My personal data is data which by itself or with other data available to you can be used to identify me. You are Santander UK Foundation Limited registered with the Charity Commission for England and Wales (charity number 803655) and registered company number 2509711. Santander UK Foundation Limited is the data controller and is part of the Santander Group. This data protection statement sets out how you’ll use my personal data. I can contact your Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if I have any questions.
Where there are two or more people named on this form, this data protection statement applies to each person separately.
The types of personal data you collect and use
Whether or not my application for a grant is successful, you’ll use my personal data for the reasons set out below. You’ll collect most of this directly during the application journey. The sources of personal data collected indirectly are mentioned in this statement. The personal data you use may include:
Providing my personal data
You’ll tell me if providing some personal data is optional, including if you ask for my consent to process it. In all other cases I must provide my personal data so you can process my grant application.
Monitoring of communications
Subject to applicable laws, you’ll monitor and record my calls, emails, text messages, social media messages and other communications in relation to my dealings with you. You’ll do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of your communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when you need to see a record of what’s been said.
Using my personal data: the legal basis and purposes
You’ll process my personal data:
I’m free at any time to change my mind and withdraw my consent. The consequence might be that you can’t do certain things for me.
Sharing of my personal data
Subject to applicable data protection law you may share my personal data with:
My personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an ‘international framework’ of protection. Further details can be found in the ‘Using My Personal Data’ booklet.
Criteria used to determine retention periods (whether or not I am awarded a grant)
The following criteria are used to determine data retention periods for my personal data:
My rights under applicable data protection law
My rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from May 2018):
I have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.
For more details on all the above I can contact your DPO or request the ‘Using My Personal Data’ booklet by asking for a copy in branch or online at santander.co.uk.
Data anonymisation and aggregation
My personal data may be converted into statistical or aggregated data which can’t be used to identify me, then used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described above.
For more information on the Santander group companies, please see the ‘Using My Personal Data’ booklet available from any Santander branch.