Privacy Policy


Introduction

This Privacy Policy explains how we process your personal data, including how we collect, use and process your personal data, and how, in doing so, we comply with our legal and regulatory obligations. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.

This Privacy Policy applies to the personal data of Partners, Suppliers, website users and others whose personal data Montpelier Foundation Limited (referred to as “Montpelier Foundation”, “we”, “us”, or “our”) may process. For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”)), the entity responsible for your personal data is Montpelier Foundation Limited at 243, Knightsbridge, London SW7 1DN, United Kingdom.

Please note that this Privacy Policy may be amended from time to time.


GDPR Principles

The following principles are complied with when processing personal data:

  • Data is processed fairly and lawfully
  • Data is processed only for specified and lawful purposes
  • Processed data is adequate, relevant and not excessive
  • Processed data is accurate and, where necessary, kept up to date
  • Data is not kept longer than necessary
  • Data is processed in accordance with an individual’s consent and rights
  • Data is kept secure
  • Data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection

Lawful Basis of Processing Data

The lawful basis of processing of data will always be determined prior to any data being processed. The applicable laws for processing personal data under the GDPR are as follows:

  • Consent – the individual has given their Consent to the processing of their personal data
  • Contractual – processing of personal data is necessary for the performance of a contract to which the individual is a party with Montpelier Foundation
  • Legal Obligation – processing of personal data is necessary for compliance with a legal or regulatory obligation to which Montpelier Foundation is subject
  • Legitimate Interests – processing of personal data is necessary under the Legitimate Interests of Montpelier Foundation or a Third Party, unless these interests are overridden by the individual’s interest or fundamental rights
  • Public Task – processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
  • Vital Interests – processing of personal data is necessary to protect the vital interests of the individual or another individual

Montpelier Foundation processes personal data under one, or more, of the following Lawful Bases:

  • Consent
  • Contractual
  • Legal Obligation
  • Legitimate Interest

Type of Personal Data Being Processed

Montpelier Foundation collects and uses limited personal data about individuals save for its employees. Where it does use such personal data, this will normally be incidental to a professional relationship with a current or prospective customer seeking grants or investments, supplier, or where we work with nominated contacts at such organisations who hold relevant positions, such as a programme manager, contract manager, or other key decision-makers in respect of our professional relationship. In this case, we will use work based on contact information about you to liaise and keep in touch with you, as a representative of our employer or organisation in relation to our professional relationship with them.

The type of personal data being processed will typically include:

  • Name
  • Address
  • Email Address
  • Job Title
  • Telephone Number
  • Business Name

Montpelier Foundation may obtain personal data about you otherwise where:

  • you are a director, shareholder, or key person at an organisation Montpelier Foundation is considering funding or investing in;
  • you are applying for a job through Montpelier Foundation;
  • you make a request or enquiry to us.

We will sometimes obtain personal data from other sources, such as from other third parties or publicly available online sources or official records, where the data is relevant to our hiring or funding decisions for grants or investments.

Montpelier Foundation cannot identify you personally as a user of our website and save for dealing with any cyber security incident investigation, will not try to identify you from any online identifiers like your IP address. Montpelier Foundation does, however, use Google analytics cookies which collect information in an anonymous form, including the number of visitors to the site, the IP address of the visitor, time zone, where visitors have come to the site from and the pages they visited. As with many websites, this information can be used to compile statistic reports of our users’ browsing patterns so that we can improve our website and enhance user experience of it. Please see our Cookie Policy at the end of this privacy policy for more information.


How Personal Data is Collected

Personal data is obtained from one or more of the following:

  • Parties entering into agreements with Montpelier Foundation or the Hampshire Foundation Inc, our sister foundation based in the US
  • Parties approaching Montpelier Foundation to enquire about potentially receiving grants or investment from Montpelier Foundation or the Hampshire Foundation
  • Requests for information about products and services offered by Montpelier Foundation
  • Employment enquiries either at Montpelier Foundation itself or any of its affiliated organisations including portfolio organisations

Why Personal Data is Collected

Personal data is collected to provide legitimate business services which include:

  • Meeting our legal obligations (including any contractual obligations and performance under grant and investment agreements);
  • Fulfilling our legitimate interests in administering grants and investments and the Montpelier Foundation correctly and effectively, in particular for fraud detection and prevention;
  • Using the information in relation to a legal claim.

There may be circumstances where we need consent to process your data. If we do, we will ask you for it. In those cases where processing is based on consent and subject to applicable local law which provides otherwise, you have the right to withdraw your consent at any time. Where you choose not to provide us with information set out above for the purposes related to the assessing a grant or investment or with regard to the performance of our grant or investment agreements, this may prevent your ability to be eligible for a grant or investment from Montpelier Foundation.


How Personal Data is Used

Personal data may be used to:

  • Process requests for further information, to maintain records and to provide ongoing service levels to stakeholders;
  • Carry out our obligations arising from any contracts entered into by you and us;
  • Comply with legal requirements including anti-money laundering checks;
  • We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use our site and issuing our emails for us;
  • Notify you of changes to our services;
  • Send you communications which you have requested or that may be of interest to you. These may include information about referrals, introductions, Montpelier Foundation updates, or events;
  • Process a job application.

Where Personal Data is Stored

As part of any services offered by Montpelier Foundation, personal data that we collect from you may be transferred, and stored at, a destination outside the European Economic Area (‘EEA’) i.e. our servers, or third-party servers that are used to provide Montpelier Foundation services located in a country outside the EEA. It may also be processed by our staff operating outside the EEA who work for us or for one of our suppliers. By submitting your data, you consent to the transfer, storage and/or processing of your data wherever it be stored. However, if your data is transferred outside the EEA, we will take all steps reasonably necessary to ensure appropriate security measures are in place to ensure your privacy rights continue to be protected as outlined in this privacy policy.


How Long Personal Data is Stored

We review our retention periods for personal data periodically. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold personal data on our systems for the period of your relationship with us, and then, after that period ends, for as long as is necessary in connection with both our and your legal rights and obligations, or as long as is set out in any relevant contract you hold with us. This may mean that we keep some types of personal data for longer than others, but we will only retain your personal data for a limited period of time. This period will depend on a number of factors, including:

  • any laws or regulations that we are required to follow;
  • whether we are in a legal or other type of dispute with each other or any third party;
  • the type of information that we hold about you; and
  • whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.

Who Has Access to Personal Data

The personal data covered by this privacy policy is exclusively processed for the purposes referred to above and will only be shared on a strict need to know basis with:

  • Employees and board members of Montpelier Foundation;
  • Board members of the Hampshire Foundation;
  • Authorised third party agents, service providers, and/or subcontractors of Montpelier Foundation;
  • Competent public authorities, government, regulatory, or fiscal agencies where it is necessary to comply with a legal or regulatory obligation to which Montpelier Foundation is subject to or as permitted by applicable local law.

Staff are trained on security systems and relevant processes and procedures which are reviewed regularly for ongoing effectiveness and suitability for purpose. All employees are kept up-to-date on the Montpelier Foundation security and privacy practices. Employees are notified and reminded about the importance we place on privacy, and what they can do to ensure that customer information is protected.

Non-sensitive details (your email address and other requested information) are transmitted normally over the Internet and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

We will not sell or rent your information to third parties.

Third-Party Service Providers working on our behalf:

From time to time, we may ask third parties to carry out certain business functions for us, such as helping to organise events or supporting our due diligence process. We will disclose your personal data to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service, and we will enter into a contract that requires them to keep your information secure. Examples of these third party service providers include IT support, back up, and server hosting providers.

We may also share your personal data with other third parties, as directed by you.


Individuals’ Rights

Different rules apply depending on the type of Lawful Processing being undertaken. Many of the following individuals’ rights apply, however, whatever the basis of processing:

  • The right to be informed how personal data is processed
  • The right of access to your personal data
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

The accuracy of personal data is imperative. We aim to keep it updated at all times. The personal data we hold on you is available upon request by contacting info@montpelierfoundation.org.uk or calling us on +44 (0) 207 591 2191. You can request that your data is updated and/or deleted at any time, unless Montpelier Foundation can justify that it is retained for legitimate business or legal purpose. When updating your personal data, you may be asked to verify your identity before your request can be actioned.


Cookies Policy

Like many websites, our website uses “cookies”. A cookie is a piece of data stored on a user’s device containing information about the user’s visit to a website (including this website).

Our website uses Google Analytics cookies which collect information in an anonymous form, including the number of visitors to the site, the IP address of the visitor, time zone, where visitors have come to the site from and the pages they visited. As with many websites, we use this information to compile statistic reports of our users’ browsing patterns so that we can improve our website and enhance user experience of it.

You can change your user settings in your browser to prevent us storing cookies on your device. You can find out how to do this, and find more information on cookies, at: www.allaboutcookies.org. Your browser’s help function should also provide information on how to change your cookie settings. Please note that if you adjust your internet browser settings to refuse the setting of cookies, you may be unable to access or fully use certain parts or functionality of the website.

For your convenience, we’ve provided links to the cookie management page for the most popular browsers:

By continuing to use this website, you consent to us storing and accessing the above cookies on your browser or device.


We may revise this policy at any time. We suggest you review the policy periodically for changes.

4 July 2018