Lincolnshire Community Foundation (LCF) complies with all aspects of current UK and European General Data Protection regulation, specifically Data Protection Principles 1-8: Personal Data is processed fairly and lawfully; will only be used for specified lawful purposes; is adequate, relevant and not excessive; is necessary and up to date; is kept for no longer than is necessary; is processed in accordance with the rights of ‘data subjects’; appropriate measures are in place to ensure it is not processed unlawfully or without authorisation; data is not transferred to a territory outside the ‘European Economic Area’.

Data Controller

The Data Controllers are the joint CEO’s Lincolnshire Community Foundation, 4 Mill House, Carre Street, Sleaford, Lincolnshire NG34 7TW. On written request from a ‘data subject’, they will supply details of what data is held, why it is held and to whom it may be disclosed. LCF can also supply a copy of the relevant Data Record.

What Personal Data do we hold?

We keep general information, like address and contact details, about people and groups: employees, volunteers, donors, applicants etc. Specific information might include, for example, bank details, personal references and the legal status of groups.

What is the purpose of holding Personal Data?

General information is used for purposes to ensure that due diligence is carried out, to safeguard the assets and reputation of the LCF like: deciding whether or not an application for funding meets eligibility criteria, statistical analysis, reports to donors and keeping standard business records. More sensitive data is processed only in response to a legal obligation and with the explicit consent of the ‘data subject’


Electronic data, such as online grant applications, are held in a password-protected database to which only LCF staff have access. Manual data is held in files in a secure cabinet within a locked office. Data will be secured within a password protected document where it is to be transferred electronically.

We adhere to the ‘Fair Data Code’ whereby the ‘data subject’ will not be misled or deceived in any way. Subjects have a right to know what data we hold for what purpose and any other information pertinent to the fair processing of data.

Direct Marketing

Any direct marketing is carried out adhering to the Data Protection direct-marketing- checklist


This Policy was reviewed in April 2018 using the General Data Protection Data Protection Principles 1-8 and we believe our current systems and processes adhere to the new guidance. Further guidance can be found on the ICO’s website

Download this document as a PDF