What is it?
GDPR is a law that ensures organisations do not misuse information held about individuals and ensures that individuals (you) have control over any data these organisations hold. To comply with this, we require your consent to hold and use personal data supplied by you – in the assessment of your application and grant (should an award be made).
Any personal data we hold about you will never be shared outside of the charity.

Where is it stored?
We receive grant applications via online forms built using software called Benefactor owned by Gallery Partnership Limited. Benefactor is hosted by Gallery Partnership on cloud-based Microsoft Azure servers. All personal data is securely stored on Benefactor, and Gallery Partnership gives its assurance that it will never view, access, sell, or distribute personal data held on Benefactor to a third party, unless it is required to do so by law.

How will we use your information?
We will use the personal information we collect for the purpose stated when collected or as set out in this policy. We will not use your personal information for any other purpose without first seeking your consent, unless we are required to do so by law. Generally, we will only use your personal information as follows:
• To contact you in relation to your grant application, including the monitoring of a grant
• Occasionally to share information from your application with another funder if you are also being supported by that other funder, or another funder is listed as a potential funder. This will not include your personal information.
• Your personal information will be held only for as long as it is required for our grant-making processes. This is typically for two years after the decision to fund or not fund is made.