Privacy Policy

Privacy Policy

This project is led by Friends Provident Foundation and supported by other funders. 

This privacy policy sets out how the Foundation Practice Rating (FPR) uses and protects any information that you give the FPR via this website, by email, by phone, post or in person.

FPR is a project led by Friends Provident Foundation and 9 other charitable foundations. For the purpose of data collection, Friends Provident Foundation is the controller.

To fulfill its work in support of its mission and aims, the FPR may collect, store and process personal data about individuals who contact us, interact with the content on the website, and sign up to our events. We are committed to handling personal data in accordance with data protection law. You can be assured that we will only request and retain personal information if we have a lawful basis to do so, as outlined by the General Data Protection Regulation (GDPR) (EU 2016/679) 2018, and by the Data Protection Act 2018.

Friends Provident Foundation is the ‘data controller’ of the personal data provided to and stored and processed by the Foundation.

The Foundation may change this policy occasionally by updating this page. You should check this periodically to ensure that you are up to date with our latest version. You are also welcome to request copy of the policy at any time. This policy is effective from March 2022.

What do we collect?

Personal information is any information that can be used to identify you.

During the course of our activities we collect, store and process personal data about people who contact us, interact with our website content and people who attend our events.

We may collect the following information


Contact information including email address, postal address and phone number

Job title (where relevant – e.g. for contractors, grant holders, applicants and other business-to-business and third-party contacts)

Records of events you’ve attended

Any other information that you choose to send us, or that we request, providing there is lawful basis to do so.

Information about your computer (such as IP address, which may also include location) and visits to and use of the FPR website).

Cookies when you visit our website (please see our Cookie notice for more information).

If you are a member of staff, or working, volunteering, for the FPR, we may also need to collect the following information from you:

Emergency contact details

Other information to support our relationship with you, such as health details.

Identification documents

We do not collect sensitive personal data in the process of our operations. 

Why do we collect personal data?

We require this information to enable us to deliver the FPR. In particular we will use this information to:

  • Communicate with those who attended our events
  • Communicate with those who interact with the website content
  • Analyse and improve the FPR via website consultation
  • Keep you updated on our work

How do we process your data?

We will process your data in accordance with the principles of the GDPR (2018) and Data Protection Act (2018). Our legal basis for holding your information is normally legitimate interest.  We do not categorise according to personal data at any time.


We are committed to ensuring that your information is secure.

Information is stored on our password-protected cloud-based electronic systems, including on our cloud-based database (Microsoft 365);  newsletter mailing host (MailChimp); event-bookings site (Eventbrite).

The cloud-based server for our internal cloud-based electronic systems is based within the United Kingdom.

We also take appropriate steps to protect files containing personal information in line with our IT Security Policy, including taking due care when working within and out of the Foundation’s office.

How long do we keep your data?

We only hold your data as long as is necessary for the purpose for which it was given to us and for delivering an efficient and effective service. For specific categories and retention periods please see our specific Privacy Notices; or more details can be provided on request.

Your rights

You can contact us at any time about your data.

Please contact Data Protection Lead: or on 01904 629675.

You have the right to withdraw consent to processing at any time, in instances where the lawful basis of processing is consent (for example for our e-newsletter, or other instances where we have requested specific consent).

You have the right to request access to the personal data we hold on you.

You have the right to request that we delete your personal data from the Foundation’s records (“the right to be forgotten”) and we will honour any such request providing there we are not under any legal requirement to retain it. If this is the case, we may be required to retain your data until we are not legally bound to do so. At the end of this required period, we will delete your data.

We will notify you if there is ever a breach of confidentiality on your personal data which is likely to result in high risk to your rights and freedoms.

For any concerns you have about our use of data, please contact: Data Protection Lead: or on 01904 629675.

You can also contact the Data Protection Regulator, the Information Commissioner’s Office (ICO):

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.