Privacy Policy

Who We Are

Our website address is: richardbainesfoundation.org

Data Controller (UK GDPR Requirement)

For the purposes of the UK GDPR and EU GDPR, the data controller responsible for your personal data is:
Richard Baines Foundation  
Charity Number: 1205807
Charity Contact: hello@autohorn.co.uk

Comments

When visitors leave comments on the site, we collect the data shown in the comments form, along with the visitor’s IP address and browser user agent string to assist with spam detection.

An anonymised hash of your email address may be sent to the Gravatar service. Their privacy policy is available at https://automattic.com/privacy/. Once your comment is approved, your profile image may be publicly visible.

Media

If you upload images, avoid uploading images containing embedded location data (EXIF GPS). Visitors to the site may download and extract this information.

Forms & Grant Enquiries

We use forms to collect information related to grant enquiries, grant applications, and general contact messages. This may include:

  • Name, email address, phone number

  • Organisation details

  • Project information

  • Attachments

  • IP address and browser details (for security and spam prevention)

Form data is emailed to us and may also be stored securely within our website’s database.

We use this information solely to respond to your enquiry, assess grant applications, and manage our charitable administration and regulatory duties.

We do not sell or share this information for marketing purposes.

Cookies

If you leave a comment, you may opt in to saving your name, email address, and website in cookies. These last for one year and exist for your convenience.

If you visit our login page, we set a temporary cookie to determine whether your browser accepts cookies. It contains no personal data and is discarded when you close your browser.

When you log in, several cookies are set to store your login details and display preferences. Login cookies last for two days; screen options cookies last for one year. Selecting “Remember Me” keeps you logged in for two weeks. Logging out removes the login cookies.

If you edit or publish an article, an additional cookie will be set which stores the post ID of the article you edited. It expires after one day and contains no personal data.

Embedded Content from Other Websites

Articles on this site may include embedded content (e.g., videos, images, articles). Embedded content behaves in exactly the same way as if you visited the originating website.

These external websites may collect data about you, use cookies, embed third-party tracking, and monitor your interaction with their embedded content.

Who We Share Your Data With

If you request a password reset, your IP address will be included in the reset email.

Forminator submissions are shared only with authorised personnel within our organisation who need access to process your enquiry or application, or to maintain website security.

We do not share your data with third parties for marketing or commercial purposes.

How Long We Retain Your Data

  • Comments and their metadata are retained indefinitely.

  • Forminator submissions relating to grants or enquiries may be retained as long as required for charitable administration, audits, or legal compliance.

  • For registered users (if applicable), personal information in user profiles is stored indefinitely and can be edited or deleted at any time (usernames cannot be changed). Website administrators can also view and edit this information.

GDPR-Specific Sections

Lawful Bases for Processing Personal Data

We process personal data under the following lawful bases:

• Consent – When you voluntarily submit a form, comment, or upload information.
• Legitimate Interests – For website security, fraud prevention, and improving user experience.
• Contract – When processing information required to consider or administer grant applications.
• Legal Obligation – When required to retain records for charity regulation, financial audits, safeguarding, or other legal duties.

Your GDPR Rights

Under the UK GDPR and EU GDPR, you have the right to:

  • Access your personal data.

  • Rectify inaccuracies or incomplete information.

  • Request erasure of your data (where legally applicable).

  • Restrict processing of your data.

  • Object to processing based on legitimate interests.

  • Request data portability in a machine-readable format.

  • Withdraw consent at any time (where consent was the lawful basis).

To exercise these rights, contact us at:
hello@autohorn.co.uk

International Data Transfers

If personal data is transferred outside the UK or EU by any of our service providers, we ensure that appropriate safeguards are in place, including:

  • UK or EU adequacy regulations

  • Standard Contractual Clauses (SCCs)

  • Equivalent legally recognised safeguards

Our primary hosting environment is located in UK/EU.

How We Protect Your Data

We implement technical and organisational measures to protect your personal information, including:

  • Encrypted connections (HTTPS)

  • Secure server environments

  • Limited access for authorised personnel

  • Security and anti-spam tools

  • Regular updates and security monitoring

While no system is completely secure, we take reasonable steps to safeguard your data.

Where Your Data Is Sent

  • Visitor comments may be checked through automated spam detection services.

  • Forminator submissions may be processed through security and anti-spam tools before reaching our inbox.

Complaints & Supervisory Authority

If you have concerns about how we handle your personal data, you may contact us directly at:
hello@autohorn.co.uk

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK, or your local supervisory authority within the EU.