Education Endowment Foundation:Privacy notices

Privacy notices

Education Endowment Foundation

The Education Endowment Foundation (EEF) is an independent charity dedicated to breaking the link between family income and educational achievement. To find out more about our mission, please click here.

Our Head of Finance and Operations is responsible for overseeing questions in relation to this privacy notice and is supported by the Data Protection Officer. If you have any questions about this privacy notice or how your data is used by the EEF, including any requests to exercise your legal rights, please contact the Head of Finance and Operations using the details set out below.

Anne-Laure Bedouet (Head of Finance and Operations)
Education Endowment Foundation (EEF)
Millbank Tower
21 – 24 Millbank
London SW1P 4QP

You can telephone us on 0204 536 3999, or email us at: info@​eefoundation.​org.​uk

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. You are not normally required to pay any charge for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We have one month to respond to you under normal circumstances, though this may be extended if your request is particularly complex.

If you wish to exercise any of these rights, please contact Anne-Laure Bedouet (Head of Finance and Operations) using the contact details above. You can find out more about your rights by visiting the Information Commissioner’s Office (ICO) website page on exercising your rights.

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can find out more about this right on the ICO website.

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can find out more about this right on the ICO website.

You have the right to ask us to erase your personal information in certain circumstances. You can find out more about this right on the ICO website.

You have the right to ask us to restrict the processing of your information in certain circumstances. You can find out more about this right on the ICO website.

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests. You can find out more about this right on the ICO website.

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can find out more about this right on the ICO website.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk/). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk/). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

This may include retaining data after you have made an opt-out or similar request to ensure that you are not subsequently sent information by mistake and to protect against, for example, malicious attempts to add you to lists you do not wish to be a member of.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of how long your data will be retained are detailed in the relevant privacy notices linked above.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

This website includes links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for how they use your personal information. When you leave our website, we encourage you to read the privacy notice of every website you visit.

We use Microsoft Office as a third party to process your data in all our work. Please refer to its privacy notice, available here, for further details.

The EEF website, including all data provided by users through it, is managed by a third party, Percipio. Please refer to its privacy notice, available here, for further details.

We use third parties for the purposes of customer relationship management. These include Salesforce (our CRM system), Hyphenate Ltd and Form Assembly (to collect data).

Other data processors specific to how you have engaged with the EEF are detailed in the relevant privacy notices linked above.

Data protection and GDPR issues are overseen by a Data Protection working group which meets regularly to monitor ongoing compliance, review risks, and address new data protection issues. The group is headed by the Head of Finance and Operations and supported by the Data Protection Officer and colleagues from relevant EEF teams. The working group reports into the EEF’s Finance and Fundraising Committee, with issues escalated to the Board of Trustees when needed.

EEF’s Data Protection Officer is Alan Martin who can be contacted via dpo@​eefoundation.​org.​uk

All EEF staff have undergone training in data protection and the implications of GDPR. Colleagues with particular responsibilities for data protection have undergone further training. The Data Protection working group continues to review the training needs of the team to ensure the EEF’s approach remains up-to-date.

This version was last updated on 23 November 2022; historic versions can be obtained by contacting us.