Privacy Policy2018-07-09T13:33:20+00:00


How we manage your personal data


Lady Elizabeth Hastings Charity Trustee Limited (Charity Number 224098) (“LEH”) is committed to protecting and respecting the privacy of everyone with whom they have contact. This Policy outlines when and why personal information is collected, how it is used, the conditions under which it may be disclosed to others and other relevant information. The policy relates to all data collected by us and is in compliance with current UK and EU legislative obligations.
For these purposes we are a “data controller” as defined in UK legislation which means that we are responsible for deciding how we hold and use your personal information.

The notice applies to everyone who has contact with us, including prospective applicants, business contacts, suppliers as well as individuals who request information from us.

Any questions regarding this Policy and our privacy practices should be sent by email to or by post to the address below.

The Clerk
Lady Elizabeth Hastings Charities
82 Micklegate


Personal data

Personal data, or personal information, means any information about an individual from which that person can be identified.

Typically we hold name, business name (where applicable) address, telephone numbers and email addresses. We may also hold personal background information provided by you and bank details where appropriate. In certain cases we may also retain sensitive personal data, as defined in legislation, such as medical information provided by you in support of an application. We may also hold basic personal information relating to children under the age of 13.

Lawful basis for using personal information

We will only use your personal information in line with current legislative guidelines. We will usually use your personal data to perform the contract we have entered into with you; for these purposes applications for funding are regarded as a contract.

We do not use automatic decision making and the personal data we hold is only used for the purposes for which it is collected or where we need to comply with a legal obligation. In all other cases we will ask your consent before using your data.

If you do not believe our basis for processing your personal data is lawful you may challenge how we are using your details.

Third Parties

We will not sell or otherwise share your personal information to third parties. We may however share your information with third party service providers, including Carter Jonas LLP, engaged to assist us in completing tasks, fulfilling contractual obligations and providing services on our behalf. In all cases we will only share the personal information that is necessary to deliver the service.

For these purposes such organisations are treated as “data processors” as defined within the legislation. All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. Third party providers may not use your personal information for their own purposes unless you give your consent otherwise they are only permitted to process your personal information for specified purposes and in accordance with our instructions.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Where a minimum retention period is required by law (such as retaining records for HMRC purposes) we will comply with that minimum period plus up to 12 months to allow time for us to anonymise or delete information in accordance with our internal data management processes.

Managing your data

The accuracy of personal information held is important. Please keep us informed if your personal information changes. You can ask for your details to be amended at any time if you believe them to be incorrect.

You also have the right to know what information is held about you and how it is stored and used. This is known as a data subject access request. Such requests must be made in writing and we then have 30 days to respond to you.

You have the right to request that we delete your details which we will do to the extent that we able subject to any contractual or legal obligations.

Should you wish to exercise these rights, please contact the Clerk to LEH using the contact details above.


We take data security seriously and make every effort to protect all personal data from
loss, misuse or unauthorised access or disclosure. Our computer systems and those of our third party processors are password protected and we aim to ensure that all parties employ security best practice regarding website hosting, security of physical devices and data storage.

Data Breach

A data breach is where there is unauthorised access or inappropriate disclosure of personal information. Should you become aware of, or suspect there has been, a data breach we would ask that you contact us immediately. Where appropriate, we will promptly notify any impacted parties should any unauthorised access to their personal information have occurred.


Should you be unhappy with the way we have handled your personal data please contact the Clerk at the address above.

You also have the right to raise a concern with the Information Commissioner’s Office (ICO) if you are not satisfied with our response to your complaint or you do not believe we are processing your information lawfully. Details of the ICO can be found at