Skip to content Skip to footer

Benenden Charitable Trust Privacy Notice

This privacy notice tells applicants and donors of Benenden Charitable Trust (BCT) what to expect when BCT collects, uses, retains and discloses your personal information. Personal information is information that (on its own or together with other information) identifies you and is about you. This includes what you tell us about yourself and what we learn by having you as an applicant or donor. This notice was last updated in February 2022.

Benenden Charitable Trust is a fully owned subsidiary of The Benenden Healthcare Society Ltd.

When we refer to Benenden Charitable Trust or to BCT (or to ‘we’, ‘us’, or ‘our’), we mean:

  • The Benenden Charitable Trust;

  • which is registered at Holgate Park Drive, York, YO26 4GG.

  • Its registered charity number is 1106287.

The Benenden Healthcare Society Ltd has a separate privacy notice for members and customers. If you are a member or customer of The Benenden Healthcare Society Ltd, their privacy notice explains how they handle your personal information.

To ensure that we process your personal information fairly and lawfully, this notice informs you:

  • Why we need your personal information;

  • How it will be used;

  • With whom it will be shared; and

  • What rights you have in relation to the personal information we collect.

Within this notice we describe instances where BCT is the ‘data controller’ (the organisation who decides what personal information is collected and how it is used), and where we direct or commission the processing of personal information by third parties on our behalf to provide services or improve our offering to you.

We recognise the importance of protecting personal and confidential information in all that we do. We take care to meet our legal duties, and we put in place all reasonable technical, security and procedural controls required to protect your personal information for the whole of its life, in whatever format we hold that information in.

Your privacy is protected by law, which says that we can use your personal information only if we have a proper reason to do so. This includes sharing it outside of BCT. The reasons why we may process your personal information are:

  • To fulfil a contract we have with you;

  • When it is our legal duty;

  • When it is in our legitimate interest; or

  • When you consent to it.

A legitimate interest is when we have a business or commercial reason to use your information, but this must not unfairly go against your rights or freedoms. If we rely on our legitimate interest, we will tell you what that is.

Below is a list of the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are. For further information in relation to the marketing that we undertake, please see the ‘Marketing’ section below.

  • To manage our relationship with you, and communicate with you.
  • To respond to complaints and seek to resolve them.
  • To provide you with services offered to BCT applicants.
  • Fulfilling contracts.
  • Our legal duty.
  • Our legitimate interests.
  • Keeping our records up to date.
  • Complying with regulations that apply to us.
  • Being efficient about how we fulfil our legal and contractual duties.
  • To develop and carry out marketing activities including fundraising and asking for, collecting and managing testimonials.
  • To conduct analysis and research activities to improve and develop our services.
  • Our legitimate interests.
  • Your consent.
  • Collecting and using testimonials.
  • Recording your consent when we need it to contact you.
  • To detect, investigate, report and seek to prevent financial crime.
  • To manage risk for us and our applicants and donors.
  • To comply with regulations that apply to us.
  • To run our charity in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance and audit.
  • Our legal duty.
  • Our legitimate interests.
  • Developing and improving how we deal with financial crime .
  • Complying with regulations that apply to us.
  • Being efficient about how we fulfil our legal and contractual duties.


We process personal information to enable us to run BCT, to support the provision of services to applicants, to maintain our own accounts and to promote our services.

The types of personal information we use include:

  • Personal details (such as names, addresses, telephone numbers, dates of birth);

  • Employment details, work or profession details for individuals;

  • Financial details;

  • Details of when you contact us and when we contact you (including voice recordings of telephone calls and copies of written communications such as emails or letters);

  • Any consents which you have given us in relation to the processing of your information;

  • Physical or mental health details. Such information requires special protection by law – we will always explain what information we require and why it is needed when collecting this information. It will always be processed and stored securely.

We may collect your personal information from the following sources:

Personal information you give to us:

  • When you apply or donate to BCT;

  • When you contact us (for example by phone, email or letter);

  • In applicant surveys or any other research activity we may conduct with you;

  • When we provide you with services.

Personal information from third parties that we work with:

  • Details of your application from select partner charities that think we may be able to provide you with support (when you have consented to your details being shared).

We may need to collect personal information by law, or under the terms of a contract we have with you.

If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot offer assistance to you. We will notify you if your choice not to give personal information to us would result in a delay or prevent us from meeting our obligations.

Any personal information that is optional will be clearly marked at the point of collection.

We may share your personal information between Benenden Healthcare Society Ltd, Benenden Charitable Trust, and Benenden Wellbeing Ltd for these reasons:

  • Assisting in verifying your identity;

  • Assessing risks;

  • Understanding your requirements;

  • Developing, testing, researching and improving products and services;

  • Legal and regulatory compliance;

  • Preventing or detecting financial crime;

  • Complaints handling; or

  • Improving customer service.

Your personal information will only be shared with third party organisations when required (for example for legal obligations or regulatory requirements, in respect of the services provided by us) or with your explicit consent (when we think a partner charity may be able to provide you with assistance and you would like us to share your details with them).

These types of organisations are:

  • Selected partner charities;

  • HM Revenue & Customs, our regulators and other authorities, including fraud prevention agencies (where required or permitted by law).

In the usual course of our business, we may use other third party organisations known as ‘data processors’ under data protection law to support the essential delivery of our services. These organisations process your personal information on our behalf.

These types of organisations are:

  • Providers of business services such as auditors, consultants, solicitors and/or insurers (to enable us to run BCT efficiently);

  • Providers of records management services such as secure disposal suppliers, and IT storage providers (to enable us to secure data efficiently);

  • Providers of IT systems or services (to enable us to run BCT efficiently);

  • Companies you ask us to share your personal information with (upon request).

When we share your information with our approved third party providers, our contractual relationship with them prevents them from using your information for any other purpose outside of our instructions to them. They may use their own third party data processors, but are always required to meet the same legal requirements as we are.

BCT will never sell your information, or share it with external companies for their own marketing purposes.

The UK GDPR and DPA 2018 hold the UK to high standards of data protection. If we transfer information outside of the UK, we will make sure that it is protected to these standards.

We will only send your personal information to countries outside of the UK to:

  • Follow your instructions;

  • Comply with a legal duty; or

  • Work with other third party organisations (as detailed above) who we use to help provide our services to you.

We will always use one or more of these safeguards:

  • Transfer it to a country with privacy laws that give the same protection as the UK;

  • Make use of Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), where suitable, to facilitate the transfer of personal and special category data between ourselves and an international organisation.

We may use your personal information to ask you about your experience with BCT and ask you to provide us with a testimonial. When you agree to provide a testimonial, we will provide you with information on what we will use your testimonial for.

We can only use your personal information to send you marketing messages if we either have your consent or a ‘legitimate interest’. Legitimate interest is when we have a business reason to use your information for marketing purposes (which will not unfairly go against your rights and freedoms). In other words, we will not market to you based on legitimate interest if you have told us that you do not want to receive such marketing or are registered on a preference services list.

We have a legitimate interest to:

  • Write to you to ask you to provide us with a testimonial.

We will ask your explicit consent to send you any other marketing messages.

You can withdraw your consent at any time. If you want to do so, please contact us by:

  • Writing to us at: Benenden Charitable Trust, Holgate Park Drive, York, YO26 4GG;

  • Emailing; or

  • Telephoning Member Services on 0800 414 8450.

We will keep your personal information for the duration of your application for assistance from BCT.

After your application is completed:

  • We will keep your personal information for the minimum time necessary.

  • We may keep your personal information for up to 7 years for one of these reasons:

    - To respond to questions or complaints;
    - To show that we treated you fairly; or
    - To maintain records according to legal requirements and documented business need.

  • We may keep your personal information for longer than 7 years if we cannot delete it for legal, regulatory or technical reasons. In these circumstances, we will make sure that your privacy is protected and only use it for legal or regulatory purposes.

In order to exercise your rights under data protection law, we will need to verify your identity for your security.

You can contact us by emailing, writing to Data Protection Officer, The Benenden Healthcare Society, Holgate Park Drive, York, YO26 4GG or telephoning Member Services on 0800 414 8450.

You can request a copy of your personal information, as well as why we have that personal information, who has access to that personal information and where we got that personal information from at any time. Once we have received your request we will respond within one calendar month.

You have the right to question any information we hold on you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.

You have the right to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and the ‘right to erasure’ (or ‘right to be forgotten’).

We may be able to restrict the use of your personal information so that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.

You can ask us to restrict the use of your personal information if:

  • It is not accurate;

  • It has been used unlawfully but you don’t want us to delete it;

  • It is not relevant any more, but you want us to keep it for use in legal claims; or

  • You have already asked us to stop using your personal information but you are waiting for us to assess your request and confirm whether we are permitted to continue using the personal information under data protection law.

  • If you want to object to how we use your personal information, or ask us to restrict how we use it, please contact us using the details above.

If you feel that we should no longer be using your personal information, or that we are illegally using your data, you can request that we erase the personal information we hold on you. When we receive your request, we will confirm whether the personal information has been deleted or tell you the reason why it cannot be deleted. There may be legal reasons why we need to keep your personal information.

If you want to request that we erase your personal information, please contact us using the details above.

You have the right to get copies of your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information to other organisations. To request this, please contact us using the details above.

If you are not satisfied with our response or believe that we are not processing your personal information in accordance with the law, you can complain to the Information Commissioner’s Office (ICO) by emailing or telephoning 0303 123 1113. Additional contact methods are detailed on their website.

We regularly review our privacy notice. We will publish any updates on the Benenden website and inform applicants of any changes at the time we next communicate with them. You can request a copy of our privacy notice by us using the details above.

When you contact us, we will need to verify your identity for your security. Verifying identity is an important way of safeguarding against criminal activities including the prevention of illicit access to your information.

If we are unable to validate your identity, we may ask you to provide further evidence so that we can access your information.

Benenden and its subsidiaries are not governed by the Freedom of Information Act as neither Benenden nor any of its subsidiaries are a public authority.

If you have any questions about this privacy notice or our processing of information, if you wish to raise a complaint on how we have handled your personal information, or if you wish to exercise any of the rights set out in this privacy notice, please contact our Data Protection Officer by emailing or writing to: Data Protection Officer, The Benenden Healthcare Society, Holgate Park Drive, York, YO26 4GG.