PRS Foundation (The Performing Right Society Foundation, UK registered charity number 1080837) takes your privacy very seriously. This notice explains how we hold and use personal information and your rights and options in relation to it.
Please note that we have an additional privacy notice that applies if you apply for and/or receive a grant from us. You can access the Grantholder Privacy Notice here
PRS Foundation supports a wide variety of people; people who receive grants or advice and information from us, partners (organisations and individuals); supporters, and volunteers. To provide products, services, information and opportunities tailored to each person or organisation, PRS Foundation processes information about them (personal data). This helps to ensure that they are getting the best service possible from PRS Foundation. This also helps us, where appropriate, to ask for your support with the things we believe you care about the most.
- Changes to this Privacy Notice
This Privacy Notice may change from time to time so it’s a good idea to come back and read through it again regularly. Where necessary, for example if there are significant changes, we may also notify you of the changes to this Privacy Notice by email where possible.
This Privacy Notice was last updated in May 2018
- Data Controller
A Data Controller is a person or organisation who decides why and how information about you (personal data) will be stored, shared and used.
For data collected, stored and processed by PRS Foundation, and for the purposes of the European General Data Protection Regulation (2016/679) of the European Parliament (2018), the data controller is PRS Foundation of 2 Pancras Square, London N1C 4AG. Our Registration Number in the Data Protection Public Register is Z4662435.
- Third party websites
PRS Foundation is not responsible for the content and practices of third party websites where we have links from the PRS Foundation website. This Privacy Notice does not cover those websites and we are not responsible for their privacy practices or content. They will have their own privacy policies and we urge you to review them if you choose to follow those hyperlinks. Links to other websites are often provided solely as reference points to information on topics that may be useful to our users.
- How we collect personal information
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect personal information in the following ways:
Directly from you, for example, by filling in forms on our website e.g. when you sign up on Mailchimp to receive PRS Foundation’s newsletters, or offline (including taking part in our events), or communicating with us by phone, email or letter or when you meet with us.
Indirectly, via third parties, for example, information we receive from beneficiaries via the organisations we support. Sometimes they may ask for your consent to share this personal information with us, such as where we would like to include your personal information (including photographs) in case studies to publish on our websites or offline.
We may also receive information from analytics providers (such as Google), and contact, financial and transaction information from technical, payment and delivery services.
Depending on your settings and the relevant policies and terms of service, you might give us permission to access information about you from social media such as Facebook, Twitter and Instagram.
If we have not done so already, we will notify you when we receive personal information about you from other sources and tell you how and why we intend to use that personal information.
When you visit our websites, we automatically collect some technical information from your computer or mobile device such as IP address, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms, and information about your visit to the website and your use of it.
We also collect cookies, see item 6 below for more information.
- What personal data is collected and stored by PRS Foundation
We collect, store and use the following kinds of personal information:
- Identity data such as your name, username (and other profile data such as your password, preferences, social media profiles, feedback and survey responses)
- Photographs, video and/ or audio recordings
- Contact data such as your address, email and telephone numbers
- Financial data such as bank account and payment details, and Gift Aid information
- Transaction data, including details of payments and donations
- Technical data such as your IP address when you browse our websites
- Communication preferences
- Any other information you provide us as above (“3 How we collect and process personal information”).
- Visitors to PRS Foundation website
When someone visits www.prsfoundation.com we use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the website. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect information which can identify you through our website, we tell you about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
- How and why PRS Foundation will use personal information?
We will use your personal information for purposes specified in this Notice. This includes:
- for “service administration purposes”, which means that PRS Foundation may contact you for reasons related to the service you have signed up for (e.g. to provide you with password reminders or to notify you that a particular service has been suspended for maintenance)
- to provide you with information or support
- to administer grants (as further explained in our Grantholder Privacy Notice)
- to contact you about a submission you have made to the websites, including any content you provide
- to personalise the way PRS Foundation content is presented to you
- IP addresses are used to identify the location of users, the number of visits from different countries and also to block disruptive use, to help us improve the usability of the site and the relevance of the content on the site; and
- to analyse and improve the services offered on PRS Foundation websites e.g. to provide you with the most user-friendly navigation experience, and to administer our websites.
- to enable us to review, develop and improve the products, services and special offers online
- to occasionally carry out market research
- to send you details of PRS Foundation’s work, activities, promotions, products, services, special offers and rewards that we think will be of interest to you via our newsletter to which you have signed up via Mailchimp or if you consented to receive our newsletter at application stage. It’s up to you to decide whether or not you want to receive this information.
- to process donations
- to communicate with you in general and to manage relationships with our supporters and stakeholders
- to audit and administer our accounts
- to satisfy legal and regulatory obligations, and for the prevention of fraud or misuse of services
- for the establishment, defence and/ or enforcement of legal claims.
Where PRS Foundation proposes using your personal information for any other uses we will ensure that we notify you first. You will also be given the opportunity to withhold or withdraw your consent for your use other than as listed above.
- When and how will PRS Foundation contact me?
PRS Foundation may contact you for a number of different purposes using the contact details you have provided. The basis on which we do so differs depending on the purpose of the communication, and specifically whether it is a marketing communication or not.
a. Marketing communications
We may use your contact details to provide you with information about our work and campaigns which we consider may be of interest to you. Where we do so by email, we will obtain your consent to do so (which can be withdrawn) for example, if you sign up to receive newsletters from our website. Where we do so by post, we are doing so on the basis of our legitimate interests, unless you opt-out.
- Generally, we send the following types of marketing communications:
- Updates about our work or the work of partner organisations and projects that we support
- Information about events. Note that if you sign up to an event we will then send you administrative communications about the event. On occasion we may also send you a reminder about the same event in future years in case you want to participate in it again
You control how we use your personal information for these purposes and can update your preferences at any time – please contact us at firstname.lastname@example.org if you would like to do so.
If you opt out of these communications, we may retain some appropriate information to enable us to comply with the request not to be contacted in the future.
b. Administrative and other communications
We will communicate with you using the contact details you have provided for essential administrative and other non-marketing purposes, such as to respond to queries, administer a donation or provide you with services or information you have requested, contact you about an event you are attending, for research purposes or to survey you about PRS Foundation’s services (participation is always voluntary).
Note that we may still need to communicate with you for these purposes even where you have opted-out of receiving marketing communications from us.
- Who PRS Foundation shares personal data with
Generally, we will only use your personal information within
PRS Foundation and share with third parties to the extent required to achieve the purposes set out in this Privacy Notice. We require these third parties to respect and safeguard your personal information.
Third parties with whom we share the data so that they may process it on our behalf, and act only in accordance with our instructions may include:
- suppliers and sub-contractors for the performance of any contract we have with them – for example for IT services such as website hosting
- advisers who help the grant selection process
- insurers and professional service providers such as accountants and lawyers
- financial companies that collect or process donations on our behalf, and external fundraising platforms
We also reserve the right to disclose your information to third parties for their own purposes in some cases. For example:
- funding partners including public funders and private sponsors, for the purpose of selecting and supporting grantees
- if we sell or buy all or part of a business, in which case we may disclose it to the potential seller or buyer
- if we are under a legal or regulatory duty to do so
- to protect the rights, property and/ or safety of the charity, its personnel, supporters, users or others (including you)
- regulatory authorities, such as HMRC.
- Protecting your personal information
We take appropriate and proportionate measures to keep your personal information secure and to prevent the loss, destruction or misuse of it. For example, information is stored on a secure server and can only be accessed by authorised personnel.
Please note that the transmission of information via the internet is never completely secure, and although we do our best to protect it, we cannot guarantee the security of personal information transmitted over the internet.
The personal information we collect is stored at a destination within the UK or European Union.
- How long personal information is kept by PRS Foundation
PRS Foundation will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements. This length of time may vary depending on these purposes. For example
- If the data is necessary for the performance of a contract, we will retain it while performance under that contract remains active, and for a period thereafter in which that data may still be relevant to dispute resolution, enforcement of rights under the contract, accountancy purposes or where additional connected contracts are likely to arise.
- In certain cases we may be legally obliged to hold data for a certain period of time, or to delete the data at a certain time, including in accordance with the exercise of your rights as data subject as explained in this Notice.
If you would like further information, please contact us (see details below).
In some circumstances we may anonymise your personal data (so it can no longer be associated with you) for research or statistical purposes in which
case we may use this information indefinitely without further notice to you.
- Our legal basis for collecting and using personal information
The law on data protection sets out several different reasons for which a company may collect and process personal data. The following are relevant to the purposes set out above:
In specific situations, we can collect and process your data with your consent, for example to receive marketing emails and text messages. This consent can be withdrawn
b. Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations for example, for a research company to evaluate one of the Foundation’s programmes managed and funded by the Foundation with additional funding from public funding bodies.
c. Legal compliance
If the law requires us to, we may need to collect and process your data for example, to share your personal information with HMRC to process Gift Aid.
In certain circumstances we may need your personal data where it is in your / somebody else’s vital interests for example, in the case of a medical emergency suffered at an event
d. Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably expected as part of running our business and which does not materially impact your rights, freedom or interests.
Where we rely on legitimate interests, depending on the activity those might be PRS Foundation’s interests or those of a partner organisation. These legitimate interests, ultimately, are in the running of a commercial entity in pursuit of our charitable objectives, and include the following:
- Charity governance, including delivery of our purposes, statutory and financial reporting and other regulatory compliance
- Administration and operational management, including responding to solicited enquiries, providing information, research, donor due diligence, events management, the administration of our projects and employment and recruitment requirements
- Fundraising, marketing and campaigning, including administering campaigns and donations.
- Providing our services, and this can include your interests, such as when you have requested information or services from us, or the interests of beneficiaries.
We will not use your personal data for direct marketing purposes unless you have provided your consent to us, or to a third party via which we have received the data. You have the right to ask us not to process your personal data for these purposes.
- Your privacy rights
The GDPR provides you with rights to:
- request from us confirmation of whether or not your personal data is being processed and where that is the case, confirmation of the information set out in this Notice;
- request from us a copy of your data that is undergoing processing, including, in relation to data provided to us by you, and which is processed by automatic means pursuant to a contract with you, or pursuant to your consent, a right to request that data in a structured, commonly used and machine readable format;
- request that we rectify or complete your personal data, where it is inaccurate or incomplete for the purposes of our processing of the data;
- request that we erase your personal data in the following circumstances:
- the personal data is no longer necessary in relation to the purposes for which it is processed;
- you withdraw consent and there is no other legal ground for the processing;
- you successfully object to the processing pursuant to your right of objection explained below;
- the personal data has been unlawfully processed;
- the erasure is necessary for compliance with a relevant legal obligation that applies to us;
- request that we restrict the processing of your personal data in the following circumstances:
- you contest the accuracy of the personal data, for a period enabling us to verify the same;
- the processing is unlawful, but you request restriction rather than erasure;
- we no longer need the data, but it is required by you in respect of legal claims;
- you have objected to the processing, until such that that we verify that there are legitimate purposes that justify such processing;
- object to any processing that is based on our, or a third party’s legitimate interests, upon which event we shall suspend processing until we demonstrate legitimate purposes that justify that processing. We may at all times continue to use data for the purpose of establishment, exercise or defence of legal claims;
- withdraw your consent for future processing (where the processing is based on that consent);
- lodge a complaint with the Information Commissioner’s Office, which is the data protection supervisory authority in the UK.
We will comply with any valid request for information under the rights explained above within one month, though we may tell you that this period is to be extended by a further two months where necessary, taking into
account the complexity and number of the requests. This will normally be provided free of charge. If the request is manifestly unfounded, excessive or repetitive we may charge a reasonable fee or refuse to action the request.
The provision of personal data to us is not a statutory requirement. The provision of data may be a condition of entering into a contract with us, and in such cases we will let you know. We cannot carry out our obligations under our contracts with clients without the necessary data.
If you have any questions which you feel have not been covered by this Privacy Notice, please do not hesitate to email us or write to:
Senior Manager, Operations
2 Pancras Square
London N1C 4AG
If you are unhappy with the way in which PRS Foundation uses and processes your personal data, you can complain to the Information Commissioners Office (the supervisory authority that enforces data protection regulations in the UK).
The ICO can be contacted on 0303 123 1113 or refer their website at https://ico.org.uk.