Norwich Charitable Trusts

Privacy Policy

1. Introduction

This privacy policy describes how Norwich Charitable Trusts processes your personal information. It deals with how we collect information, what we do with it, how we protect it and what controls and rights you have.

We are committed to protecting the privacy of anyone who interacts with us and will treat all information you give us carefully.

We promise to:

  • Tell you why we collect personal information, how we do this and what we use it for;
  • Only collect the information we need to deliver the service to you;
  • Keep personal information current and ensure it is safe and secure;
  • Why we can process your information;
  • What purpose we are processing it for;
  • Whether you must provide it to us;
  • How long do we store it?
  • Whether there are other recipients of your personal information;
  • Whether we intend to transfer it to another country, and
  • Whether we use automated decision-making or profiling.

Please read this Privacy Policy carefully to understand how we process your Personal Data. By providing your Personal Data to us or using our services or this website, you accept or consent to the practices in this Privacy Policy.

We may update this policy from time to time. The date this policy was last revised is shown at the end of this document.

As a Data controller, we fully comply with the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 and the UK General Data Protection Regulations 2018 (UK GDPR 2018).

We are registered on the ICO Data Protection Register under registration number ZA341322 and with the Charities Commission number 1094602. Our registered address is 1 Woolgate Court, St. Benedicts St, Norwich, NR2 4AP.

2. Who We Are

This policy references Norwich Charitable Trusts “we,” “us”, and “our” are to Norwich Charitable Trusts, 1 Woolgate Court, St. Benedicts St, Norwich, NR2 4AP.

All and any references to Norwich Charitable Trusts, we, us, our organisation are a collective of the:

  • Anguish’s Educational Foundation – Charity no. 311288
  • Norwich Consolidated Charities – Charity no. 1094602
  • Norwich Town Close Estate Charity – Charity no. 235678

And refer to each entity as one.

The Data Controller is Norwich Charitable Trusts.

3. What information do we collect?

We collect your personal information to enable us to provide the services or fulfil a role with us. This may include:

  • Name and address;
  • Email address and telephone numbers;
  • Information from your parent or guardian if you are under 18;
  • Details of services you may have received from us;
  • The result of any credit or anti-fraud checks we have made on you.

3.1 Employees

Details of your employment.

In addition to the information above, we also need to collect further information about you:

  • Details of your employment
  • Your full name
  • Date and Country of Birth
  • National Insurance Number
  • Passport Number
  • Personal Bank Details
  • Address
  • Personal Email address
  • Personal contact number

How do we collect Personal Information?

We collect personal information in the following ways:

  • When you enquire about one of our services;
  • When you provide information by filling in a form on registration or information provided at any other time;
  • During the provision of services to you;
  • When you participate in discussion forums or other social media on our site or sites managed by us;
  • When you contact us by email, telephone, social media or any other way;
  • When you visit our website;
  • When you sign in and out of our premises (visitors log).

4. Cookies

Our website uses Cookies to distinguish you from other users of our website. This helps us provide a good experience when you browse our website and allows us to improve our site.

More information concerning our use of cookies can be found on our Cookies Policy by following this link.

5. How we use the information and why we need it

We use the personal information to provide services to clients, guests, employees, visitors, and newsletter recipients or to meet our contractual commitments to you.

This may include:

  • Contract – if we have a contract with you, we will process your personal information to fulfil that contract;
  • Consent – generally, we will only ask for your consent to process your personal information if there is no other legal ground to process it. Where we need your consent, we will ensure you are as fully informed as possible and use that consent solely for the reason you gave it to us. You can change your mind anytime by contacting us at the address in paragraph 13. Any email or text sent to you will also have a link to let you do so;
  • Interacting in the public interest;
  • Necessary to defend legal claims or court action;
  • Vital interests – Where it is necessary to protect your vital interests or those of another person;
  • Employment – when necessary to fulfil our duties under employment law;
  • Marketing – in addition to the processing, we will use your personal information to provide you with information about services you have requested or would reasonably expect to receive from us. You can change your mind anytime, and we will keep your preferences current. Any email to you about marketing will have a link to let you unsubscribe.

6. Legitimate interests

Norwich Charitable Trusts may also process your Data when it is in our legitimate interest to do this and when these interests do not override your rights.

These legitimate interests include:

  • Keeping our records up to date;
  • Statistical research and analysis to enable us to monitor and improve services;
  • Sharing your personal information with people or organisations to comply with legal or regulatory obligations or enable us to run our organisation;
  • To fulfil laws that apply to us and the third parties we work with;
  • To participate in or be the subject of any merger, sale or purchase of all or part of our business;
  • Managing our relationships with you and third parties who assist us in providing your services. Providing you with information on product services and offers by partner service providers.

7. Who will see the information?

Your information will only be accessible to our staff and only where appropriate regarding the role they are carrying out. We will never sell your information or let other organisations use it for their purposes. We will only share your personal information:

  • Where consent is necessary, we will have obtained your consent to us doing so and will provide information for the specific reason your consent was given. You will have the opportunity to withhold consent when you complete the form on which we collect the Data, or you can also contact us at the address in paragraph 14 at any time;
  • Where it is necessary to protect your vital interest (i.e., your life or health);
  • Organisations or people whom we must share your personal information with by law or regulations;
  • The police or other law enforcement agencies for them to perform their duties if we must do this by law or under a court order;
  • Where (for employees) we use other organisations to provide services on our behalf for processing, such as Payroll, pension accountancy and other outsourced HR administration;
  • When using auditors and professional advisors and with your pension administrator;
  • With our Trustees;
  • If we merge with another organisation or form a new entity;
  • Where a third-party Data processor is used, we shall ensure they operate under a  contract that includes confidentiality and security of Personal Data and their obligations under the Data Protection legislation.

8. Security

The security of your personal information is very important to us. We protect all Personal Data we hold and ensure we have appropriate organisational and technical measures in place to prevent unauthorised access or unlawful processing of Personal Data and to prevent Data from being lost, destroyed, or damaged;

  • All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone;
  • Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Data before it reaches our site;
  • Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access;
  • Personal Data is processed in the UK; however, your information may be situated outside the European Economic Area (EEA) for IT hosting and maintenance.

9. Your rights

You have the following rights:

  • Transparency over how we use your personal information (right to be informed);
  • To request a copy of the information we hold about you, which will be provided to you within one month (right of access);
  • An update or amendment of the information we hold about you (right of rectification);
  • To ask us to stop using information (right to restrict processing);
  • Ask us to remove your personal information from our records (right to be forgotten);
  • Request us to remove your information for marketing purposes (right to object);
  • To obtain and reuse your Data for your purposes (right to portability);
  • Not to be subject to a decision based on automated processing.

You can contact us about any of these rights at the address in paragraph 12. To protect your privacy, we may ask you to prove your identity before we agree to respond to any request. There is no charge for a request, and we will respond to your request within one month.

If you are dissatisfied with how we deal with your request, please get in touch with us in the first instance to try and resolve your concern, and should we be unable to help you, contact the Information Commissioners Office on 0303 123 1113 or at their website:

10. Retention of information

We keep your information only for as long as necessary for each purpose we use it. We use the following guidelines:

  • Any time limits set by law or recommended by regulators, professional bodies, or associations;
  • For as long as we have a reasonable need to manage our relationship with you or for running our organisation.

11. CCTV

For GDPR, the definition of ‘CCTV’ includes dash-cams in NCT vehicles or private vehicles used in NCT business. CCTV monitors our premises for the safety of visitors and staff and the security of the property. Images are retained for 30 days under ICO guidelines.

12. How to contact us

If you have any questions about how we collect, store, and use personal information, or if you have any other privacy-related questions, please get in touch with us by any of the following means:

Telephone: 01603 621 023


In writing:
Data Protection Officer
Norwich Charitable Trusts,
1 Woolgate Court, St. Benedicts St,
Norwich, NR2 4AP.