UnLtd ('we', 'us'), the Foundation for Social Entrepreneurs, finds funds and supports social entrepreneurs to start their business or grow their impact. We are a charity foundation, registered number 1090393.
Our head office address is 123 Whitecross Street, Islington, London, EC1Y 8JJ.
The UnLtd website is www.unltd.org.uk is owned and operated by UnLtd.
Under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and Data Protection Act 2018, personal data is defined as 'any information relating to an identified or identifiable natural person ('data subject'), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.
THE DATA CONTROLLER
A data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. UnLtd is the data controller as defined by relevant data protection laws and regulations.
THE INFORMATION WE COLLECT AND HOW WE USE IT
If you sign up to our newsletter, we collect the information you provide of your name and email address in order to deliver it to you. The information you provide is collected by a third-party software called Microsoft Dynamics 365, You can read Microsoft's Privacy Statement here, and the Privacy Shield Notice for ClickDimensions, the Microsft tool which creates mailing lists and distributes newsletters on our behalf.
Microsoft participates in and comply with the EU-U.S. Privacy Shield Framework. You can update your preferences or unsubscribe from our e-newsletter lists at any time by clicking on the links in the newsletter.
If you contribute content to a site that we host, (such as commenting on a blog post) we publish this information on the website that you contributed to. We retain this information for at least as long as the content is available. These details will not be shared with third parties, except where necessary such as to provide a defence from defamation claims.
If you are expressing an interest in applying for an Award, we request sufficient details for our administrative processes, and so we can give you the most helpful feedback and advice on next steps. This will include your name, address, contact details, date of birth and an explanation of the idea or venture you would like our support for.
If you make an application for an UnLtd Award, we’ll ask for a more detailed range of information about you. In both cases we need to know who you are, and we need to be able to get in touch with you, as well as having sufficient information to make the assessment. If you are given an award, we will also need financial information in order to fulfil contractual requirements. We keep this data on our CRM systems, Microsoft Dynamics 365 and thankQ.
If you are invited to pitch your venture, fairness and transparency in our funding process is important to us. All applications are assessed by a team of UnLtd staff and may also be assessed by external panel members. Decisions on the applications are made by a panel which is comprised of UnLtd Trustees, UnLtd’s Director of Awards and where applicable our Partners.
We may also take photographs during the events for our social media channels. We will seek your consent to publish and store such photography.
If you are applying to work for UnLtd, personal data is collected through the application process. Data is collected through forms on the website, details of which can be found in the section describing people who use our website. Data collected via the website will be used for Employment, the Administration and management of our staff. We may also use this personal data to make informed management decisions and for administration purposes.
Personal data collected for applicants is held for as long as necessary to fulfil the purpose for which it was collected, or for a maximum of two years where those purposes no longer become necessary. For more information on how we handle data on our staff, see our Staff Handbook.
If you contact us by phone, email or in writing:
If you exchange emails, telephone conversations or other electronic communications with our staff members, our systems will record details of those conversations, sometimes including their content.
When you contact us, we sometimes need to keep a record of the communication we have with you to operate, manage and develop our organisation.
If you are interested in becoming an UnLtd Partner, we’ll ask you to contact us with initial details such as your name, job title, the name of your organisation and your contact number.
We keep this information in order to invite you to collaborate on and participate in relevant work-related activities.
Finally, at times we may also collect criminal offences data and health data which some of our members choose to disclose, however, they are not encouraged to do so. We put extra measure in place for informing our members about the way we process, retain and protect their criminal offences and health data.
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:
(a) Consent: you have given UnLtd your freely, specific, informed or unambiguous consent for your personal data to be processed for a specific purpose.
(b) Contract performance: the processing is necessary for the performance of a contract you have with UnLtd consent for your personal data to be, which had asked you to take specific steps before entering into a contract.
(c) Compliance with legal obligation: the processing is necessary for UnLtd to comply with the law for tax, social security obligation and employment purposes (not including contractual obligations).
(d) Protection of vital interests: the processing is vital to an individual's survival.
(e) Public interest: the processing is necessary for UnLtd to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for UnLtd legitimate interests, or the legitimate interests of a third-party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.
Your data subject rights are listed below:
Under the GDPR and the Act, you may ask for a copy of the information we hold about you and you may request rectifications be made to this information if it is inaccurate or not up to date. Please write to email@example.com.
As a fundraising organisation, we undertake in-house research to gather information about you from publicly available sources, for example, Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as LinkedIn, political and property registers and news archives. We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause but with whom we are not already in touch. We also use publicly available sources to carry out due diligence on donors in line with the charity’s Gift Acceptance Policy and to meet money laundering regulations. This research helps us to understand more about you as an individual so we can focus our conversations about fundraising and volunteering in the most effective way, and ensure that we provide you with a donor experience that is appropriate for you. You will always have the right to opt out of this processing. If you would prefer us not to use your data in this way, please email us at firstname.lastname@example.org.
SHARING YOUR PERSONAL DATA
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property, or safety of the organisation, or other individuals. This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we have to comply with as well as those organisations with whom you and we have reciprocal agreements for providing services for education or professional development.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
PROTECTING YOUR PERSONAL DATA
The data that we collect from you will be processed at our servers in the UK. It may also be processed by organisations operating in the EEA that UnLtd has instructed.
If personal data is transferred outside the UK or EEA to a country without a designated adequacy rating, UnLtd will request the data subject's consent before processing the data. Consent will not be sought where the processor's Binding Corporate Rules, Standard Contractual Clauses or adhoc contractual clauses stipulate that the data will be processed in accordance with the GDPR.
SECURITY OF YOUR INFORMATION
To help protect the privacy of data and personally identifiable information you transmit through use of this our website, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
We store your personal data in accordance with our data retention policy. This policy is reviewed and updated internally to ensure we do not store your data for longer than is necessary. We also review how and where we store any data to ensure that we meet our obligation to store data securely.
In addition, some of the data we hold may be subject to certain legal and regulatory obligations, which provide a minimum retention period for different types of data. The retention period varies depending on the data we hold.
For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns
Information Commissioner's Office
Tel: 0303 123 1113 (local rate)