Department for Digital, Culture, Media and Sport (DCMS) and The National Lottery Community Fund Privacy Notice - Civil Society Covid-19 Response Fund

The Office for Civil Society, a directorate of the Department for Digital, Culture, Media and Sport (DCMS), is working with The National Lottery Community Fund on the Coronavirus Community Support Fund to support charities in providing crucial services for people and communities directly or indirectly affected by Covid-19.

This Privacy Notice explains your rights and gives you the information you are entitled to under the Data Protection Act 2018 and the General Data Protection Regulation (“the Data Protection Legislation”). Note that this Privacy Notice only refers to your personal data which we process (e.g. the details of individuals at your organisation - name, date of birth, home address, email address, phone number).

The Coronavirus Community Support Fund is led by DCMS and The National Lottery Community Fund. Both organisations jointly control the reasons for your personal data being collected and how it is processed for the purposes of the Coronavirus Community Support Fund project.

DCMS and The National Lottery Community Fund have agreed that each of them will take lead responsibility for compliance with data protection laws in respect of the elements of the processing they undertake.

This privacy notice is issued jointly on behalf of DCMS and The National Lottery Community Fund.

At the application stage, the personal data we process are the details of a legally responsible individual at your organisation (name, date of birth, home address, email address, phone number). This is processed by The National Lottery Community Fund to conduct organisational checks for the purposes of grant making. We will also hold contact details (name, phone number, email address) of an individual at your organisation to maintain contact during the programme.

All data collected at the application stage is shared by The National Lottery Community Fund with DCMS for the purposes of running this programme and will be held by DCMS for oversight, audit and assurance purposes to prevent fraud and ensure that the money has been spent in accordance with regulations and the purposes of the programme.

DCMS may use publicly available information about you to carry out background checks for the purposes of assessing any risks to public funding in making a grant to your organisation.

DCMS and The National Lottery Community Fund are processing your personal data as it is necessary for a task carried out in the public interest.

DCMS and The National Lottery Community Fund hold the personal data outlined above on individual databases. The National Lottery Community Fund will be able to access your email address to enable them to communicate with you regarding the project’s progress and any relevant information. DCMS will be able to access these details to contact you to check that the money has been spent in the way agreed during your application to the Fund. DCMS may also share your data with The National Audit Office for the same reason.

We may share your personal data with organisations that help us to run this programme by conducting organisational checks and verifications for due diligence. The National Lottery Community Fund will share data with an external evaluator for the purpose of evaluating this programme. We will only share personal data which they need to carry out their work and subject to appropriate security measures.

The personal data The National Lottery Community Fund collects from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by the National Lottery Community Fund and these fraud prevention agencies, and your data protection rights, can be found by contacting (data.protection@tnlcommunityfund.org.uk)

Your personal data will be retained for seven (7) years if you are successful at receiving a grant from this programme, being erased by May 2027. If your application is unsuccessful, your data will be kept by The National Lottery Community Fund for two (2) years and will not be shared with DCMS.

The data we are collecting is your personal data, and you have the right:

• To see what data we have about you
• To ask us to stop using your data, but keep it on record
• To ask us to stop using and delete your data in certain circumstances
• To have all or some of your data corrected
• To lodge a complaint with the independent Information Commissioner (ICO) if you think we are not handling your data fairly or in accordance with the law.

You can contact the ICO at https://ico.org.uk/, or telephone 0303 123 1113. ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Should you have any concerns or wish to exercise the rights outlined above in respect of the personal data which:

• DCMS is processing, please contact the DCMS Data Protection Officer at dcmsdataprotection@culture.gov.uk
• The National Lottery Community Fund is processing, then please contact the Data Protection Officer at gdpr.mailbox@tnlcommunityfund.org.uk .

DCMS and The National Lottery Community Fund take all reasonable steps to keep personal data in its possession or control, which is used on an on-going basis, accurate, complete, current and relevant, based on the most recent information available to us. If we are advised of a change in information, we will update the data accordingly.

We rely on you to notify us of any changes to your personal data.

Your personal data will not be sent overseas and will not be used for automated decision making.

We are committed to taking all reasonable and appropriate steps to protect the personal information we collect from you from improper use or disclosure, unauthorised access, unauthorised modification, and unlawful destruction or accidental loss. We have taken and will take appropriate information security, technical, storage and organisational measures to such end, including measures to deal with any suspected data breach. All providers who are associated with the processing of your information are obliged to respect the confidentiality of your personal data.