Education Endowment Foundation:Privacy notice for EEF grantees and suppliers

Privacy notice for EEF grantees and suppliers

How we look after your personal data when you supply goods or services to us, receive a grant or partner with us

Introduction

This privacy notice will inform you as to how we look after your personal data when you supply goods or services to us, receive a grant or partner with us. This page should be read in conjunction with our privacy notice main page which covers information relevant to anyone whose data is used by the EEF.

Purpose and lawful basis for processing

Your data will be used to process your invoice or grant claim and its payment. It will also be used to contact you to agree on a contract or a purchase order with you. We will also use your data to process the payment of invoices, expense claims or grant claims.

The lawful basis we rely on for processing your personal data is the processing necessary to perform a contract or to take steps at your request, before entering a contract.

What we need and why we need it

We collect your title, name, address, previous names or addresses (where relevant), email address and telephone number, bank details, records of payments made. We need this information in order to process your invoices or claims.

How long we keep it

We only keep your data for as long as we need it, which, for financial transactions can be up to 7 years.

DocumentRetention Period
Invoices / Expense or Grant claim forms6 years (from end of financial year in which the transaction was made)
Bank records of payments made6 years (from end of financial year in which the transaction was made)

Document Retention period

Invoices / Expense or Grant claim forms 6 years (from end of financial year in which the transaction was made)

Bank records of payments made 6 years (from end of financial year in which the transaction was made)

What are your rights?

For more information on your rights, please see​‘Your rights’​on our privacy notice main page.

Do we use any data processors?

Yes, we use the following third parties to process your data.

Employees within our company who have responsibility for finance and administration will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processed in line with GDPR.

Data is shared with third parties for the following reasons:

We may also share your data with third parties for other reasons to comply with a legal obligation upon us. We have a data processing agreement in place with such third parties to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

Our accounting software packages, Quickbooks and SAP Concur, store data in the US and we rely on standard contractual clauses to justify transferring the data overseas. For more details about how they use the data, see the links above.