Privacy Notice
1. Introduction
The Spectris Foundation (“us”, “we” or “our”) is a charitable foundation that supports access to quality education in Science, Technology, Engineering and Maths (STEM) through the distribution of grants. We may also support other charitable objectives, as determined by our board of trustees and informed by the interests of employees of Spectris Limited.
This privacy notice sets out how we collect and use personal data when you engage with us. This may include, for example, when you enquire about or apply for funding, receive funding, volunteer with us, work with us or visit our website.
We are committed to protecting the personal data we process and to handling it in accordance with applicable data protection laws. If you have any questions about how we use your personal data, please contact us using the details set out below.
2. Who we are
The Spectris Foundation is a charitable foundation established by Spectris Limited. We operate independently and are responsible for determining how and why personal data is processed in connection with our charitable activities.
For the purposes of UK data protection law, the Spectris Foundation is the data controller of the personal data described in this privacy notice. While the Spectris Foundation is associated with Spectris Limited, we make our own decisions about the processing of personal data for our charitable activities.
3. How we collect your personal data
We collect personal data in a number of ways, including directly from you and, in some cases, from third parties.
Information you provide to us directly
We may collect personal data directly from you when you:
- contact us through our website
- contact us by email (for example via Spectrisfoundation@spectris.com or the email addresses of our staff)
- contact us through social media platforms (such as LinkedIn).
- submit an Expression of Interest, application form or other funding related application.
- provide information about your organisation, project or programme in connection with our charitable activities
Information we receive from others
We may also receive personal data from third parties, including:
- employees of Spectris Limited or affiliated companies, where they introduce or refer organisations or individuals to us;
- publicly available sources, such as websites, social media platforms or media publications
- third party websites or other sources, where this information is used to identify and contact organisations that may be eligible for funding.
4. How we use your personal data
We use personal data to carry out our charitable activities, including managing grant enquiries and applications, administering grants, meeting governance and legal requirements, evaluating the impact of our funding, and communicating about our work. We also process personal data in connection with recruitment, volunteering, and responding to enquiries or complaints.
We only use personal data where we have a lawful basis to do so under UK data protection law, and we limit our use of personal data to what is necessary for each purpose.
| Purpose | What personal data we use | Lawful basis |
| Managing enquiries and grant applications (including invitations to apply) To manage grant enquiries and applications, including outreach to organisations that may be eligible for funding. This includes responding to enquiries and inviting organisations to apply for funding; communicating with you during the application process (including requesting further information); assessing eligibility and suitability; and notifying you of the outcome and providing feedback where appropriate. | Name, job title/role, organisation, email address, telephone number, location (where relevant), and information provided during enquiries or applications | Legitimate interests – to respond to enquiries, identify and engage with organisations that may be eligible for funding, and manage the grant application process. |
| Managing administration and delivery of grants Where funding is awarded, to administer the grant relationship, including managing ongoing communications, providing support, and maintaining relevant records. | Name, job title/role, organisation, contact details, grant-related correspondence and records, and bank or payment details where relevant | Contract – to take steps prior to entering into and to perform grant agreements. Legitimate interests – to administer and manage grants effectively |
| Due diligence, governance and risk management To carry out due diligence, to meet governance requirements, and to protect the Foundation and charitable funds (including preventing and detecting fraud, misuse of money, and other wrongdoing). This may also include record keeping, audit activities, and insurance-related administration. Due diligence mainly involves reviewing organisational information. Where necessary, it may also involve processing personal data about individuals connected to an organisation (such as trustees or key contacts), including names, roles and publicly available information, and in some cases sanctions or watchlist screening. | Contact details; names and roles of trustees or key contacts; publicly available information about individuals connected to an organisation; bank details where relevant; information relating to sanctions or watchlist screening where applicable | Legal obligation – to meet governance, audit and compliance requirements. Legitimate interests – to protect the Foundation and charitable funds and prevent fraud or misuse |
| Monitoring, evaluation and impact reporting To understand how funding is used and whether it is being applied in line with the grant agreement, to review delivery of funded activities, to evaluate outcomes and impact, and to improve our future grant-making and programmes. Monitoring and evaluation is carried out through information and reports provided by grantees, as well as meetings, phone calls and (where appropriate) project visits. | Contact details; information included in reports or updates provided by grantees; photographs or video footage included in monitoring materials where relevant | Legitimate interests – to ensure funds are used as agreed, evaluate impact and improve future grant-making. Consent – where specific permission is required |
| Communications, publicity and promoting funded work To communicate about the Foundation and our work, and (where appropriate) to create and share stories, case studies, articles, photographs or video footage that showcase funded activities and promote the Foundation internally (via email, intranet and physical office displays) and externally (for example on our website, newsletters and social media). | Name, job title/role, organisation, location (where relevant), quotes, stories, photographs and video footage identifying individuals | Consent – particularly for use of photographs, video footage, quotes or personal stories, and for promotional communications |
| Enquiries, complaints and dispute resolution To respond to enquiries or complaints, and where necessary manage disputes and related correspondence. | Name, contact details, organisation, content of enquiries or complaints, and related correspondence | Legitimate interests – to respond to and resolve issues. Legal obligation – where required |
| Recruitment of staff To manage recruitment and selection, including receiving and reviewing applications, assessing suitability for roles, shortlisting candidates, arranging and conducting interviews, verifying relevant information (such as qualifications and experience), and communicating with candidates about the recruitment process and outcome. | Name, contact details, employment and education history, qualifications, application materials and recruitment correspondence | Legitimate interests – to recruit suitable staff. Contract – to take steps prior to entering into an employment or consultancy contract. Legal obligation – where applicable |
| Volunteer management To manage volunteering relationships, including receiving and processing expressions of interest in volunteering, confirming suitability where relevant, allocating and coordinating volunteer activities, communicating with volunteers about tasks and participation, and maintaining appropriate records to support effective administration and oversight and protect Foundation operations. | Name, contact details, information provided in expressions of interest, and records relating to volunteering activities | Legitimate interests – to manage volunteering relationships, coordinate activities and protect Foundation operations |
5. Who we share personal data with/processing by third parties
We may share your personal data with third parties where necessary to support our charitable activities, comply with legal obligations, or protect the Foundation and its operations. Where we do so, we only share personal data that is necessary for the relevant purpose.
Service providers and advisers
We may share personal data with trusted third parties who provide services to the Foundation, including:
- service providers who assist us in delivering our activities, such as volunteers from Spectris Limited and systems used to support our operations (for example grant-management, finance and administration systems including Blackbaud Grantmaking, Xero, and Certify);
- IT and administration service providers;
- our professional advisers, including lawyers, auditors and insurers.
The Spectris Foundation receives registrations and grant applications directly and via online forms built using software provided by Blackbaud Grantmaking. Personal data submitted through these forms is stored within the Blackbaud Grantmaking system.
Public authorities
We may disclose personal data to public bodies, including regulatory or supervisory authorities, where we are required or permitted to do so by law (for example the Information Commissioner’s Office).
Processing carried out independently by third parties
In some cases, volunteers supporting STEM projects may be subject to background checks carried out by the relevant charity or project partner. Any such processing of personal data is subject to that charity or project partner’s privacy notice and the Foundation does not determine the purposes or means of that processing.
Data protection obligations
We require all third parties with whom we share personal data to respect its security and to process it in accordance with applicable data protection laws. Where third parties process personal data on our behalf, this is governed by appropriate contractual arrangements.
6. Transfers of personal data outside the UK
In limited circumstances, your personal data may be transferred outside the United Kingdom. Where this happens, we ensure that appropriate safeguards are in place to protect your personal data in accordance with UK data protection law.
We will only transfer personal data outside the UK where one of the following applies:
- the UK government has determined that the country or territory provides an adequate level of protection for personal data (an “adequacy decision”);
- we have put in place appropriate safeguards, such as standard contractual clauses approved for use under UK data protection law, which require the recipient to protect personal data to UK standards; or
- an alternative legal basis applies under data protection law, for example where the transfer is necessary in connection with legal claims or to protect our legal rights.
7. Data security
We have put in place appropriate technical and organisational measures to protect personal data against accidental or unlawful loss, destruction, alteration, unauthorised disclosure or access. These measures include, where appropriate, access controls, secure systems, and other safeguards designed to protect personal data. We regularly review our security practices and take reasonable steps to ensure that personal data is handled securely.
8. Retaining your personal data
We will only retain personal data for as long as necessary for the purposes for which it was collected, including to meet our operational, legal, accounting and reporting requirements.
In most cases, personal data relating to grant enquiries, applications, funded projects and related governance activities is retained for up to seven (7) years after the end of the relevant grant relationship or, where no grant is awarded, seven (7) years after our last meaningful contact with you or your organisation.
We apply shorter retention periods where appropriate, for example, recruitment information relating to unsuccessful candidates is typically retained for a limited period following the end of the recruitment process.
We may retain personal data for longer than the periods described above where necessary:
- to establish, exercise or defend legal claims;
- to comply with legal, regulatory or governance requirements; or
- to retain records required for audit, accountability or oversight purposes.
9. Your data protection rights
You have a number of rights under data protection laws in relation to the personal data we hold about you. These rights are not absolute and may apply only in certain circumstances. Your rights include:
- The right of access – to request a copy of the personal data we hold about you.
- The right to rectification – to ask us to correct personal data that you believe is inaccurate or incomplete.
- The right to erasure – To ask us to delete your personal data where there is no lawful reason for us to continue to use it.
- The right to object to processing – to object to our processing of your personal data where we rely on legitimate interests as our lawful basis.
- The right to restrict processing – to ask us to limit how we use your personal data in certain circumstances.
- The right to data portability – to request that certain personal data is provided to you, or to a third party you nominate, in a commonly used electronic format.
- The right to withdraw consent – where we rely on your consent to process personal data, you may withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdrew your consent.
To exercise any of your rights in relation to the Spectris Foundation please contact us at spectrisfoundation@spectris.com. We may need to verify your identity before responding to your request.
10. Complaints
If you have any complaints about how we handle your personal data, please contact us by email at spectrisfoundation@spectris.com and we will do our best to resolve the issue.
You also have the right to lodge a complaint with a data protection supervisory authority. The Information Commissioner’s Office (“ICO”) is the UK supervisory authority for data protection matters:
Website: https://ico.org.uk/
Telephone: 0303 123 1113 or 01625 545 745
Address: Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
If you are located outside the UK, you may also have the right to lodge a complaint with the data protection supervisory authority in your country of residence or where the alleged infringement occurred.
11. Updates to this privacy notice
We may update this privacy notice from time to time to reflect changes in our practices or applicable data protection laws. The most recent version will always be available on our website.