Skip to main content

{{ root_page.title }}

Privacy notice for Richmond Parish Lands Charity grant applications


Achieving for Children (AfC) receives money from Richmond Parish Lands Charity (RPLC) to provide grants (crisis, educational and academic awards) to service users in postcodes TW9, TW10, SW13, SW14 and to Richmond care leavers living in any postcode. AfC manages the grant applications process and this privacy notice explains what types of personal data AfC collects and how it is used when you submit an application. We are required to give you this information under data protection law.

AfC and RPLC are joint controllers for the purposes of the grant applications. Both organisations are registered with the Information Commissioner’s Office (ICO) and are committed to being transparent about how they collect and use the personal data.  

The data we collect from you

We collect the personal data below when you submit an application for a grant from RPLC:

  • Name 
  • Date of birth
  • Home address, email address, telephone number
  • Bank account details
  • Your profession and current employer
  • Your annual household income, benefits, living expenses, savings and debts
  • Details of your dependents including their ages and schools attended
  • Reasons for the grant application

If you are a referrer, submitting an application on behalf of someone else, we collect your name and contact details only. 

How we use your personal data

We use the personal data you provide for the following purposes: 

  • decide whether you are eligible to receive the grant
  • to process your grant payment and send you the money 
  • report back to RPLC on how their money has been used

Lawful basis for processing your personal data

Under the UK General Data Protection Regulation (GDPR) processing is necessary for the performance of a task in the public interest (article 6(1)(e)).

Who we share your personal information with

We will only share information where it is appropriate and legal to do so. Where this is necessary, we are required to comply with all aspects of the Data Protection Act 2018. 

Depending on the individual circumstances of each situation, we may have to share this information with other teams within Achieving for Children to fulfil other duties and powers to support our work. 

We may at times share information with our Commissioning Councils. 

We share anonymised data with RPLC to evidence how their money has been used. 

How long will we keep your information

We only keep your personal data for as long as is required by law and in accordance with our retention schedule.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Achieving for Children’s email service has been configured to Government Digital Service and we encrypt and authenticate email in transit using Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC). We will ensure that when we send emails containing your personal information they are sent using appropriate security measures to encrypt the data in transit. This may involve the use of a third party encryption tool where appropriate.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Your rights and access to information 

Under data protection legislation you have the right to request access to the information that we hold about you. To request a copy of your data, please read the Individual Rights Requests page and then submit your request using your preferred method of contact. 

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • have inaccurate personal data rectified, blocked, erased or destroyed
  • prevent processing for the purpose of direct marketing object to decisions being taken by automated means
  • In certain circumstances have inaccurate personal data rectified, blocked, erased or destroyed; and 
  • A right to seek redress, either through the ICO, or through the courts

If you have any questions or concerns about the way we process personal data, or would like to discuss anything in this privacy notice, please contact our Data Protection Officer: [email protected]

If you want to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance but you are not obliged to do this. You can make a complaint directly to the Information Commissioner’s Office at