Personal information charter
How the Charity Commission treats your personal information and how to check what details they have for you.
Our personal information charter
To fulfil our statutory role we are required to collect and process personal data. Our personal information charter sets out what you can expect from us in respect of personal data we collect and/or may receive about you.
When we ask for your personal data we will:
- explain why we need it
- only ask for what we need
- make sure it is protected
- not keep it for longer than we need
- only require, hold or share it with others in accordance with the law
When you provide us with information, you are obliged to comply with S60 of the Charities Act 2011 which means that it is an offence to provide the Commission with information used in the discharge of its functions which is false or misleading. In respect of your personal data we expect any data which you give us to be truthful, accurate and up-to-date.
If you want to know what personal data of yours we hold, you can email us at firstname.lastname@example.org.
Privacy notice - how we use your personal information
Our privacy notice tells you how we will handle personal data we may collect or receive about you.
The Charity Commission is registered with the Information Commissioner’s Office as a data controller and our registration number is Z5640596.
Find out more about the data we collect and what we do with that data on the ICO’s official website.
1. Information we may collect from you and/or receive about you
The need to collect personal data will arise in regard to all of our statutory functions as a regulator. The type of personal data we may collect from you varies according to the nature of the engagement or activity we may be involved in.
Information we collect from you, and/or receive about you, may include information required to: assess your eligibility to register as a charity, conduct case work relevant to our statutory duties such as the investigation of allegations concerning the misappropriation of charity funds; in relation to requests for information under any relevant legislation; and particulars we require in connection with the integrity and maintenance of the public register of charities.
Some examples of the type of personal data we may collect and/or receive during the normal course of our duties are:
- name and date of birth
- contact details - email, home address
- visual images, including personal appearance
- employment and education details
We may also collect and/or receive sensitive personal data which may include:
- physical or mental health details
- racial or ethnic origin
- religious or other beliefs
- political opinions
- sexual life
- trade union membership
- offences (including alleged offences)
- criminal and legal proceedings, outcomes and sentences
2. Visitors to GOV.UK, users of our digital services, social media and regulatory updates
We may contact you, using the personal data you have provided to us, to notify you of changes to the law or our guidance, to issue regulatory alerts, or in furtherance of our objective of ensuring compliance with trustees’ and charity’s legal obligations as well as our statutory function of encouraging and facilitating the better administration of charities.
We disseminate quarterly communications using email and other digital addresses, provided at a number of points which are:
- visits to GOV.UK
- through the registration application process
- via our annual return and other digital transactions
- individual subscription
- through attendance of training and outreach events and consultation processes
We do this to ensure charities and their trustees are aware of necessary regulatory information.
3. Organisations applying for registration as a charity
In order to determine whether organisations legally are charities, we collect and receive information determined by the terms of the Charities Act 2011. We may use the email addresses provided through our online services to contact you where necessary/legitimate for our regulatory functions or where we have consent even if the application process is discontinued. The data we collect through this process is retained for the purposes outlined in ‘What we do’.
4. Updating of and provision of information
We collect and/or receive personal data to ensure that our records are up-to-date, including the registered particulars of trustees, and in connection with the integrity and maintenance of the public register of charities. Information may be collected through our annual return, charities’ updates to our public register of charities and in the course of our casework.
Find out more about our annual return.
5. Use of your personal data
There are circumstances where we may disclose your personal data, but we will only ever do so in accordance with the law. The circumstances where we will share your personal data are:
a. So that we can properly carry out our statutory objectives, functions and duties, including, but not limited to, through the provision of the public register of charities.
b. When we are required to do so by law.
c. In order to assist the discharge of any other body or person discharging functions of a public nature if the personal data is relevant to their functions.
d. In connection with any ongoing or prospective legal proceedings.
e. To establish, exercise or defend our legal rights.
f. To undertake data analysis, testing, research and statistical analysis and/or improve the accuracy of our records.
We have a legal obligation to maintain a public register of charities. Although we do not share or process information for the purposes of marketing, marketing companies can sometimes lawfully use public registers in the course of their business.
6. Information we receive from other sources
We may combine personal data from other sources with personal data you have provided to us. We may use this information and the combined information for the purposes set out in section 5.
We will ensure that any such disclosure and use is proportionate, considers your right to respect for your private life; and is done fairly and lawfully in accordance with the data protection principles of the Data Protection Act 1998.
7. Your right of access to the personal data we collect or receive
We are committed to being as open and transparent as possible when handling your personal data and in giving you access to the personal data we may hold on you. Contact us at email@example.com to access the personal data we hold about you. Unless the Data Protection Act itself provides an exemption from disclosure or reason not to disclose, if we do hold information about you we will:
- tell you what the personal data is
- tell you why we hold it
- provide you with a copy of the information
We strive to attain the highest standards when collecting and using personal data. We take any complaints we receive about this very seriously and we encourage individuals to contact us if they think either our collection or use of personal data is unfair, unlawful, misleading or inappropriate. We also welcome any suggestions for improving our procedures.
Our privacy notice is drafted to be as succinct as possible and does not provide exhaustive detail of every aspect of how we collect or use your personal data. If you require further information please contact us at BusinessAssurance@charitycommission.gsi.gov.uk.
Complain about a response to request for information
We may not always be able to release all of the information you have asked for. This might be because certain information is exempt from release to the public.
You can ask us to review our response within 28 days of receiving it.
For more information, read our complaints about FOI or subject access guide (PDF, 120KB, 5 pages) .
Tell us why you think our decision is wrong and exactly what additional information you would like us to release.