Development Partners Privacy Policy

Development Partners

Privacy Notice 2024

This Privacy Notice tells you what to expect when Development Partners collects your personal information. It serves as a description of our data protection policy, setting out why and how we process personal information, in order to comply with data protection legislation. We may change this policy from time to time in line with changing legislation. This policy is also reviewed annually and was last updated in January 2024. 

Our contact details:

·  Development Partners UK Ltd
Park Farm Technology Centre
Kirtlington
Oxfordshire
OX5 3JQ

·  www.development-partners.co.uk

·  07778 423294

·  Main point of contact for data protection matters is Judy Niner, Managing Director, judy.niner@development-partners.co.uk

We are registered as a data controller under the Data Protection Act 1998, and our Data Protection Register number is: Z8078572

What type of information we have 

We may collect and process the following personal information:

·  Name, job title, and the name of the organisation you work for.

·  Contact information including your email address, phone numbers, organisation address, in some cases your home address (if you have shared it with us). 

·  Publically available information about your current interests, activities, your personal and professional networks.

How we get the information, why we have it, and what we do with it

Most of the personal information we process is provided to us directly by you for one of the following reasons set out below. We do not disclose personal data to any third parties or external organisations other than data controllers we are sub-contracted to (i.e. our clients who have asked us to carry out research into individual prospects and donors, grant-making trusts and companies). 

Current and former employees and associate consultants 

When individuals apply to work for or with Development Partners, we will only use the information they supply to us to process their application. We also take and keep on file professional references, as well as copies of their qualifications. These details may be stored electronically and on paper. Personal information about unsuccessful candidates is held for 3 months after the recruitment exercise has been completed and is destroyed or deleted. 

Once a person has taken up employment or an associate consultant position with us, we will set up a file relating to their relationship with us. The information contained in this will be kept securely and will only be used for purposes directly relevant to that person’s employment or subcontracted work. It is not shared with third parties. Once their work relationship with us has ended, we retain the file in accordance with the requirements of our retention schedule and then delete it or destroy it.

The lawful grounds for processing this data are that it is in our legitimate interest to do so.

New business enquiries 

When a telephone or email enquiry is made, we capture and record basic information about the organisation the enquirer represents. We may keep a paper copy of the telephone notes for up to one year, after which it is destroyed, or, in the case of enquirers who become our clients, for longer periods as required. Emails are deleted after 5 years. 

Our website is created and hosted by GoDaddy, a web hosting service provider. Our website has an enquiry contact page that captures basic information about the enquirer and the nature of their enquiry. This is encrypted and held by GoDaddy on servers in Europe and North America in order to help us service the enquiry. For more information on GoDaddy’s data protection procedures please refer to https://www.godaddy.com/en-uk/legal/agreements/privacy-policy. When an enquiry lapses or progresses to a contract, it is deleted from our system.

People who use our services

When we do business with someone representing a client organisation, we need to record and store his or her contact details to enable client management and contract delivery. This can include their name, job title, organisation, telephone, work address and the email address they have provided. This data processing is necessary for the delivery of a contract and we rely on our legitimate interest as the legal basis for storing and processing it. The data is held for the duration of the contract and for 6 years following its conclusion, in order to comply with HMRC record keeping requirements.

The work we produce for our clients

We produce electronic files of work for our clients. We upload this data (sometimes including personal data) onto the server of a secure file-sharing platform called Egnyte. The data we upload is encrypted at rest, which means that Egnyte cannot access the data. They can only access our account to respond to service or technical problems. For more information please read www.egnyte.com/privacy-policy.

Fundraising research

Separate to all the other personal information we hold (which has been directly given to us by the individual), occasionally, we are asked by client charities to identify or research ‘high net worth individuals’ who may be interested in donating to the charity or not-for-profit organisation. In this regard, we act as a data processor and we enter into a Data Processor Agreement with the client (the data controller). 

This type of work typically involves reviewing publicly available information (such as LinkedIn, corporate biographies, other publications) and producing a small summary. We do not include any special category data. Before doing so we will ensure that our client has established their lawful basis for storing and processing this information, has communicated this in their publically available Privacy Notice, and has a policy in place for how they intend to share their Privacy Notice with new prospects and supporters. 

The information we collect is then provided to the client charity (the data controller), which may subsequently approach the people identified, at which point they give them the option to opt-out of any further contact or research. 

The data we collect is stored in electronic files on Egnyte, and shared with clients by secure, password protected and time-limited links to the Egnyte files. The data is deleted 3 months after the end of the client contract. It is not retained, used for purposes other than those agreed with the client, or sold on to other organisations. We are happy to hear from people who do not wish to be the subject of any prospect research that we undertake, so that they can opt out of any future research. The lawful grounds for processing this data are that it is in our legitimate interest to do so as part of our business relating to fundraising research.

Our use of cookies

Our website employs cookies to help us understand how visitors navigate it, which pages they land on, which pages are the most read, which pages visitors leave from, how long people spend on the website, which countries visitors are based in and which browsers they are using. You can choose to accept or decline cookies. 

How we store your information 

We have implemented security procedures, rules and technical measures to protect the personal data that we have under our control from:

§  unauthorised access;

§  improper use or disclosure;

§  unauthorised modification.

Any personal information we collect is securely stored in electronic files on Egnyte, a secure file-sharing platform. All our employees, associates and data processors, who have access to, and are associated with the processing of personal data, are legally obliged to respect the confidentiality of our clients’ and contacts’ personal data. Our employees and associate consultants only have restricted access to the client folders that are relevant to them.

We do not retain your personal data longer than is either reasonable or legally permissible. We have different retention periods for different categories of data much of which is detailed in this document under the relevant section. Please contact us if you would like more information on our retention periods.

Your data protection rights

Under data protection law, you have rights including:

·  Your right of access - You have the right to ask us for copies of your personal information. 

·  Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

·  Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. 

·  Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances. 

·  Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.

·  Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

·  You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. If you wish to make a request please contact Judy Niner at judy.niner@development-partners.co.uk or 07778 423294, or write to:

Judy Niner

Development Partners UK Ltd
Park Farm Technology Centre
Kirtlington
Oxfordshire. OX5 3JQ

Complaints and enquiries

We try to meet the highest standards when collecting and using personal information. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We are happy to provide any additional information or explanation. Any requests for this should be sent to the address above.

If after contacting us about data issues, a data subject still has grounds for complaint, they are able to take the matter up with the Information Commissioner, with which we are registered.

The ICO’s address:  

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire. SK9 5AF

Helpline number: 0303 123 1113