Data Protection and Privacy Statement

This is the web site of Newby Trust Limited.

The Trust’s postal address is
PO Box 87, Petworth GU28 8BH

The Trust can be reached via email at

For each visitor to the Trust’s website, the server automatically recognises only the visitor’s domain name, but not the email address.  The Trust collects only the domain name, but not the email address of visitors to the website. The Trust collects the email addresses of those who communicate with the Trust via email and information volunteered by users filling in the website Contact Us form and the Individual  Application Forms. The Trust does not partner with or have special relationships with any ad server companies.

Data Protection

Applications for grants to individuals, whether made using the online application form or by post, require the submission of personal information about the applicant support worker and personal and sensitive information about the individual on whose behalf the application is made. The Newby Trust (“the Trust”) needs this information in order to enable the Trust to make a decision on whether to award a grant.   The Trust also holds personal details about beneficiaries of the Trust’s grants to other charities, such as bursary holders funded by the Trust.

Much of this information is ‘personal data’ as defined by the Data Protection Act 1998 (“the DPA”).  This means that the Trust holds the applicant’s name, employer, address, telephone numbers and email address. The Trust may also hold the name, contact details, personal and financial details of the individual on whose behalf the application is made or the bursary holder and the Trust may also hold sensitive personal data about that person. This may include information about the individual’s racial or ethnic origin, religious beliefs, physical or mental health or criminal record.

When the Trust receives personal information from an organisation on behalf of an individual the Trust needs to ensure that any personal data and sensitive personal data is disclosed to the Trust with the full knowledge and express consent of the individual.

The DPA requires the Trust to protect personal data and to use it only for specified purposes.  The Trust is registered as a data controller for the purposes of the DPA.

The Trust makes every effort to keep personal data and sensitive personal data secure and to comply with the legal rules about how the Trust processes or uses this information. The Trust has assessed the risk of unauthorised disclosure of personal data and sensitive personal data and believes that it has established appropriate physical and electronic procedures to ensure the security of the personal data and sensitive personal data that the Trust holds.

The Trust processes or uses the personal data and sensitive personal data it holds for the following purposes:

  • assessing the application for a grant;
  • awarding or declining a grant;
  • maintaining records of the application and any awarded or declined grant;
  • confirming that the information supplied is accurate;
  • in some cases, transferring details to a third party which will be providing services to the individual, for example, delivering goods purchased with money granted by the Trust;
  • as a case study or example on the Trust’s website or in its newsletter for Trust members. The Trust will only use an individual’s name and photograph with the express consent of the individual, otherwise names will be changed.

The Trust will not disclose sensitive personal data to anyone else without the individual’s express consent.

Personal data and sensitive personal data may be retained by the Trust whether or not a grant is made. The Trust intends to hold such data for a limited period, usually up to six years, although some applications may be retained for a longer period for the purposes of archive records.

Individuals are entitled to access personal information held about them. If an individual requires information about the Trust’s data processing activities s/he should email or write to the registered office.


In the DPA :

processing means obtaining, recording, or holding the information or data or carrying out any operation or set of operations on the information or data, including:

  • organisation, adaptation or alteration of the information or data,
  • retrieval, consultation or use of the information or data, disclosure of the information or data by transmission, dissemination or otherwise making available, or
  • alignment, combination, blocking, erasure or destruction of the information or data.

personal data means

  • any data from which the identity of a living individual can be determined, either by itself or with other data processed by data controller;
  • any information such as name and address, email address, telephone number and general contact details.

sensitive personal data means personal data consisting of information as to:

  • the racial or ethnic origin of the data subject;
  • the data subject’s political opinion;
  • the data subject’s religious beliefs or other beliefs of a similar nature;
  • whether the data subject is a member of a trade union;
  • the data subject’s physical or mental health or condition;
  • the data subject’s sexual life;
  • the commission or alleged commission by the data subject of any offence;
  • any proceedings for any offence committed or alleged to have been committed by the data subject.