Give change, make change
We rely on your generosity to help us to help those in need and would be delighted if you would consider making a donation.
To make it easy for you we have set up PayPal and JustGiving.com accounts and for further information or to make a donation just visit our Donations page.
Who we are
The Grassmarket Mission, a charitable Trust, was originally established in 1886 and now operates according to the Variation of Trust Deed of 2011 with the stated objectives of:
- The relief of those in need
- The advancement of the Christian religion and the promotion of religious harmony on a non-denominational basis: and
- The advancement of citizenship and community development.
These aims are met by providing grants to charitable projects in the Grassmarket, Edinburgh, and nearby, that assist those that are vulnerable, homeless or in need because of poverty, loneliness, hunger, substance-abuse, ill-health or any other reason.
The Grassmarket Mission is the controller and responsible for your personal data.What is personal information?
Personal information, or personal data, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect the following kinds of personal information:Identity information such as name, marital status, title, and gender.
Contact information such as address, email address and telephone numbers.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How we collect your personal information
We use different methods to collect information from and about you. These include:
- Direct interactions – you may give us your personal information by filling in forms or giving us feedback or when you contact us by post, phone or email or when we ask you to provide information so that we can assess and award grants and meet our legal responsibilities.
- Third parties – we might be given your personal information by others.
- Public sources – we may collect information about you from public sources such as the internet or public registers, including OSCR and Companies House.
How we use your personal information
We collect and use personal information for the following purposes:
1. Grant application
A grant application will process information about the charity applicant, for the purpose of assessing the request for funding. In the main, the assessment requires organisational information, but may include details of trustees, the board, employees, volunteers or relevant stakeholders. We will also process information relating to the organisation’s finances during assessment.
On occasion, we may seek an additional organisational reference, but would do so with the consent of the charity applicant.
We require the applicant to have the authority to include any personal data and when such data is included in the application, to have made the affected parties aware of this privacy notice.
Our data processing is not automated.
Your application and associated emails will be held in secure IT systems or secure filing cabinets, for one year from the point of application for unsuccessful applicants and for three years from the end of the funded period for successful applicants.
2. Grant Monitoring and Review
If you accept a grant offer from us, the terms and conditions of the grant set out that we will expect a report to be sent to us detailing the progress made against your nominated outcomes. The information processed at this point is made available from you.
Failure to provide this report would represent a breach of our grant agreement.
In the main the evaluation will contain organisational information. Should you reference details of trustees, the board, employees, volunteers, relevant stakeholders or others in your report, it is your responsibility to have their authority to do so and to make them aware of this privacy notice.
The processing of this information is not automated.
Your evaluation and associated emails will be held in our secure IT systems and filing cabinets for three years from the end of the funded period.
3. Management of the Trust
The Trust holds the personal information and contact details of its Trustees and any volunteers or assessors as defined in What is personal information above. This is to ensure the efficient administration of the Trust. The processing of this information is not automated.
Lawful basis and change of purpose
The law requires that we only use your personal information where we have a lawful basis to do so. We process your personal information for the purposes of our legitimate interests in accordance with Article 6(1)(f) of the General Data Protection Regulation and to comply with our legal obligations.
Legitimate interest means the interests of our organisation to further our charitable aims. This means we will process your personal information to ensure grants are allocated to appropriate recipients, to ensure that grant funding we have provided is used in accordance with the terms of the grant award, to manage our processes, to keep our records up to date and for the administration of the Trust.
We will only use your personal information for the reasons we have told you about. If we need to use it for a different purpose, we will contact you and explain why the law allows us to do this. Please note, we may use your information without your knowledge or consent where this is required or allowed by law.
If you fail to provide personal data
Where we need to collect your personal information and you fail to provide that data when requested, we may not be able to process your grant application or monitor or review your grant. In this case, we may not be able to assess and award grants but we will notify you if this is the case at the time.
Please help us keep our records updated by letting us know of any changes to your e-mail address and other contact details.
Sharing and disclosing your personal information
We may have to share personal information we hold about you with other organisations. These organisations must also keep your information safe and secure and treat it lawfully.
This might include:
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities to whom we are required to report in certain circumstances.
- The police or other law enforcement agencies where we are required to do so by law.
We use electronic data storage systems (cloud back-up) that are managed by third parties with servers mainly within the EU or on occasion the US. The UK/EU third parties have confirmed that they are GDPR compliant and those in the US are certified by the EU-US Privacy Shield Framework which provides a similar level of protection.
Access to your information – You have the right to request a copy of the personal information about you that we hold.
Correcting your information – We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information – You have the right to ask us to delete personal information about you where:
- You consider that we no longer require the information for the purposes for which it was obtained
- We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below
- You have validly objected to our use of your personal information – see Objecting to how we may use your information below
- Our use of your personal information is contrary to law or our other legal obligations.
Objecting to how we may use your information – You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest or for our legitimate interests or those of a third party then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Restricting how we may use your information - In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don't want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Automated processing – If we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.
Currently the Trust’s processing of information is not automated.
Withdrawing consent for using your information – Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Exercising your rights
Please contact us if you wish to exercise any of these rights.
You will not normally have to pay a fee to access your personal data or to exercise any of the other rights.
In some circumstances, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you to clarify your request.
We try to respond to all legitimate requests within three months. Occasionally it could take us longer than this if your request is particularly complex but if this is the case, we will notify you and keep you updated.
We have security measures to prevent your personal information from being accessed by unauthorised people and to prevent unlawful processing, accidental loss, destruction or damage.
Our website may contain links to other websites and resources that you may find of interest. If you access any of these websites using these links, please note that they have their own Privacy Policies and you should check these before submitting any personal data. We cannot accept any responsibility or liability for these policies.
Please be aware that unfortunately the transmission of information via the internet or by email is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of the transmission of this data to us and any transmission is at your own risk.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Changes to our privacy statement
We keep this privacy statement under regular review and will post updated versions on our website www.grassmarketmission.org
This privacy statement was last updated on 25 November 2019.
The Grassmarket Mission
c/o Whitelaw Wells
9 Ainslie Place
Edinburgh EH3 6AT
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office:
By phone: 0303 123 1113
By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF