Privacy policy

At The Royal Countryside Fund, respecting your data privacy rights is a top priority. This notice explains why and how we collect personal data about you, how we may process such data, and what rights you have regarding your personal data. 

We collect and process your data based on the type of data subject that you are. This notice is laid out such that the general provisions are at the top of this notice. Information specific to the different data subject types are listed in the headings below.

Please read the General Information and then click on the most relevant category(ies) of data subject for your situation.

 
Privacy Notice Contents
  • General Information
  • Employees & Temporary Staff
  • Funders & Donors
  • Grantees
  • Programme Participants
  • Corporate Managers
  • Suppliers & Contractors
  • Other Stakeholders
  • Unsolicited Personal Information
  • Retention Schedule
 
General Information

The information in this section is relevant to all categories of data subject.

 
Who controls your personal data?

The Royal Countryside Fund is responsible for your personal data.

You can contact a representative at the following address:

The Royal Countryside Fund,
13th Floor,
33 Cavendish Square,
London
W1G 0PW

Last Reviewed: 23rd November 2023

 
The Privacy Manager for The Royal Countryside Fund

The Royal Countryside Fund has appointed Helen Day as our Privacy Manager.  Privacy Manager can be contacted at the following email address:

info@countrysidefund.org.uk

 
Your rights

Under the General Data Protection Regulation (GDPR) you have rights. You can make a request to exercise these rights at any point. There are rules and exceptions in relation to these rights. They may not be exercisable in all situations. The GDPR rights are:

  1. The right to be informed.
    • You have the right to be informed about how The Royal Countryside Fund processes your personal data. Typically, The Royal Countryside Fund communicates this information through privacy notices such as this one.
  2. The right of data access
    • You have a right to obtain a copy of the personal data we hold about you.
  3. The right of data rectification
    • You have a right to ask for the correction of inaccurate or incomplete personal data which we hold about you.
  4. The right of data erasure
    • You have the right to request that personal data be erased when it is no longer needed, where applicable law obliges us to delete the data, or the processing of it is unlawful. You may also ask us to erase personal data where you have withdrawn your consent or objected to the data processing.
  5. The right to restrict data processing
    • You have the right to restrict the processing of your personal data. Where that is the case, we may still store your information, but not use it further.
  6. The right to data portability
    • You have the right to receive your personal data in a structured, machine-readable format for your own purposes, or to request us to share it with a third party.
  7. The right to object to data processing
    • You have the right to object to our processing of your personal data based on the legitimate interests, where your data privacy rights outweigh our reasoning for legitimate interests. You may also object to our marketing activities or activities related to research.
  8. Rights in relation to automated decision making and profiling.
    • You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. Currently, The Royal Countryside Fund only uses profiling as part of our Due Diligence process. This processing is conducted by a reputable third party and the results are manually reviewed by a committee at The Royal Countryside Fund.

You may request to enforce your data privacy rights by emailing info@countrysidefund.org.uk

In certain circumstances, we may need to restrict the above rights to safeguard the public interest (e.g., the prevention or detection of crime) or our business interests (e.g., the maintenance of legal privilege).

 
Consent as a legal basis for processing

For some data processing, The Royal Countryside Fund uses consent as a legal basis. If you have consented to processing by The Royal Countryside Fund, please be aware that you have the right to withdraw this consent at any point. If you would like to withdraw consent for a particular type of data processing that The Royal Countryside Fund performs, please email the following address:

info@countrysidefund.org.uk

 
Complaints to a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority with regards to the way that The Royal Countryside Fund processes your personal data. The Royal Countryside Fund recommends lodging a complaint with the ‘Information Commissioner’s Office (ICO)’. This is the UK’s supervisory authority and is the one which The Royal Countryside Fund is registered with.

 
How we share your data

We will not share your information with any third parties for the purposes of direct marketing.

We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us unless it has been authorised by The Royal Countryside Fund. They will hold it securely and retain it for the period we instruct.

In some circumstances we are legally obliged to share information. For example under a court order. In any scenario, we will satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.

The Royal Countryside Fund will always try to use third party providers who are located in the UK or EU, or who host data in UK or EU data centres. This is not always possible. Where this is not possible, The Royal Countryside Fund will ensure that we use GDPR compliant contracts with the third parties. We will use Appropriate Safeguards, such as International Data Transfer Agreements, to ensure the ongoing protection of your data.

 

How we protect your information

We implement appropriate technical and organisational measures to protect personal data that we hold from unauthorised disclosure, use, alteration, or destruction. Where appropriate, we use encryption and other technologies that assist in securing the data you provide. We also require our service providers to comply with strict data privacy requirements where they process your personal data.

 

How long we keep your personal data

We only keep your personal data for as long as necessary for the purposes described in this privacy notice, or until you notify us that you no longer wish us to process your data. After this time, we will securely delete your personal data, unless we are required to keep it to meet legal or regulatory obligations, or to resolve potential legal disputes.

 

Contact and further information

If you have any questions about how we use your personal data or wish to make a complaint about how we handle it, you may contact The Royal Countryside Fund at: info@countrysidefund.org.uk

In case you would like to be provided with information about a specific personal data processing activity, you can request that by submitting a request at info@countrysidefund.org.uk

We collect only the personal data from you that we need for the purposes described above. Certain personal data collected from you relates to your next of kin and emergency contacts. In these cases, you are requested to inform such persons about this Notice.

In case you are working at a third-party site (for example The Royal Countryside Fund customer location or facility), such third party may need to process your personal data for their purposes acting as a data controller. In these cases, you will receive or may request a separate privacy notice from the relevant data controller.

What happens if you do not provide us with the information we have requested?

Where it concerns processing operations related to your employment (as described above), The Royal Countryside Fund will not be able to adequately employ you without certain personal data and you may not be able to exercise your employee rights if you do not provide the personal data requested. Although we cannot mandate you to share your personal data with us, please note that this then may have consequences which could affect your employment in a negative manner, such as not being able to exercise your statutory rights or even to continue your employment. Whenever you are asked to provide us with any personal data related to you, we will indicate which personal data is required, and which personal data may be provided voluntarily.

  • You may obtain a copy of our assessment regarding our legitimate interest to process your personal data by submitting a request to info@countrysidefund.org.uk
  • In some cases, we process your personal data on the basis of statutory requirements, for example, on the basis of employment law, allowances, tax or reporting obligations, cooperation obligations with authorities or statutory retention periods in order to carry out our contractual responsibilities as an employer
  • In exceptional circumstances we may ask your consent at the time of collecting the personal data, for example photos, communications materials, and events. If we ask you for consent in order to use your personal data for a particular purpose, we will remind you that you are free to withdraw your consent at any time and we will tell you how you can do this.

Regarding special categories of personal data we will only process such data in accordance with applicable law and:

  • with your explicit consent for specific activities in accordance with applicable law
  • when necessary for exercising rights based on employment, or social protection law or as authorised by collective agreement, or for preventive and occupational medicine or and evaluation of working abilities; or
  • where necessary for establishment, exercise, and defence of legal claims.

Regarding personal data concerning criminal convictions and offences, we will only process such data where such processing is permitted by applicable (local) law.

 

Employees & Temporary Staff

The information in this section applies to current, past, or potential employees and temporary staff including secondees. Depending on your specific circumstances, your data may be used in all, some of, or none of the below listed processes:

Purpose of Processing

Description of Processing

Lawful Basis for Processing

Legitimate Interest

Stakeholder Events

Invitations to RCF or third-party events and associated correspondence (e.g. email and telephone calls).

Legitimate interest

Promotion of charity and activities.

Stakeholder Engagement

Providing reporting and updates on the charity’s activities to Donors, Key stakeholders, and the Royal Household. This is conducted via email, postal, phone, events, in person engagement, and reports.

Legitimate interest

To provide feedback on the success of RCF projects, programmes and activities to the charity’s key stakeholders.

Employee Recruitment

Agreement of vacancy through to employment and secondment offer and acceptance by candidate. This will include new employee completing diversity monitoring form which includes special category data.

Contract

Not applicable

Employee Onboarding

From candidate acceptance to fully onboarded employee and secondee with all training and IT accounts set up, on payroll, pension etc.

Contract

Not applicable

Employee Matters

Including: Sickness, Maternity/Paternity, Disciplinary & Grievance, Termination. From notification of an employee matter, following of relevant organisational procedures, through to completion of matter. This may include special category data.

Contract

Not applicable

Employee Appraisal and Management Notes

Annual performance appraisal and development plan and management notes on employee performance.

Legitimate interest

To effectively manage employee development and progress.

Training Management

Recording and processing records of training for employees on mandatory and optional topics

Contract

Not applicable

Employee Benefits

Onboarding and management of employees who are on company benefit schemes. Annual review of benefit schemes and communication with staff on those

Contract

Not applicable

Ex-Employee References

Providing references for ex-employees to future employers

Consent

Not applicable

Payroll & Pensions

Processing staff pay & Pensions

Contract

Not applicable

Accounts Payable

Payment of Grantees, Suppliers and expenses.

Contract

Not applicable

External Auditor Engagement

Annual External Audit. Sample of information can be requested by external Auditors. Information is uploaded to a secure file sharing platform called We Transfer

Legal Obligation

Not applicable

Employee Travel

Recording and processing personal information in order to book travel for employees either by one individual or by the individual themselves

Contract

Not applicable

Account (ID) Management and IT user support

To set up user profiles and accounts for employees and temporary staff using a third-party contractor. This process also involves providing IT support to users.

Contract

Not applicable

Secondments

Providing information to a third party organisation who is hosting a seconded employee

Contract

Not applicable

 

Transfers of Personal Data to Third Parties

The Royal Countryside Fund may transfer your personal data to third-parties. The Royal Countryside Fund may transfer your personal data to the following categories of recipients:

  • Recruiters & Recruitment Management Tools
  • Third party host organisation that RCF has entered into a secondment arrangement with
  • Cloud Storage & Document Management Tools
  • Employee Management & Training Tools
  • Remote Working & Calendar Planning Tools
  • Sales and Marketing Management Tools
  • Office Suppliers & Travel Bookings
  • IT Security and Management Tools
  • Accountants & Financial Management Tools
  • Banks
  • Pension Providers
  • Auditors
  • Legal Representatives & Legal Tools
  • Insurance Companies

The Royal Countryside Fund will ensure that your personal data is hosted in UK and/or EU servers. The Royal Countryside Fund will also ensure that contracts with these third-parties meet all UK-GDPR requirements.

 

Funders & Donors

The information in this section applies to current, past, and potential Funders and Donors. Depending on your specific circumstances, your data may be used in all, some of, or none of the below listed processes:

Purpose of Processing

Description of Processing

Lawful Basis for Processing

Legitimate Interest

Email Marketing

Email campaigns undertaken internally or via third parties.

B2C email marketing: Consent
B2B email marketing: Legitimate interest

Promotion of charity work/information sharing/updates/opportunities for recipients

Stakeholder Events

Invitations to RCF or third-party events and associated correspondence (e.g. email and telephone calls).

Legitimate interest

Promotion of charity and activities

Stakeholder Engagement

Providing reporting and updates on the charities activates to Donors, Key stakeholders, and the Royal Household. This is conducted via email, postal, phone, events, in person engagement, and reports.

Legitimate interest

To provide feedback on the success of RCF projects, programmes and activities to the charity’s key stakeholders.

Due diligence

Performing due diligence on both incoming and outgoing funds. This process investigates both individuals and institutions. This involves, eligibility checks using search engines, regulatory public registers, sector-specific public databases, reviews of charitable status, public profiles, recent accounts, reports and key policies.

Legal Obligation

Not Applicable

Donor & Grant Approval

The process of RCF committees & Trustees reviewing and deciding upon acceptance of donations and grant applications. 

Legal Obligation

Not Applicable

Receipt of Income

Bank transfer, cheques

Legal Obligation

Not applicable

External Auditor Engagement

Annual External Audit. Sample of information can be requested by external Auditors. Information is uploaded to a secure file sharing platform called We Transfer

Legal Obligation

Not applicable

Individual Giving

Processing of donations from individual donors. Also includes the management of Gift Aid data.

Contract

Not applicable

 

Transfers of Personal Data to Third Parties

The Royal Countryside Fund may transfer your personal data to third parties. The Royal Countryside Fund may transfer your personal data to the following categories of recipients:

  • Sales and Marketing Management Tools
  • Cloud Storage & Document Management Tools
  • Office Suppliers & Travel Bookings
  • Government Organisations
  • Due Diligence Providers
  • Legal Representatives & Legal Tools
  • Banks
  • Auditors

 

The Royal Countryside Fund will ensure that your personal data is hosted in UK and/or EU servers. The Royal Countryside Fund will also ensure that contracts with these third parties meet all UK-GDPR requirements.

 
Grantees

This section applies to past, current, and potential Grantees. Depending on your specific circumstances, your data may be used in all, some of, or none of the below listed processes:

Purpose of

Description of Processing

Lawful Basis for Processing

Legitimate Interest

Email Marketing

Email campaigns undertaken internally or via third parties.

B2C email marketing: Consent
B2B email marketing: Legitimate interest

Promotion of charity work/information sharing/updates/opportunities for recipients

Case Studies

Collection of case studies for use in marketing or evaluation.

Consent

Not applicable

Stakeholder Events

Invitations to RCF or third-party events and associated correspondence (e.g. email and telephone calls).

Legitimate interest

Promotion of charity and activities

Stakeholder Engagement

Providing reporting and updates on the charities activities to Donors, Key stakeholders, and the Royal Household. This is conducted via email, postal, phone, events, in person engagement, and reports.

Legitimate interest

To provide feedback on the success of RCF projects, programmes and activities to the charity’s key stakeholders.

Due diligence

Performing due diligence on both incoming and outgoing funds. This process investigates both individuals and institutions. This involves, eligibility checks using search engines, regulatory public registers, sector-specific public databases, reviews of charitable status, public profiles, recent accounts, reports and key policies.

Legal Obligation

Not Applicable

Donor & Grant Approval

The process of RCF committees & Trustees reviewing and deciding upon acceptance of donations and grant applications. 

Legal Obligation

Not Applicable

Grant Applications

The management of applications relating to third parties applying for a grant. This includes from receipt of applications to a grant decision.

Public task

Not Applicable

Grant and Programme queries

Capturing requests from individuals or businesses who are interested in hearing more about RCF’s grant or farming programmes.

Legitimate interest

Necessary for the delivery of charitable activity

Grant reporting

The generation of automated reminders which are sent to grantees. These reminders prompt grantees to provide status reports on the progress of grants.

Public task

Not Applicable

Accounts Payable

Payment of Grantees, Suppliers and expenses.

Contract

Not applicable

Receipt of Income

Bank transfer, cheques

Legal Obligation

Not applicable

External Auditor Engagement

Annual External Audit. Sample of information can be requested by external Auditors. Information is uploaded to a secure file sharing platform called We Transfer

Legal Obligation

Not applicable

 

Transfers of Personal Data to Third Parties

The Royal Countryside Fund may transfer your personal data to third-parties. The Royal Countryside Fund may transfer your personal data to the following categories of recipients:

  • Cloud Storage & Document Management Tools
  • Sales and Marketing Management Tools
  • Office Suppliers & Travel Bookings
  • Government Organisations
  • Due Diligence Providers
  • Programme Consultants & Funders
  • Remote Working & Calendar Planning Tools
  • Banks
  • Accountants & Financial Management Tools
  • Auditors

The Royal Countryside Fund will ensure that your personal data is hosted in UK and/or EU servers. The Royal Countryside Fund will also ensure that contracts with these third parties meet all UK-GDPR requirements.

 

Programme Participants

This section applies to past, current, and potential Farmers and of our farming programmes. Depending on your specific circumstances, your data may be used in all, some of, or none of the below listed processes:

Purpose of Processing

Description of Processing

Lawful Basis for Processing

Legitimate Interest

Email Marketing

Email campaigns undertaken internally or via third parties.

B2C email marketing: Consent
B2B email marketing: Legitimate interest

Promotion of charity work/information sharing/updates/opportunities for recipients

Case Studies

Collection of case studies for use in marketing or evaluation.

Consent

Not applicable

Stakeholder Events

Invitations to RCF or third-party events and associated correspondence (e.g. email and telephone calls).

Legitimate interest

Promotion of charity and activities

Grant and Programme queries

Capturing requests from individuals or businesses who are interested in hearing more about RCF’s grant or farming programmes.

Legitimate interest

Necessary for the delivery of charitable activity

Farming Programmes Management

The management of personal data relating to all RCF’s farming programmes. This includes completing sign up forms, transferring data to coordinators & consultants, the collection of feedback and generation of reports.

Legitimate interest

Collect farm business contact details and assess starting confidence/ability for businesses who join our farming programmes.

Business Health Check Tool

A farm business benchmarking tool collecting financial and management data about farm businesses.

Legitimate interest

To complete the Business Health Check Tool to help farmers understand their farm enterprise costs

Sharing with funders

Sharing evaluation and impact with funders to demonstrate the effect of programmes and the difference that RCF interventions have made to peoples’ lives.

Legitimate interest

Demonstrating impact of charity programmes to corporate partners

 

Transfers of Personal Data to Third Parties

The Royal Countryside Fund may transfer your personal data to third-parties. The Royal Countryside Fund may transfer your personal data to the following categories of recipients:

  • Sales and Marketing Management Tools
  • Cloud Storage & Document Management Tools
  • Programme Consultants & Funders
  • Office Suppliers & Travel Bookings
  • Government Organisations
  • Delivery partners

The Royal Countryside Fund will ensure that your personal data is hosted in UK and/or EU servers. The Royal Countryside Fund will also ensure that contracts with these third parties meet all UK-GDPR requirements.

 

Executive and Non-Executive Management

This section applies to past, current, and potential Corporate Managers. This includes directors, trustees and related roles. Depending on your specific circumstances, your data may be used in all, some of, or none of the below listed processes:

Purpose of Processing

Description of Processing

Lawful Basis for Processing

Legitimate Interest

Stakeholder Engagement

Providing reporting and updates on the charities activities to Donors, Key stakeholders, and the Royal Household. This is conducted via email, postal, phone, events, in person engagement, and reports.

Legitimate interest

To provide feedback on the success of RCF projects, programmes and activities to the charity’s key stakeholders.

Training Management

Recording and processing records of training for employees on mandatory and optional topics

Contract

Not applicable

Bank & Investment Management

Setting up new bank accounts, bank mandates and investment accounts.

Legitimate interest

Setting up new bank accounts, bank mandates and investment accounts.

External Auditor Engagement

Annual External Audit. Sample of information can be requested by external Auditors. Information is uploaded to a secure file sharing platform called We Transfer

Legal Obligation

Not applicable

Employee Travel

Recording and processing personal information in order to book travel for employees either by one indicial or by the individual themselves

Contract

Not applicable

Trustee and Director Onboarding

From identifying a skill gap to onboarding a new trustee or director. This involves agreeing a skill gap, identifying and shortlisting potential candidates, appointment offer, acceptance by candidate, induction training and set up on third party portal.

Public task

Not Applicable

Statutory Audit Requirements

Directors asked to complete annual declaration of interest and third-party transactions forms.

Legal Obligation

Not Applicable

Regulatory and Statutory Reporting

Director and Trustee details submitted to regulators including Companies House, Charity Commission, Intellectual Property Office, Information Commissioner and OSCR  as part of registration, renewal or annual return process.

Legal Obligation

Not Applicable

Trustee and Director Retirement

Regulatory notification of Trustee or Director’s end of tenure.

Public task

Not Applicable

 

Transfers of Personal Data to Third Parties

The Royal Countryside Fund may transfer your personal data to third parties. The Royal Countryside Fund may transfer your personal data to the following categories of recipients:

  • Cloud Storage & Document Management Tools
  • Employee Management & Training Tools
  • Recruiters & Recruitment Management Tools
  • Banks
  • Investment Management
  • Auditors
  • Office Suppliers & Travel Bookings
  • Government Organisations
  • Legal Representatives & Legal Tools

The Royal Countryside Fund will ensure that your personal data is hosted in UK and/or EU servers. The Royal Countryside Fund will also ensure that contracts with these third parties meet all UK-GDPR requirements.

 

Suppliers & Contractors

This section applies to past, current, and potential Suppliers and Contractors. Depending on your specific circumstances, your data may be used in all, some of, or none of the below listed processes:

Purpose of Processing

Description of Processing

Lawful Basis for Processing

Legitimate Interest

Stakeholder Events

Invitations to RCF or third-party events and associated correspondence (e.g. email and telephone calls).

Legitimate interest

Promotion of charity and activities

Stakeholder Engagement

Providing reporting and updates on the charities activities to Donors, Key stakeholders, and the Royal Household. This is conducted via email, postal, phone, events, in person engagement, and reports.

Legitimate interest

To provide feedback on the success of RCF projects, programmes and activities to the charity’s key stakeholders.

Training Management

Recording and processing records of training for employees on mandatory and optional topics

Contract

Not applicable

Accounts Payable

Payment of Grantees, Suppliers and expenses.

Contract

Not applicable

Receipt of Invoice

Supplier invoices are received by email and uploaded on to DEXT document management system and Xero

Legal Obligation

Not applicable

Bank & Investment Management

Setting up new bank accounts, bank mandates and investment accounts.

Legitimate interest

Setting up new bank accounts, bank mandates and investment accounts.

External Auditor Engagement

Annual External Audit. Sample of information can be requested by external Auditors. Information is uploaded to a secure file sharing platform called We Transfer

Legal Obligation

Not applicable

Supplier Management

Management of personal data relating to suppliers. Includes: prospecting for a supplier, adding vendors onto any systems, and creating contracts.

Legal Obligation

Not applicable

Employee Travel

Recording and processing personal information in order to book travel for employees either by one indicial or by the individual themselves

Contract

Not applicable

Account (ID) Management and IT user support

To set up user profiles and accounts for employees and temporary staff using a third-party contractor. This process also involves providing IT support to users.

Contract

Not applicable

Trustee and Director Onboarding

From identifying a skill gap to onboarding a new trustee or director. This involves agreeing a skill gap, identifying and shortlisting potential candidates, appointment offer, acceptance by candidate, induction training and set up on third party portal.

Public task

Not Applicable

Statutory Audit Requirements

Directors asked to complete annual declaration of interest and third-party transactions forms.

Legal Obligation

Not Applicable

Regulatory and Statutory Reporting

Director and Trustee details submitted to regulators including Companies House, Charity Commission, Intellectual Property Office, Information Commissioner and OSCR as part of registration, renewal or annual return process.

Legal Obligation

Not Applicable

Trustee and Director Retirement

Regulatory notification of Trustee or Director’s end of tenure.

Public task

Not Applicable

 

Transfers of Personal Data to Third Parties

The Royal Countryside Fund may transfer your personal data to third-parties. The Royal Countryside Fund may transfer your personal data to the following categories of recipients:

  • Cloud Storage & Document Management Tools
  • Sales and Marketing Management Tools
  • Office Suppliers & Travel Bookings
  • Employee Management & Training Tools
  • Recruiters & Recruitment Management Tools
  • Banks
  • Accountants & Financial Management Tools
  • Auditors
  • IT Security and Management Tools

The Royal Countryside Fund will ensure that your personal data is hosted in UK and/or EU servers. The Royal Countryside Fund will also ensure that contracts with these third parties meet all UK-GDPR requirements.

 
Other Individuals

This section applies to other data subject types who may not have been captured in the above listed categories. Depending on your specific circumstances, your data may be used in all, some of, or none of the below listed processes:

Purpose of Processing

Description of Processing

Lawful Basis for Processing

Legitimate Interest

Email Marketing

Email campaigns undertaken internally or via third parties.

B2C email marketing: Consent
B2B email marketing: Legitimate interest

Promotion of charity work/information sharing/updates/opportunities for recipients

Subject Access Request

Management of GDPR data subject requests.

Legal Obligation

Not Applicable

Data Breach

Responding to data breaches involving personal data.

Legal Obligation

Not Applicable

Safety Incident

Health and safety reporting.

Legal Obligation

Not Applicable

 

Transfers of Personal Data to Third Parties

The Royal Countryside Fund may transfer your personal data to third parties. The Royal Countryside Fund may transfer your personal data to the following categories of recipients:

  • Sales and Marketing Management Tools
  • Cloud Storage & Document Management Tools

The Royal Countryside Fund will ensure that your personal data is hosted in UK and/or EU servers. The Royal Countryside Fund will also ensure that contracts with these third parties meet all UK-GDPR requirements.

 
Unsolicited Personal Information

If you send The Royal Countryside Fund unsolicited personal information, for example a CV, The Royal Countryside Fund reserves the right to immediately delete that information without informing you or to decide which category of data subject that you appear to be and manage your personal data within the remit of that category as described elsewhere in this Privacy Notice.

 

Retention Schedule

The Royal Countryside Fund uses the following retention schedule. The following minimum retention periods shall apply:

 Data Type

Retention Trigger

Retention Period

Action

The data type.

The event that triggers the retention period.

How long the data is kept after the trigger event has occurred.

What happens after the retention period has expired.

Unsuccessful recruitment candidate

Notification of unsuccessful application

6 months

Delete

Employee and Secondees data

End of employment

6 years

Delete

Employee IT accounts, audit logs, training records and related data

End of employment

1 year

Delete

Basic employment data for providing references

Date of birth

100 years

Delete

All Financial data

End of financial year

6 years

Delete

Banking and Investment Management data

Closure of the account

1 year

Delete

Due diligence reports for Programmes

Last action

3 years

Review data

Due diligence reports for Donors

Last action

7 years

Review data

Email Marketing

Subscription date

6 years

Send a new consent request

Marketing Case Studies

Consent date

3 years

Review data

Event Management Data

Event date

6 years

Review data

Approval decisions for Grants and Donors

Decision date

Successful – 7 years

Unsuccessful – 12 months

Delete

Grant Applications and Reporting to Stakeholders

Last action

3 years

Review data

Grant and Programme Queries

Last action

2 years

Review data

Farming Programme Management

End of Programme

5 years

Review data

Business Health Check Tool Data

Report Creation

2 years

Delete

Stakeholder Engagement Data

Last action

6 years

Review data

Data subject requests

Last action/case closed

1 year

Delete

Data breach

Last action

2 years if no action taken

6 years if reportable data breach

Delete

Safety incident

Last action

6 years

Review data

Trustee & Director Onboarding, and Regulatory & Statutory Reporting Data

End of tenure/resignation date

Immediate

Delete

Statutory Auditing Data

Director retirement

7 years

Delete

Trustee & Director Retirement Data

Completion of regulatory notification

Immediate

Delete

 

Where it is not practical to segregate and manage specific data types uniquely, then a blanket 7-year policy will be applied to all data with a prescribed retention period of 6 years or less.