principles, please visit www.Privacyshield.gov.
Data protection
The Information Commissioner’s Office (ICO) was set up to uphold information rights. Full information on these rights and how to exercise them is available on its website https://ico.org.uk
Northern Consortium is happy to provide any additional information or explanation needed regarding our collection and use of your data. Any requests for this, including information on accessing personal information can be emailed to us at: info@nccharity.org.uk
If you wish to complain about the way we have processed your personal information, please contact us via any of these routes:
Telephone: 07309 926751
Email: Diane@nccharity.org.uk
Post: Northern Consortium, 667-669 Stockport Road, Manchester M12 4QE.
The Information Commissioner’s Office (ICO) oversees data protection law and complaints can be made to them at www.ico.org.uk/concerns