Privacy Notice

Who we are

This privacy notice is issued on behalf of William Grant Foundation and its governing members (Foundation). The Foundation is an unincorporated association providing governance and direction of donations made by William Grant & Sons Ltd, registered in Scotland with company number 131772 and registered office at The Glenfiddich Distillery, Dufftown, Banffshire, AB55 4DH. When we mention “Company”, “Foundation”, “we”, “us” or “our” in this Privacy Notice, we are referring to the Foundation, William Grant & Sons Ltd. and/or to both.

We own and operate https://www.williamgrantfoundation.org.uk

We are committed to protecting your personal data; your privacy matters to us. That is why we have developed this Notice to explain how we collect, use, share and store your personal information when you use this website, and to inform you about how we will look after that information.

Please read and familiarise yourself with this Notice, together with our Website Terms and Conditions, Cookie Notice and any other policies that we provide to you on specific occasions when we are collecting or processing personal data about you. This will help you to be fully aware of how and why we are using your information. If you do not agree with any term in this Notice, please do not use the website or submit any personal information to or through it.

Your full rights in relation to data privacy are detailed below, along with contact details should you have any questions.      

Types of personal information we collect

We may collect, use, and store different types of personal information about you, which we have grouped together as follows:

Types of personal informationDescription
Personal identifying informationYour first name and last name, preferred salutation.
Contact and address detailsYour  contact email, address and telephone number and any other details you provide it to us in connection with any events, donations or for any other purpose.
TechnicalInformation sent to us because of connecting to our website or collected via pixels, including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
FinancialYour bank account and payment card details; AML/KYC screening details as required by law.
TransactionDetails about payments to and from you.
ContractualDetails about the services (or other arrangements we have with you) we provide to you on a contractual basis.
Social demographicDetails about your work or profession, nationality, education and where you fit in to various social or income groupings.
UsageInformation about how you use our website, products, and services.
Analytical and trackingCustomisation insights derived from how you engage       with our websites     , communications,      digital services and Foundation programme.
Marketing and CommunicationsInformation about your preferences in receiving marketing from us and your communication preferences; product/brand preferences and other interests; information to help us better accommodate you at events, such as dietary requirements or accessibility needs; communications (and related metadata) carried out within our technological environment during relationship management.

How we use your personal information

In general terms, we collect and use personal information to:

  • Meet our legal and regulatory responsibilities, on both a global and local basis;
  • Deliver all the services, products, experiences and meet our legal responsibilities;
  • Verify your identity and age where this is required;
  • Contact you by post, email, or telephone, as you permit us to;
  • Better understand your unique needs and preferences;
  • Maintain our business records;
  • Send you information the Foundation’s activities and grants programme;
  • Share our newsletters with you;
  • Process financial transactions and;
  • Continuously improve our activities.

More specifically, the table below explains how we use your personal information and the reasons that we rely on in doing so. Where these reasons include legitimate interests, we explain what these legitimate interests are.

What we use your information for Our reasonsOur legitimate interests
To deliver our services to make and manage payments.
To manage fees, charges, and interest due on customer accounts.
To collect and recover money that is owed to us  		Contractual performance
Legitimate interests
Legal obligations		Being efficient about how we fulfil our legal and contractual duties.
Complying with regulations that apply to us.
To manage our relationship with you which may include asking you to leave a review of take a survey or notifying you about changes to our terms or privacy notice.Contractual performance
Legal obligations
Legitimate interests		Keeping our records updated and to study how individuals and entities engage with the Foundation.
Feedback to improve our service standards and offering to better service you.Contractual performance
Legitimate interests    		Being able to study how individuals and entities engage with the Foundation, and optimising its impact.
To deliver relevant marketing content including any advertisements, promotions or newsletters to you and measure or understand the effectiveness of the advertising that we serve to you.
To publicise the impact of our grant-making and be transparent about our activities.		Legitimate interests
Consent		To study how individuals and entities engage with the Foundation’s communications and to improve our marketing strategy.
Our need for transparency and to demonstrate impact in our grant-making activities.
To use data analytics and publicly available data to improve our website, products/services, marketing, customer relationships and experiences.Legitimate interests      Defining types of individuals and entities engaging with the Foundation, to keep our website updated and relevant, to develop our Foundation programme and to inform our marketing strategy.
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).Legitimate interests
Legal obligations 		Necessary for our legitimate interests for running our business and Foundation, provision of administration and network security, to prevent fraud and in the context of any business reorganisation or group restructuring exercises, if relevant.
To run our business and Foundation in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit.Legitimate interests
Legal obligations 		Being efficient about how we fulfil our legal duties Complying with regulations that apply to us.
To exercise our rights set out in contracts and agreements.Contractual performance 
To make suggestions and recommendations about Foundation activities which may be of interest to you.Legitimate interestsDeveloping our Foundation programme and optimising its effectiveness.

Further information on direct marketing:

We will get your express opt-in consent before directly sending you marketing communications. If you wish to opt-out, use the unsubscribe options in our mailing lists or email us at dataprotection@wgrant.com.

We will also get your express opt-in consent before sharing your personal information with any third party so that they can send direct marketing communications to you. In this case, the privacy notice of such third party will apply. You can unsubscribe and/or opt-out per those notices.

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

If you choose not to give your personal information

If you choose not to give your personal information, it may prevent us from being able to engage with you.

Where we collect your personal information from

We may collect personal information about you (or your business, charity or other legal entity) from the following sources:

  • Data you actively give to us via online forms, at events or in digital or personal interactions to help us be more relevant and customised in our engagement with you and provision of services.
  • Technical Data e.g. your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. This may include cookies, pixels, and other similar technologies on our websites to collect information and provide you with the services that you have requested or participate in and to provide targeted advertising.
  • Data we collect when you use our services e.g. payment and transaction information, identity and contact information, etc.
  • Data from third parties that we work with.

Advertisement technology

  • As described above, we may use service providers to help us manage, carry out and improve our advertising. These parties set cookies at our direction to help us collect information and provide you with advertisements that we believe would be relevant for you. In some instances, these parties may also assist us by providing certain statistical and analytics information in relation to our marketing practices.
  • We also may share information collected through cookies (and other tracking technologies) with third parties to use for their own analytics and marketing purposes. These third parties may serve targeted advertising to you about our brand and other WG&S brands based on your consent.
  • Other technologies such as pixels may also be used on our websites, in email messages and in other areas of our business. These technologies are used to improve our products and services as well as our marketing efforts. We use pixels to help us determine the success of our advertising campaigns, such as to give us insight into whether you opened, deleted, or forwarded an email, or clicked on a link contained in the email.

We and our service providers may serve targeted advertisements through the use of first-party or third-party cookies, pixels and web beacons when you visit our website. We do this to provide you with advertising that we believe may be relevant for you as well as improve our own products and services, including the functionality and performance of our websites. If you are using these third-party functions, you are also notified of your rights and how to exercise them via the privacy policies of these third parties. To learn more about opting out of certain types of targeted advertising, please see the Cookie Notice.

Information you post on public areas of our site and social media

Information that you post on or through any public areas of the website (such as chatrooms, bulletin boards or discussion forums) and on any social media pages that we operate is publicly available information. This means that it is generally accessible to, and may be collected by, others and may be used by them to send you unsolicited messages. We do not have control over if or how other people may use that information therefore you should use caution and ensure not to disclose personal information when using public web areas or social media. We will not be responsible for any postings that you make with personal information in them. Please read this section in conjunction with our Website Terms and Conditions.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Who we share your information with:

We may share your personal information with the following third parties:

  • Payment processors and providers
  • Members of our group of companies
  • Agencies or third parties that we are partnering with to deliver events and services
  • Third parties for the purpose of marketing, in line with this privacy notice
  • Security providers
  • Health & Safety providers

We also publish information about all our UK grants of £2000 or more using the 360 Giving open data standard. This means that data about our grants can be easily shared, analysed, and compared with other funders’, which benefits other funders, grant-seekers and anyone seeking to understand civil society better.

This means that key details about your organisation, its location, and the grant we have made will be in the public domain on the searchable database GrantsNav.  In the case of an individual, we would only publish your name, business address/location (if any) on 360 Giving along with details of the grant (using a business or trading name if you have provided us with one).

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Safeguarding

We are committed to proportionately assessing the safeguarding risks posed by work we fund and to taking appropriate action where concerns are identified.

We may ask you about your policies and procedures relating to safeguarding but we do not ask you anything specific relating to an individual employee or beneficiary. The only time individuals would be mentioned is when you report a safeguarding issue to us concerning an employee or volunteer and that person’s identity is in the public domain in relation to the incident. We might retain information to the extent it is already available in the public domain.

International Data Transfers and personal information held internationally

As we operate via a global network of corporate offices, it may be necessary to transfer your information, for example, information collected in connection with a brand, joining one of our emailing lists or interacting with us through our websites, emails, or our other digital channels to a country outside of the country where it was originally collected or outside of your country of residence or nationality. The information that you provide us may be transferred to any of our WG&S owned or affiliated entities around the world for the purposes of carrying out or facilitating these services and in compliance with the applicable laws. We will take steps to make sure such transfer is carefully managed to protect your privacy rights.

Further, we will only transfer personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied those alternative arrangements are in place to protect your privacy rights. We will also make sure that any requests for information we receive from law enforcement or regulators will be carefully validated before personal information is disclosed, where permitted by the applicable law.

Information Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to any of our affiliated websites. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures.

How long we keep your personal information

We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting obligations that we may have. We will only keep personal data for longer where there is a legal requirement for us to do so.

To determine how long we should keep your information for, we will consider the amount, type, and sensitivity of the personal information involved as well as the potential risk of harm if it is lost or used or disclosed without authorisation. We will also consider the purposes for which we process your personal data and whether we can achieve those purposes through other means without the need to keep your data.

In some circumstances you can ask us to delete your data (see section on “Your rights” below for more information).

In some circumstances, we may also anonymise your personal data so that it can no longer be associated with you, for example for statistical purposes. Where we do this, we may use this information indefinitely without further notice to you.

Your rights

Access to your information – You have the right to request a copy of the personal information about you that we hold. 

Correcting your information – We want to make sure that your personal information is accurate, complete, and up to date, and you may ask us to correct any personal information about you that you believe does not meet these standards.

Deletion of your information – You have the right to ask us to delete personal information about you where:

  • You consider that we no longer require the information for the purposes for which it was obtained
  • We are using that information with your consent, and you have withdrawn your consent – see Withdrawing consent to using your information below
  • You have validly objected to our use of your personal information – see Objecting to how we may use your information below
  • Our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information – You have the right at any time to require us to stop using your personal information for direct marketing purposes.  In addition, where we use your personal information to perform tasks carried out in the public interest or pursuant to the legitimate interests of us or a third party then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.

Restricting how we may use your information –In some cases, you may ask us to restrict how we use your personal information.  This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information.  The right might also apply where this is no longer a basis for using your personal information, but you don’t want us to delete the data.  Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Portability – If we process personal information that you provide to us on the basis of consent or because it is necessary for the performance of a contract to which you are party, and in either case that processing is carried out by automated means, then you have the right to have that personal information transmitted to you in a machine-readable format. Where technically feasible, you also have the right to have that personal information transmitted directly to another controller.

Automated processing – If we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision.  This right only applies where we use your information with your consent or as part of a contractual relationship with you.

Withdrawing consent using your information – Where we use your personal information with your consent you may withdraw that consent at any time, and we will stop using your personal information for the purpose(s) for which consent was given.

Please contact us in any of the ways set out in the Contact information and further advicesection if you wish to exercise any of these rights.

If you are seeking employment with us, or if you want to enter into a different type of contract with us, it may be necessary for you to provide us with certain information in order to enter into that contract. If you don’t then we may not be able to contract with you or offer you employment.

Changes to our Privacy Notice

We keep this Privacy Notice under regular review and will place any updates on this website. We recommend that you check this page regularly to ensure that you have read the most recent version.

This Privacy Notice was last updated on 1 May 2024.

Contact information and further advice

For any questions or concerns regarding this Notice or our data privacy practices, please contact us by email: dataprotection@wgrant.com

Complaints

You have a right under the local laws to lodge a complaint with our UK (head office) Regulator or with your local data protection supervisory authority at any time. However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.

FOR UK, you will contact the Information Commissioner’s Office- https://ico.org.uk/global/contact-us/email/

By phone: 0303 123 1113

By post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Read our latest updates

Latest about Read our latest updates
Copyright 2024, William Grant & Sons Limited,
Company no. SC131772, The Glenfiddich Distillery, Dufftown, Banffshire, AB55 4DH
×

Subscribe to the William Grant Foundation newsletter

To receive occasional updates on the work of the Foundation and our partners

Newsletter

We will use the personal details you provide here to send you updates and news in the form of an occasional newsletter. We will not use your details for any other purpose.

Developed by mtc.