Menu
John Smith Trust

Privacy Policy

This Privacy Policy sets out how we, The John Smith Trust, obtain, store and use your information when you use or interact with our website, https://johnsmithtrust.org/ (our website), or where we otherwise obtain or collect your information. The effective date of this Privacy Policy is 17/07/2025.

  • Summary

    This section summarises how we obtain, store, and use information about you. It provides a general overview only and must be read in conjunction with the corresponding full sections of this Privacy Policy.

    Data controller: The John Smith Trust.

    How we collect or obtain information about you:

    • when you provide it to us (e.g. by contacting us or applying to participate in one of our fellowship programmes),
    • from your use of our website, using cookies and similar technologies, and
    • from third parties.


    Information we collect:     Name, contact details, IP address, information from cookies, information about your computer or device (e.g. device and browser type), how you use our website (e.g. which pages you view, when, and what you click on), geographical location (based on IP), company or business name (if applicable), residential address, country of origin, profession and career information, employer and employment history, reasons for applying to our programmes and other application details, information from referees, ethnic origin, race and religion, and medical information.

    How we use your information: To administer our programmes and charity (including processing applications), to contact you, improve our website and services, fulfil contractual obligations, analyse usage, promote our programmes, and comply with legal requirements.

    Disclosure of your information to third parties: Only where necessary to operate our charity, with our service providers and partners, to fulfil contracts with you, comply with legal obligations, or protect our legal rights.

    Do we sell your information to third parties: No — we do not sell your personal information under any circumstances.

    How long we retain your information: Only as long as necessary for our purposes, taking into account legal obligations, contractual requirements, or our legitimate interests. For specific retention periods, see the main section: How long we retain your information.

    How we secure your information: We use appropriate technical and organisational measures, including secure servers, SSL encryption for data transfers, and limiting access to necessary personnel only.

    Use of cookies: We use essential, functional, analytical, and targeting cookies. For more information, see our cookies policy.

    Transfers of your information outside the European Economic Area (EEA): Where we transfer your data outside the EEA, we ensure adequate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission. Where applicable, we ensure recipients offer an adequate level of data protection.

    Use of automated decision-making and profiling: We do not use your information for automated decision-making (including profiling) that has legal or similarly significant effects on you.

    Your rights in relation to your information:

    • to access your information and receive details about its use
    • to have your information corrected and/or completed
    • to have your information deleted
    • to restrict the use of your information
    • to receive your information in a portable format
    • to object to the use of your information
    • to withdraw your consent to the use of your information
    • to lodge a complaint with a supervisory authority


    Sensitive information:     We collect what is commonly referred to as ‘sensitive personal information’. For more information, see the main section entitled Sensitive Information.

    Children’s privacy: We do not knowingly collect information from anyone under the age of 18.

    Changes to this Privacy Policy: We may update our Privacy Policy from time to time. Minor updates will be reflected by a new effective date. For major changes, we will provide notice (by email or website banner) and obtain your consent where required.

  • Our details

    The data controller in respect of our website is The John Smith Trust (charity registration number: 1174898) of 3rd Floor Suite, 207 Regent Street, London, England W1B 3HH

    The data controller is the person which determines the purposes and means of processing your information.

    You can contact the data controller by writing to 3rd Floor Suite, 207 Regent Street, London, England, W1B 3HH or sending an email to enquiries@johnsmithtrust.org.

    If you have any questions about this Privacy Policy or how we handle your data, please contact the data controller using the details above.

  • How we collect or obtain information about you

    Information collected from you

    We collect information about you when you provide it to us, such as through your use of our website and its features, when you contact us directly by email, phone, in writing, or via social media, when you apply to join one of our programmes, when you use any of our other websites or applications or any other means by which you provide information to us. The type of information we collect about you includes information such as:

    • your name
    • your email address
    • your address
    • your phone number
    • your IP address
    • information about your device (e.g. device and browser type)
    • information about how you use our website (e.g. which pages you have viewed, the time you viewed them and what you clicked on)
    • information about your mobile device (such as your geographical location)
    • country of origin
    • profession and career information
    • job title
    • employment history
    • your reasons for applying to our programme
    • other information you provide in your application
    • ethnic origin and racial background
    • religious beliefs
    • medical information you provide (e.g. dietary requirements or disability-related details)

    Information received about you from third parties

    We do receive information about you from third parties. The third parties from which we receive information about you will generally include the referees you provide when you make an application to our programme.

    It is also possible that third parties with whom we have had no prior contact may provide us with information about you.

    Information we obtain from third parties will generally be your name and contact details, but will include any additional information about you which they provide to us.

    Our use of cookies

    Cookies are data files which are sent from a website to a browser to record information about users of a website.

    We use cookies and similar technologies on or via our website. For further information on how we use cookies, including the types of data collected, please see our Cookies Policy.

    You can reject some or all of the cookies we use on or via our website by changing your browser settings, but doing so may impair your ability to use our website or some or all of its features. For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org

    We also use Google Analytics to understand how you engage with our website. For information on how Google Analytics collects and processes data using cookies, please see Google’s Partner Policy. You can opt out of Google Analytics tracking by visiting: http://tools.google.com/dlpage/gaoptout

    Information obtained by us from third parties

    In certain situations (for example, to verify or supplement the information you have provided) we may collect data about you from publicly accessible sources, both within and outside the EU. These may include:

    • The electoral register
    • Companies House
    • business directories
    • media publications
    • social media platforms
    • public websites (including your own, if you have one)


    Legal bases for processing

    Where you have entered into a contract or requested that we enter into a contract with you, we may use publicly available information about you to help us provide services or meet our obligations, for example, to screen applicants for our fellowship programmes or confirm contact details.

    In certain circumstances, we may process your information based on our legitimate interests. For instance, if we suspect infringement of our legal rights, we may collect and process information from public or private sources to investigate and respond appropriately.

  • How we use your information

    We may use your personal information for one or more of the following purposes. The legal basis on which we use your information is set out and explained after each purpose: 

    Administrative and charitable purposes

    • Improving our website and services – This includes personalising our website and services for you and other charity beneficiaries. This processing is based on our legitimate interest in in better understanding the needs and preferences of our community.
    • Communicating directly with you – For example, to share updates, respond to your enquiries, or notify you of changes to our website, policies, or services. This is based on our legitimate interest in maintaining good communication with our users.
    • Protecting the charity and its interests – This includes credit or background checks (where lawful), fraud prevention, website misuse detection and debt recovery. Such processing is based on our legitimate interest in safeguarding our organisation and complying with legal requirements. 
    • Communicating with our charity advisors and legal representatives – We may share your information when necessary to obtain advice, to the minimum extent necessary, and subject to confidentiality protections. This is based on our legitimate interest in obtaining such advice.
    • Sharing your information with partners and service providers – This may include affiliates, insurers, session providers (such as the British Group of the Inter-Parliamentary Union), British embassies in your country of origin or residence, IT and email service providers, and contractors. We do this when necessary for:
      • the legitimate interest of effectively running our programmes and operations,
      • the performance of a contract (e.g. insurance obligations), or
      • for direct marketing purposes (where allowed by law).
    • In all such cases, we limit what is shared, anonymise where possible, and apply confidentiality measures.
    • Ensuring IT and network security – Including protection from malware, unauthorised access, or attacks. This is based on our legitimate interest in protecting our systems and data.
    • In the event of a charity reorganisation or disclosure request – For example, if our charity is restructured or we receive a legal request. This processing is based on our legitimate interest in fulfilling legal duties and organisational continuity.
    • Sending you marketing communications – Where legally permitted, we may contact you with information about our programmes and activities. This is based on our legitimate interests of direct marketing and promoting our charity. Where consent is required by law, the legal basis on which we process your information will be your consent rather than our legitimate interests.


    Advertising and analytical purposes

    • Statistical analysis and reporting – We may share anonymous data with third parties, such as Google Analytics, to improve our understanding of how users interact with our website and services. This is based on legitimate interests in improving our outreach and user experience.
    • Advertising and engagement tracking – We may display relevant ads and analyse engagement data to evaluate performance. This is based on our and third parties’ legitimate interests in targeted marketing and campaign analysis.


    Legal and and regulatory purposes

    • Enforcing our legal rights – For example, in contractual or other disputes. This is based on our legitimate interests in protecting our charity and enforcing our rights.
    • Reporting criminal activity or threats – We may share your data with relevant authorities where necessary to prevent crime or threats to public safety. This may be based on a legal obligation, public interest, or legitimate interest of law enforcement bodies.
    • Handling legal proceedings or investigations – We may use or share your information in connection with a dispute, litigation, or regulatory process, based on our legitimate interests or compliance with legal obligations.
    • Compliance with legal obligations – This includes duties such as anti-money laundering checks, responding to court orders, and adhering to tax laws. This is necessary to comply with legal obligations to which we are subject.In some cases, we may process your data to comply with legal obligations from other jurisdictions, particularly where they have been incorporated into UK law (e.g. international agreements which the UK has signed), or where it is in our legitimate interest to comply, even if not strictly required by UK law.


    Use of your information only where we have your consent

    Where we process your information on the basis of your consent, you can withdraw your consent to such processing at any time by emailing us at enquiries@johnsmithtrust.org or writing to us at 3rd Floor Suite, 207 Regent Street, London, England, W1B 3HH.

  • How long we retain your information

    Retention periods

    Programme Information for successful applications:
    If you participate in one of our programmes, we will retain the information you provide in your application for six years after your programme ends. This is to allow us to manage any potential claims relating to your participation.
    After this period, we will delete your personal information, except for basic details retained for alumni engagement, marketing, and record-keeping purposes, such as your name, email address, and country of origin.

    Correspondence and enquiries:
    If you contact us (via email, phone, our contact form, or other means), we will retain your information for as long as necessary to respond and resolve your enquiry. Once resolved, we will retain your information for a further three years, after which it will be securely deleted.

    E-Newsletter:
    We will retain the contact information you provided for our e-newsletter for as long as you remain subscribed. If you unsubscribe or we discontinue the newsletter, your information will be deleted.

    Application Information if you are not successful:
    If you apply to one of our programmes and are not successful, we will retain your application information for a further three years from the date that we notify you of the outcome of your application. This allows us to respond to any follow-up questions or concerns, or to consider you for future opportunities (if applicable).

    Criteria for determining retention periods

    In all other circumstances, we retain personal information only for as long as necessary. When determining appropriate retention periods, we consider:

    • The purpose(s) for which the information is used now and in the future (e.g. contractual or ongoing engagement);
    • Whether we are under any legal obligation to retain it (e.g. for tax, audit, or regulatory compliance);
    • Whether we continue to have a lawful basis to process the information (e.g. consent)
    • The current and future value of the information;
    • Accepted industry standards or best practices for data retention;
    • The risks, liabilities, and costs associated with continued storage;
    • The difficulty of maintaining accurate and up-to-date information; and
    • Any other relevant factors (such as the nature of our relationship with you).
  • How we secure your information

    We take appropriate technical and organisational measures to safeguard your personal information and protect it against unauthorised access, unlawful use, accidental loss, destruction, or damage. These measures include:

    • Limiting access to your information to only those who need it, and only to the minimum extent necessary;
    • Applying confidentiality obligations and, where possible, anonymising the information;
    • Storing your information on secure servers;
    • Verifying the identity of individuals requesting access before granting it;
    • Using Secure Sockets Layer (SSL) encryption for any information you submit through forms on our website;
    • Transferring data only via secure, closed systems or encrypted methods; and
    • Requiring two-factor authentication for access to cloud-based systems holding personal data

     

    Transmission of information to us by email

    Please note that the transmission of information over the internet is not completely secure. If you choose to submit information to us online (by email, through our website, or by other internet-based means), you do so at your own risk.

    We cannot accept responsibility for any costs, losses, damages, liabilities, or other consequences arising from the unauthorised interception or misuse of information transmitted to us in this way.

  • Transfers of your information to other countries and safeguards used

    We may need to transfer your personal information outside the country in which it was collected, including to countries outside the United Kingdom and the European Economic Area (EEA), or to international organisations.

    Where we do so, and where the destination country is not subject to an adequacy decision by the European Commission or the UK Government (as applicable), we will ensure that appropriate safeguards are in place to protect your information. These safeguards may include:

    • Binding corporate rules (BCRs) that apply within our organisation and comply with relevant data protection laws;
    • Standard contractual clauses (SCCs) approved by the European Commission or adopted by the UK Information Commissioner’s Office (ICO);
    • Approved codes of conduct or certification mechanisms, as recognised by the ICO;
    • Contractual agreements authorised by the ICO, where applicable; or
    • Other legally permitted safeguards.


    You can access these safeguards by emailing     enquiries@johnsmithtrust.org.

  • Your rights in relation to your information

    Subject to certain limitations, you have the following rights in relation to your personal data. You can exercise these rights by writing to us at 3rd Floor Suite, 207 Regent Street, London, England, W1B 3HH or by emailing enquiries@johnsmithtrust.org:

    • Access: to request access to the personal information we hold about you and details of how we use it.
    • Rectification: to request correction of inaccurate or incomplete information we hold about you.
    • Erasure: to request the deletion of your information in certain circumstances.
    • Restriction: to request that we restrict the use of your information in certain situations (e.g. while a complaint is being investigated).
    • Portability: to receive the personal data you have provided to us in a structured, commonly used and machine-readable format (e.g. CSV), and to request that we transfer it to another data controller.
    • Objection: to object to our processing of your information for certain purposes (see below under Your right to object to processing).
    • Withdraw consent: to withdraw your consent at any time where we rely on it to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
    • Complaint: to lodge a complaint with a supervisory authority, particularly in the UK, your country of residence, place of work, or where an alleged breach of data protection law has occurred.

    For UK residents, the relevant supervisory authority is the Information Commissioner’s Office (ICO). You can find their contact details here:
    https://ico.org.uk/global/contact-us/

    More information about your rights

    Please note that the rights outlined above may be subject to certain legal limitations. You can read more detailed guidance about your rights under data protection law on the ICO’s website:

    You can also consult the full text of the relevant GDPR provisions (Articles 12–22 and 34) here:
    https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679

    Verifying your identity
    When you request access to your information, we are required by law to verify your identity using reasonable measures before disclosing personal data. This is to protect your information from unauthorised access and reduce the risk of identity fraud or theft.

    How we verify your identity
    Where possible, we will verify your identity using information we already hold. If we cannot do so, we may ask you to provide additional documentation, such as original or certified copies of ID documents. We will let you know what is required in your specific case.

  • Your right to object to the processing of your information for certain purposes

    You have the following rights in relation to your information, which you may exercise by writing to 22 Bramshill Gardens, London, NW5 1JH or sending an email to enquiries@johnsmithtrust.org:

    • to object to our use or processing of your information where we rely on the public interest or our legitimate interests (including any profiling based on those grounds)
    • to object to our use or processing of your information for direct marketing purposes (including profiling related to direct marketing).

    You can also object to direct marketing by doing one of the following:

    • clicking the unsubscribe link contained at the bottom of any marketing email we send to you and following the instructions;
    • sending an email to enquiries@johnsmithtrust.org asking that we stop sending you marketing communications or by including the words “OPT OUT”.

    For information on how to control cookies and similar technologies, please see our cookies policy.

  • Consequences of not providing your information to us

    Where you wish to join one of our programmes, we require you to provide the necessary information in order to process your application and to enroll you on such a programme. We may also require your information pursuant to a statutory obligation (for example, in order to process a temporary visa application).

    If you do not provide your information, we will not be able to process your application or enroll you on our programme.

  • Sensitive Personal Information

    ‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.

    We may process sensitive personal information as part of administering our programmes, but only where you have explicitly consented to us doing so.

    This may include health-related information, such as disabilities, dietary requirements, or allergies – especially where adjustments or support are required to ensure your safety or participation during a programme.

    We may also collect and process information relating to your ethnic background, religion, or political context in your country of origin. This is done for equality, diversity, and inclusion (EDI) monitoring purposes and to better understand the composition and representation of our fellows across countries and communities.

    Except as outlined above, we do not intentionally collect sensitive personal information, and we ask that you do not submit any such data unless specifically requested.

    If you do choose to share sensitive personal information with us (intentionally or unintentionally), we will treat this as your explicit consent for us to process that data under Article 9(2)(a) of the UK GDPR – but only for the purpose of managing or deleting that data in accordance with our obligations.

  • Changes to our Privacy Policy

    Updates to this Privacy Policy

    We may update or amend our Privacy Policy from time to time.

    Minor changes

    When we make minor changes, we will update the Privacy Policy with a new effective date at the top of the page. From that date onwards, our processing of your information will be governed by the updated Privacy Policy.

    Major changes or changes to the purpose of processing

    If we make significant changes to the Privacy Policy, or if we intend to use your information for a new or different purpose than originally stated, we will notify you either by email (where possible) or by posting a clear notice on our website.

    We will provide details about the nature of the change, the intended purpose, and any other relevant information before using your information for that new purpose.

    Where required by law, we will seek your prior consent before using your information for any new purpose that differs from the one for which it was originally collected.

  • Children’s Privacy

    We are committed to protecting the privacy of children. In accordance with data protection laws, including the UK General Data Protection Regulation, we do not knowingly collect or process personal data relating to individuals under the age of 18.

    Our website and services are not directed at children, and we do not knowingly solicit, collect, or store personal information from anyone under 18 years of age.

    In the event that we become aware that we have collected personal information relating to a person under the age of 18 without appropriate consent or legal basis, we will take steps to delete that information promptly. Where required by law, we may seek verified parental or guardian consent before taking further action.

    If you believe we have collected information from or about a person under 18 without the necessary consent, please contact us at: enquiries@johnsmithtrust.org

  • California Do Not Track Disclosures

    “Do Not Track” (DNT) is a privacy preference that users can enable in certain web browsers. When activated, it sends a signal to websites requesting that the user’s browsing activity not be tracked.

    At this time, our website does not respond to Do Not Track signals or similar mechanisms.

    For more information about Do Not Track, please visit www.allaboutdnt.org.

  • Copyright, credit and logo

    This Privacy Policy is based on a General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) compliant template provided by GDPR Privacy Policy.

    The copyright in this Privacy Policy is either owned by us or licensed to us and is protected by copyright laws and protection technologies worldwide. All intellectual property rights in this document are reserved.

    Where we display the GDPR Privacy Policy logo on our website, it indicates that we have adopted a privacy policy template provided by GDPR Privacy Policy as the basis for this Privacy Policy.