abrdn Financial Fairness Trust is committed to protecting your personal information
abrdn Financial Fairness Trust (“the Trust”) was originally incorporated in the name of Standard Life Charitable Trust and then Standard Life Foundation, and is registered as a charity with the Office of the Scottish Charity Regulator ("OSCR”) under charity number SC040877. It is part of the abrdn plc group, one of the world’s largest investment companies. The Trust funds research, policy and campaigning on issues surrounding financial well-being in the UK.
This Privacy Notice describes how your personal data will be collected and used when you make contact with us, apply for or receive funding from us.
We are committed to safeguarding any personal information shared with us. We take privacy seriously and you can be assured that we will only ever collect and use your personal information where it is necessary, fair and lawful to do so, in line with the privacy and data protection laws applicable to our work.
This Privacy Notice contains important information about what personal details we collect; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal information you have given us.
We keep our Privacy Notice under regular review. This version was last updated on 21st September 2023. We may need to make changes to this Privacy Notice so please check our website for updates from time to time. If there are important changes, such as changes to where your personal information will be processed, we will contact you to let you know.
HOW TO CONTACT US
If you have any questions about this Privacy Notice or the personal information we collect and use about you through the Trust’s work, please contact us: FAO Data Protection Officer, abrdn Financial Fairness Trust, 1 George Street, Edinburgh, EH2 2LL. Email: email@example.com
Information we collect and use
- Information you provide about yourself when you complete a grant application, complete paperwork when receiving a grant or sign up to our newsletter e.g. your name, job title and contact details
- Information connected to your relationship with us e.g. your organisation’s bank account details
- Information about your contact with us e.g. meetings, phone calls, emails / letters
- Information that is automatically collected via cookies when you visit our website
se.g your activity on our website, for full details please see our Cookies Policy
- Information classified as special category [‘sensitive’ personal information] e.g. relating to your ethnicity or gender. This information will only be collected and used where it’s required to monitor and evaluate diversity, inclusion and equality, or to comply with our legal obligations, and where we have also obtained your explicit consent to process this information
Where we collect your information
We will collect your personal information directly from you, and from a variety of sources, including:
- An application form for funding from us
- Phone conversations with us
- Emails or letters you send to us
- Meetings with us
- Registering for one of our or funded partner events
- Our online services such as websites, and through our social media (if you engage with us)
- Where you have consented to one of our funded partners has sharing your details with us
We may also collect personal information about you from places such as business directories and other commercially or publicly available sources e.g. to check or improve the information we hold (like your job title) or to obtain updated contact information if we are unable to contact you directly.
Why we collect and use your information
We take your privacy seriously and we will only ever collect and use information which is personal to you where it is necessary, fair and lawful to do so. We will collect and use your information only if we are able to satisfy one of the lawful processing conditions set out in the data protection laws. This will be the case where:
- It’s necessary to process your funding application or provide the funding your organisation has requested from us e.g. when you, or the organisation you represent, receive funding from us, we will require some personal information from you which may include your name, job title, phone number and your organisation’s bank account details, annual accounts and address
- It’s necessary for us to manage our funding relationships including monitoring grant progress through reports and visits
- It’s necessary for us to undertake due diligence to investigate and prevent fraud
- You have given us your permission [consent] to use your information e.g. you have signed up to receive our e-newsletter or to attend one of our events
- It’s in our legitimate interests to process your information to better understand you and your needs so we can:
- Send you postal communications from time to time to thank you for your support
- Deliver appropriate information and guidance to assist you in applying for funding from us
- Conduct research and collate management information to understand how funding applicants and recipients have interacted with us and how we can make improvements or changes based on our analysis of preferences and needs. This may also include analysing complaints for the purposes of improving our work and processes
- Show you targeted content related to our work through social media channels
- Keep you up to date with our funded activities
Where the processing is in our legitimate interests, we will always conduct an assessment to ensure that this use of your personal information is not excessive or unnecessary or otherwise more intrusive than it needs to be. If you wish to object to this processing, please contact us (see Contact Us section).
If you do not wish us to collect and use your personal information in these ways, please let us know.
Who we share your information with and why
We will be required to share your information with selected 3rd parties and other subsidiaries of abrdn plc for the reasons outlined in ‘Why we collect and use your information’.
We will share your information with:
- Other subsidiaries of abrdn plc who provide support to us work, or the organisation you represent e.g. processing invoices for payment
- Various technology companies, software suppliers, or companies who can help us in our contact with you, for examples database management software, e-newsletter provider, research, consultancy or internet service provider
- Third parties we have chosen to support us in the delivery of our work. For example, research, consultancy, or technology companies
- Our regulators; including the Office of the Scottish Charity Regular (OSCR) and the Information Commissioner’s Office for the UK (ICO)
- Law enforcement and other appointed agencies (e.g. HM Revenue & Customers, ‘HMRC’) where they request the information for the purposes of prevention and detection of crime, fraud investigation purposes, tax relief or reporting (e.g. where we make a payment to your organisation)
- Social media companies such as Meta, Twitter/X or LinkedIn, so that they can display messages to you and others about our work
- Third parties, where relevant, for the purposes of responding to complaints
Please note that where we share your personal data with our selected third parties, they may require to retain some data in line with their own legal or regulatory obligations e.g. our auditors.
Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
Where your information is processed
The majority of your information is processed in the UK or European Economic Area (EEA).
However, some of your information may be processed by abrdn plc, or the third parties we work with, in locations outside of the UK or the EEA, including the countries such as the United States and India.
Where your information is being processed outside of the UK or the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK or EEA Data Protection Laws e.g. we will put in place legal agreements with third parties and abrdn affiliates with ongoing oversight to ensure they meet these obligations.
How we protect your information
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information whether it is being processed by us or a third party acting on our behalf.
Our colleagues also protect sensitive or confidential information when storing or transmitting information electronically and must undertake annual training on this.
We also use internal and external audit and specialist third party consultants to conduct regular, independent assurance and benchmarking exercises across our business to ascertain the effectiveness of our security control environment and our security strategy.
How long we keep your information
To fulfil the Trust’s work, and to meet our legal and regulatory obligations, we will keep your personal information and copies of records we create (e.g. calls with us, copies of application forms) while you have a relationship with the Trust.
Even when you no longer have a relationship with us, we are required to keep information for different legal and regulatory reasons. The length of time will vary and we regularly review our retention periods to make sure they comply with all laws and regulations.
Your individual rights and how to exercise them
You have a number of rights under data protection laws which may be exercised in certain circumstances.
Right to be informed
You have a right to receive clear and easy to understand information on what personal information we hold, why, and who we share it with – we do this in our Privacy Notice on our website
Right of access
You have a right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request (‘DSAR’) by contacting the Data Protection Officer for abrdn Financial Fairness Trust [see Contact Us section].
Right to request that your personal information be rectified
If your personal information is inaccurate or incomplete, you can request that it is corrected.
Right to request erasure of your personal information
You can ask for your information to be deleted or removed if there is not a compelling reason for the Trust to continue to have it.
Right to restrict processing of your personal information
You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.
Right to data portability
You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way.
Right to object to processing of your personal information
You can object to us processing your personal information where: it is based on our legitimate interests; for direct marketing (including profiling); and if we were using it for scientific/historical research and statistics.
Right to not be subject to automated decision making including profiling
You have the right to ask us to:
- Give you information about its processing of your personal information
- Request human intervention or challenge a decision where processing is done solely by automated processes
- Carry out regular checks to make sure that our automated decision making and profiling processes are working as they should.
If you would like to exercise any of these rights please contact the Data Protection Officer [see the How to Contact us section].
How to make a complaint
We will always strive to collect, use and safeguard your personal information in line with data protection laws. If you do not believe we have handled your information as set out in our Privacy Notice, please let us know immediately and we will do our utmost to make things right.
While we hope that we can resolve any complaints for you, you do have the option complain to your local data protection authority. This is available to you whether or not you have exhausted our complaints procedure.
The UK data protection authority’s details are:
The Information Commissioner’s Office
Phone helpline (UK): 0303 123 1113
Phone helpline (outside UK): +44 1625 545 700
For any other regional details, please contact the Data Protection Officer.