Charity trustee dispensation privacy notice
Published 8 November 2018
© Crown copyright 2018
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/charity-trustee-dispensation-privacy-notice/charity-trustee-dispensation-privacy-notice
This privacy notice explains how the Charity Commission processes personal data when a trustee applies for dispensation, so their legal names are not displayed on the public charity register.
This notice is supplemented by our main privacy notice, our Personal information charter, which provides further information on how the Charity Commission processes personal data, and sets out your rights in respect of that personal data.
It is drafted to be as easy to read as possible and does not provide exhaustive detail of every aspect of how we collect or use personal data. If you need further information, please contact our Data Protection Officer.
What personal data does the Commission collect?
To process the application, we need the following data:
- the name of the trustee(s) applying for a dispensation
- the email address of the trustee(s) applying so that we can contact them
- the name and registered number of the charity or charities the request relates to
- reason(s) why publishing the trustee’s name could put people in danger
- any further information or evidence to support the application
When you email us, we may also collect technical and meta-data (such as your mail server) which is included within the email.
If the dispensation is granted, we will also collect the following information for each trustee:
- date of birth
- full postal address
- phone number
Why is the Commission asking for the information? What happens if it is not provided?
We need this information so that we can verify the source of the application and make a fair and reasonable decision on whether to grant a dispensation.
We also need the information so that if we decide to grant the dispensation, we can register the individual(s) as a trustee in our database of charities and ensure that their details are not published on the public charity register.
If you do not provide the required information, we won’t be able to process the application. If the information you provide is insufficiently detailed, or if you don’t respond to a request for further information, then this may mean we are unable to grant a dispensation.
How will the Commission process this personal data?
Information will be transferred from the email application into our internal case management system. The information will then be reviewed and used to decide on the application in accordance with our online guidance and charity law. It will then be held securely for routine internal access.
If a dispensation is granted:
- the trustee’s name will be added to the Commission’s database for charities, but it won’t be published externally on the public charity register
- the trustee’s name, role and date of appointment will be accessible by anyone with access to the charity’s ‘Update Charity Details’ service
- the trustee’s name, role, date of appointment, date of birth, email address, address and telephone number will be viewable and editable by the charity’s registered contact and My Charity Commission Account super administrator (if appointed). However, it is worth noting that if the trustee has a Charity Commission Account, they can block the charity contact and super administrator from viewing (and editing) their personal data
- all Commission staff will be able to see the trustee’s name and role; however only staff with the relevant authority will be able to see the trustee’s other personal details.
If a dispensation is not granted, the trustee’s data will be processed as described in the following privacy notices:
We use data processors who are third parties who provide technology and data services to us. Although your personal data may be transferred to these third parties, we have contracts in place with our data processors which mean that they can’t do anything with your personal information unless instructed by us.
How long will the Commission hold my personal data for?
We routinely delete personal data seven years after the conclusion of an application. However, it may be necessary to retain personal data for longer, for example if the dispensation is continuing or if we are investigating a charity at the end of the seven-year period.
Will the Commission share my information?
We won’t routinely share information provided in an application form, although we may do so:
- where it is necessary to share the information to further our statutory objectives or functions
- with other government departments, public authorities, law enforcement agencies and regulators
- in response to requests for information, for example pursuant to the Freedom of Information Act, the Environmental Information Regulations, or our common law powers of disclosure
- with third party processors and service providers
- to a court, tribunal, party or prospective party where the disclosure is necessary in order to exercise, establish or defend a legal claim
- where we are ordered to by a court or tribunal or where we are otherwise required to do by law
You can find out more information about data sharing and further processing our Personal information charter.
The legal basis for processing your personal data
The table below sets out the primary legal bases we rely on for processing data we obtain through applications for trustee dispensation. However, we may process your data further for compatible purposes and/or on other legal bases, further information is available in our Personal information charter.
The table sets out the legal basis on which we process this information.
Legal basis for processing
| Personal data (Article 6(1) UK GDPR) | Sensitive personal data / criminal conviction data |
|---|---|
| (c) processing is necessary for compliance with a legal obligation to which the controller is subject (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; |
Article 9(2) UK GDPR (g) Processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject Conditions under Part 2 of Schedule 1 of the Data Protection Act 2018: Statutory etc and government purposes; Protecting the public against dishonesty etc; Regulatory requirements relating to unlawful acts and dishonesty etc. |
Your rights
You have a number of rights under the General Data Protection Regulation (UK GDPR), including the right to access your data and the right to restrict or object to further processing and the right to complain to the Information Commissioner’s Office. You can find out more about your rights as a data subject, and details of how to contact our Data Protection Officer and the Information Commissioner’s Office (ICO), in our main privacy notice.