Privacy Statement
1. Introduction Centennial Foundation (“we,” “us,” or “our”), a company registered in the United Kingdom under company registration number 16149732, is committed to safeguarding the privacy and security of your personal data. This Privacy Statement describes how we collect, use, process, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and other applicable UK data protection laws.
2. Data Controller and Contact Information For the purposes of the UK GDPR, Centennial Foundation is the data controller of your personal data. If you have any questions regarding this Privacy Statement or wish to exercise any of your rights under the UK GDPR, please contact us at:
Email: compliance@centennialfoundation.org
3. Information We Collect We may collect and process the following categories of personal data:
Identity Data: Your full name, title, date of birth, and contact details (email address, phone number, postal address).
Financial Data: Bank account details or payment card information for processing donations.
Compliance Data: Documentation necessary to satisfy Anti-Money Laundering (AML) obligations, such as identity verification records.
Transaction Data: Details of your donations, payment confirmations, and communication preferences.
Technical Data: Information collected through cookies, including IP addresses, browser types, and website usage data.
4. Legal Basis for Processing Your Data We process your personal data in accordance with the UK GDPR based on the following legal grounds:
Consent: When you have explicitly consented to the processing of your data, for example, by subscribing to our updates or agreeing to receive communications.
Contractual Necessity: To process donations or fulfill agreements made with you.
Legal Obligation: To comply with legal requirements, including Anti-Money Laundering (AML) regulations.
Legitimate Interests: To improve our services, prevent fraud, and manage donor relationships, provided this does not override your rights and freedoms.
5. Data Sharing and Third-Party Processors We may share your personal data with the following third parties for the purposes outlined in this Privacy Statement:
AML Risk Assessors: Third parties conducting necessary AML and risk assessments.
Payment Processors: To securely process transactions and donations.
Regulatory Authorities and Law Enforcement: Where required by law or regulatory obligations.
We ensure that all third-party service providers comply with the UK GDPR and have appropriate safeguards in place to protect your personal data.
6. International Data Transfers In exceptional circumstances, personal data may be transferred outside the UK. In such cases, we will ensure that appropriate safeguards are implemented to protect your data in accordance with the UK GDPR, such as through the use of International Data Transfer Agreements (IDTAs) or other lawful transfer mechanisms.
7. Data Retention We will retain your personal data for no longer than is necessary to fulfill the purposes for which it was collected, or to comply with statutory retention requirements, including those related to Anti-Money Laundering (AML) obligations.
8. Your Rights Under the UK GDPR Under the UK GDPR, you have the following rights in relation to your personal data:
Right to Access: The right to request access to your personal data.
Right to Rectification: The right to request the correction of inaccurate or incomplete data.
Right to Erasure: The right to request the deletion of your personal data, subject to certain legal exceptions.
Right to Restriction of Processing: The right to request the restriction of processing under certain conditions.
Right to Data Portability: The right to request the transfer of your personal data to another data controller in a structured, commonly used, and machine-readable format.
Right to Object: The right to object to the processing of your data for certain purposes, including direct marketing.
Right to Lodge a Complaint: The right to file a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been mishandled.
To exercise any of your rights, please contact us at compliance@centennialfoundation.org.
9. Data Security We take appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encrypted storage, secure access controls, and regular security audits.
10. Cookies and Tracking Technologies Our website uses cookies and other tracking technologies to enhance user experience and monitor site traffic. By using our website, you consent to the use of cookies in accordance with our Cookie Policy.
11. Changes to This Privacy Statement We may update this Privacy Statement from time to time to reflect changes in legal requirements or our operational practices. Any changes will be posted on this page, and the date of the most recent update will be noted at the bottom of the Privacy Statement.
12. Contact and Complaints If you have any questions or concerns about how we process your personal data, or if you wish to exercise your rights, please contact us at the address above. If you are dissatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
ICO Contact Information: https://ico.org.uk/