Privacy Policy

This Privacy Policy (“Policy”), together with the terms of engagement or contract which governs our supply of services, sets out the basis on which we will process your personal data when you have any dealings with us, whether you are a client or potential client, donor, beneﬁciary or volunteer, you are a professional or business contact, or you are a job applicant.

Within this Policy, we explain who is responsible for the personal data that we collect, what personal data we collect, how we will use such personal data, who we may disclose it to and your rights and choices in relation to your personal data. We may update this Policy at any time.

In this Policy:

references to we, us, our or Prism means to Prism the Gift Fund, registered in England (company number: 04677253) whose registered oﬃce is 20 Gloucester Place, London, W1U 8HA and Prism Administration Limited, registered in England (company number: 04613212) whose registered oﬃce is 73 Cornhill, London, EC3V 3QQ;
references to you or your means any individual who has dealings with us, including our clients, potential clients, our donors, beneﬁciaries and volunteers, as well as our professional or business contacts and job applicants;
references to Donor Advised Funds means the service oﬀered by Prism to high-net-worth individuals, whereby Prism supports these individuals with managing their donations to charitable organisations and causes;
references to Collective Funds means the service oﬀered by Prism to organisations, groups and individuals who are fundraising a minimum of £50,000 a year towards a speciﬁc charitable cause. Collective Funds may be operated by individuals or other organisations and may be based in the UK or other jurisdictions;
references to Clients means to founders of Donor Advised Funds, who are high-net-worth individuals that Prism provides services to, and founders of Collective Funds, who may be organisations, groups or individuals that are responsible for and involved in the founding, establishment and development of a Collective Fund;
references to the Site means the websites which are operated by Prism, including https://prismthegiftfund.co.uk and such other websites as we may operate from time to time; and
where we use the words personal data, we use these words to describe information that is about you

and other individuals you may tell us about and which identiﬁes you or those individuals.

Who is responsible for the personal data that we collect?

We are the data controller for the purposes of data protection law in respect of your personal data collected and used in connection with the provision of our services, including facilitating Donor Advised Funds, Collective Funds, or related activities such as promoting our events or, where relevant, dealing with job applications. This is because we dictate the purpose for which your personal data is used and how we use your personal data.

What personal data do we hold about you?

We collect and use personal data about you in the course of us providing services to you or to other parties via the Collective Funds and Donor Advised Funds. We have set out some examples of the personal data that we hold below:

If you make an enquiry

If you contact us with an enquiry about our services (either through our Site or by phone, email or post), we

will ask you to supply essential contact details (your name, e-mail address, phone number and, where applicable, the company or other person you represent and your job title), which we need in order to identify you and deal with your enquiry.

Depending on the nature of your enquiry, we may collect from you further details, such as the circumstances in which you are making the enquiry, the professional services that may be of interest to you or, where you are interested in a possible position with us, your CV and related information.

If you are or become a Client

If you are or become a Client (or the company or other person you represent is or becomes a Client), we will process the personal data required to provide the services, including your name, title, address, email address, telephone number and details of the services we are providing to you or the company or other person you represent. Where we are providing services to you as a Client, we will also ask you to provide a certiﬁed copy of your passport and proof of address.

We may also need to ask you to provide further personal data, and may need to carry out background checks about you in order to satisfy our obligations under any applicable legislation concerning money laundering, tax evasion, crime prevention and fraud protection. If you do not provide us with the information we need, we will not be able to provide our professional services for you or the company or other person you represent.

When you make a personal payment for our services, details of the method of payment, your bank details or your credit or debit card number will be processed.

If you are a donor

If you are a donor, we will process the personal data required to process your donations, including your name, e-mail address, donation payment details (including your address, bank details, donation amount, relevant cause you are donating to and conﬁrmation of whether your payment is a one-oﬀ payment or recurring payment) and your Gift Aid status.

If you are a professional or business contact

If you provide us (or one of our employees or other personnel) with your professional or business contact details or other relevant personal data, we will use this in order to keep in touch with you and exchange information that we believe is, or may become, relevant to you and your business or profession.

If you are the founder of a Collective Fund

If you are a founder, we will also ask you to provide additional documents so that we can verify your identity. Examples of documents that we may ask for from you include certiﬁed copies of your passport and a utility bill.

If you are a high net worth individual and we are managing Donor Advised Funds for you

If you are a high-net-worth individual, we will ask you to provide additional documents so that we can verify your identity as part of our onboarding process for the Donor Advised Funds services. Examples of documents that we may ask for from you include certiﬁed copies of your passport and a utility bill. Where you are making high value donations, we may also undertake a proof of funds veriﬁcation check with you.

If you are a trustee of a charity using our Foundation Administration services

If you are a trustee, we may collect certain personal data about you to verify your identity, including a copy of your ID and proof of address.

Marketing preferences and survey details

We will process details of any marketing preferences that you express, including any opt-outs that you provide.

If you enquire about a job or becoming a volunteer

If you submit a job application or enquire about a potential position with us, or another person does so on your

behalf, or with a view to becoming a volunteer with one of the Collective Funds or foundations that we administer, we will ask you to provide relevant personal information about you. Further details of the personal data that we collect, and of the basis on which we will process your personal data, will be provided at the time.

Online activity information (to the extent that it constitutes personal data)

We will collect technical information, including your Internet Protocol (IP) address, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We will also collect information about your visit to the Site, including the full Uniform Resource Locators (URL) clickstream to, through and from Site (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Information about third parties

In the course of providing services to you, you may provide us with personal data relating to third parties. We will use this personal data in accordance with this Policy. If you are providing personal data to us relating to a third party, you conﬁrm that you have the consent of the third party or are otherwise entitled to share such personal data with us and that you have made this Policy available to the third party.

How do we use the personal data we collect about you?

We use your personal data for a variety of diﬀerent purposes during the course of us providing services to you or other parties. The main purposes for which we use your personal data are set out below. Under data protection law, we can only use your personal data where we have a legal basis to do so. Examples of where we have a legal basis to process your personal data include when:

we have your consent;
it is necessary to enter into or perform a contract we have with you (or to take steps at your request prior to entering into that contract);
it is necessary to comply with a legal obligation;
it is necessary in order to protect your vital interests; or
it is in our legitimate interests to process your personal information.

We have set out the main purposes for using our personal data below, together with our lawful basis for doing so. Where we rely on our legitimate interests, we have set out those interests below.

Purpose	Legal basis
To communicate with you and other individuals.	Legitimate interests: We require your personal information in order to communicate with you or the Collective Fund or the Donor Advised Fund in relation to the supply of services in accordance with the terms of the contract with our Client. Performance of a contract we have with you.
To carry out our obligations arising from any contracts entered into between you and us or in preparation of entering into a contract with you or the Collective Fund, the Donor Advised Fund or a Client.	Legitimate interests: It is in our legitimate interest to comply with the terms of a contract we have in place with a Client or other third party. Performance of a contract we have with you, including in relation to facilitating any donations that you make via Prism.
To send you direct marketing communications about our products/services.	Legitimate interests: It is in our legitimate interest to contact you about services that we oﬀer. Consent: In some circumstances, we may rely on your consent to send direct marketing communications to you.
To manage any service or quality related issues, complaints, feedback and queries in relation to the supply of services in accordance with the terms of the supply contract.	Legitimate interests: We require your personal data in order to ensure the services we supply are ﬁt for purpose. Performance of a contract we have with you.
To comply with any legal or regulatory obligations (including in connection with a court order).	Necessary for compliance with a legal obligation to which we are subject.
To verify your identity, including when we conduct our own ‘know your client’ checks.	Legitimate interests: It is in our legitimate interest to ensure we carry out this veriﬁcation / these checks. Necessary for compliance with a legal obligation to which we are subject.

Who do we share your personal data with?

We may share your personal data with:

Our Clients / Collective Fund Founders. Where we collect donations or undertake other activities as part of our Collective Fund service with our Clients (also known as ‘Collective Fund Founders’), we will share your personal data with those Clients / Collective Fund Founders or their respective key contacts where you have chosen to donate to them or have otherwise expressed an interest in them, so that the relevant organisations and / or individuals can contact you directly.
‘Spin Out’ organisations. Where a Collective Fund that you have donated to or otherwise expressed an interest in ‘spins out’ and becomes its own charity or similar entity, we will share your personal data with the relevant new charity or entity. We do this to ensure that you are still able to continue to support the relevant cause/Collective Fund. If you would prefer us not to share your information in this way, please let us know by contacting us using the details in the ‘How to Contact Us’ section below.
Clients / Collective Fund Founders and Spin Out organisations – marketing. To the extent that we share your personal data with Clients, Collective Fund Founders and Spin Out organisations so that they can send marketing to you, we will only share your personal data in this way where you have provided us with your consent to receive marketing.
High net worth individuals who we provide Donor Advised Funds services to. Where you work for a charitable organisation that has applied for a grant from a Donor Advised Fund, we will share details of the application and the relevant charitable organisation with the high-net-worth individual.
HMRC. Where you are a donor and you have conﬁrmed that you are a UK taxpayer and your donation(s) are eligible for Gift Aid, we will share your personal data with HMRC to enable Prism / Clients / Collective Funds / Donor Advised Funds to claim this tax relief.
Our professional advisors. We may share your personal data with our professional advisors (including lawyers, accountants, auditors and ﬁnancial advisers) that assist us in carrying out our business activities. In addition, we may refer you to such third-party professional advisors, with your consent or where this is necessary for the performance of our contract with you (or the company or other person you represent). This will require the disclosure to such third parties of your contact details, as well as further personal data about you which is relevant to the services they provide.
Our business partners, service providers and sub-contractors. For example, our IT providers, marketing services providers, security service providers, insurance providers and document storage providers.
Professional or business contacts. If you have provided us with your professional or business contact details, we may share your personal data with our other professional or business contacts to enable us to promote and market our services, unless you indicate otherwise.

We may also disclose your personal data to other third parties, for example:

in the event that we sell or buy any business or assets, we will disclose your personal data to the prospective seller or buyer of such business or assets;
if we or substantially all of our assets are acquired by a third party, personal data held by us will be one of the transferred assets; and
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation.

International Data Transfers

We may transfer your personal data out of the UK in some circumstances, for example as part of our Collective Fund services, in which case the relevant Client / Collective Fund Founder may be registered or based in another jurisdiction. When we transfer personal data out of the UK, we take steps to ensure that your personal data is protected in accordance with appropriate safeguards, especially where the recipient country is not considered to be adequate under UK law. In particular, we rely on appropriate safeguards under data protection legislation, such as the UK International Data Transfer Agreement to protect your personal data.

How long do we keep personal data for?

If you contact us with an enquiry about our services but you do not subsequently become a Client (or the company or other person you represent does not do so) or a donor, it is our policy to delete your personal data after twelve months. If you are or become a Client (or the company or other person you represent is or becomes a client) or a donor, we normally retain contract information (including personal data) for a maximum of 6 years after the end of the relevant contract or client relationship.

We may agree with you to retain documents and personal data for a longer period, and in some cases, it may be necessary for us to do so, depending on the circumstances how we process your personal data, including where it is necessary for us to retain the data for a longer period for regulatory reasons or for the establishment, exercise or defence of legal claims.

Personal data relating to our professional contacts will be retained for so long as is necessary, or until you indicate otherwise to us, but we will aim to update our contacts’ preferences on a periodic basis.

Data security

We have put in place appropriate security measures to guard against your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We have also put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Your rights as a data subject

As a data subject, you have certain legal rights (subject to certain exceptions under the Data Protection legislation) including the right:

to access the personal data held about you and request a copy of it;
to ask us not to process your personal data for marketing purposes;
to withdraw at any time any consent you have given to receive marketing material from us, or in any other case where we process your personal data on the basis of a consent that you have given (and not on some other legal basis);
to opt out of receiving marketing messages by independently contacting us;
to ask us to rectify inaccurate personal data about you;
to ask for the restriction of personal data about you that is inaccurate, unlawfully processed, or no longer required;
to ask for the transfer of your personal data in a structured, commonly used and machine-readable format where appropriate;
to ask for the erasure of personal data about you where processing is no longer necessary, or the legitimate interests we have in processing your personal data are overridden by your interests, rights and freedoms as the data subject; and

to make a complaint to the Information Commissioner’s Oﬃce, which can be contacted by post via: Information Commissioner’s Oﬃce, Wycliﬀe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or by telephone via 0303 123 1113.

Changes to this Privacy Policy

We may change this Privacy Policy from time to time. In the case of any substantial change, we will notify you (where practicable) in writing or by email.

How to Contact Us

If you have any questions, comments or requests about this Privacy Policy, or would like to exercise any of the rights you have, as set out above, please contact us:

by email to: [email protected]
by post to: The Head of Compliance, Prism the Gift Fund, 20 Gloucester Place, London W1U8HA.