The legal basis for collecting and processing your information
The bases on which we process your personal data are legal obligation, performance of a contract, your consent or our legitimate interest.
In the case of our legitimate interests to process your personal data, we are required to ensure that our interests are balanced against yours.
We use legitimate interest for the following activities:
- Maintaining a record of your relationship with the University;
- Communications (including marketing) by mail;
- Communications (including marketing) by telephone;
- Sending information communications (non-marketing) electronically;
- Using publicly available information (see ‘Producing briefings, profiling and wealth screening’ and ‘Information available publicly and from social media’ sections);
- Profiling (see ‘Producing briefings, profiling and wealth screening’ section);
- Wealth screening (see ‘Producing briefings, profiling and wealth screening’ section);
- Conducting due diligence checks (see further information below, and ‘How we use the information we hold’ and ‘Information available publicly and from social media’ sections);
- Data cleaning (ensuring your contact information is up-to-date);
- Consultations (feedback, census, surveys and questionnaires).
If you would like further information on the legal basis we use, please contact the University’s Data Protection Officer as detailed under ‘Queries, concerns or complaints’. You can object to us processing your data for the above purposes at any time.
Due diligence and criminal data
When conducting due diligence checks, this may include reviewing publicly available personal data relating to criminal allegations, proceedings or convictions. This processing is necessary for reasons of substantial public interest, and the condition we rely on for processing criminal data in this situation is "Regulatory requirements relating to unlawful acts and dishonesty". The Fundraising Regulator "Code of Fundraising Practice", OSCR Charity Trustee Duties and University of Edinburgh internal policies are all regulatory requirements requiring us conduct due diligence checks, which may involve processing criminal data.
We have in place an ‘appropriate policy document’ and safeguards which we are required by law to maintain when processing such data. Please contact us at firstname.lastname@example.org if you would like further information, or a copy of our ‘appropriate policy document’.
You can object to us processing your data for these purposes at any time. Please note if you were to object to us processing your data for due diligence checks, we may not be able to accept any further donations from you.