Privacy Policy

Barnwood Trust (“the Trust”) is committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting this website, you are accepting and consenting to the practices described in this policy.

For the General Data Protection Regulation (GDPR), the Trust is the data controller of personal data it holds about you. Its registered address is Overton House, Cheltenham GL50 3BN

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.

The Trust has assigned a Data Protection Lead.

Where the Trust stores your personal data

The data that the Trust controls may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. By consenting to the Trust using your personal data, you agree to this transfer, storing and/or processing. The Trust will take reasonable, necessary steps to ensure that your data is treated securely and in accordance with this privacy policy.

Once the Trust has received your information, it will use strict procedures and security features to try to prevent unauthorised access.

How long the Trust keeps your personal data

We retain personal data only for as long as necessary and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:

  • mandated by law, contract or similar obligations applicable to our business operations;
  • for preserving, resolving, defending or enforcing our legal/contractual rights; or
  • needed to maintain adequate and accurate business and financial records.

Uses made of the Personal Information

The Trust uses a variety of technologies to process the personal data we collect about you for various reasons. We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data used for these purposes:

Business Function


Purpose of Processing


Categories of individuals


Categories of Personal Data


Lawful basis for processing


Finance Payroll Employees Contact details, Bank details, Pension details, Tax details Article 6(1)(c) – legal obligation
Human Resources Personnel Employees Contact details, Pay details, Annual Leave details, Sick Leave details, Performance details Article 6(1)(b) – contract
Human Resources Recruitment Successful candidates Contact details, qualifications, Article 6(1)(b) – contract
Human Resources Recruitment Unsuccessful candidates Article 6(1)(b) – contract
Learning Workshops… Contacts Contact details Article 6(1)(a) – consent
Comms Events Contacts Contact details Article 6(1)(a) – consent
Comms Meeting Minutes Governors and Trustees Contact details Article 6(1)(a) – consent
Grants Grant Application Processing Grant applicants Contact details, Bank details, Medical and Disability details, Article 6(1)(b) – contract
Welcomers Grant Application Verification Grants applicants Contact details Article 6(1)(b) – contract
Community Builders Community building Residents Contact details, Interests and Skills Article 6(1)(f) – legitimate interest
Community Builders Community building Community Leaders Contact details Article 6(1)(f) – legitimate interest
Community Builders Community building Professionals Contact details Article 6(1)(f) – legitimate interest
Research Research Community members Contact details (anonymised) Article 6(1)(f) – legitimate interest
Research Storyboarding Community members Contact details (incl. audio and video files) Article 6(1)(a) – consent

Controlling your Personal Information

If you would like access to or a copy of the personal information we hold about you, to request a correction, or have any questions about how we may use it or to make a complaint, please contact the Data Protection Lead at the address shown above. Or, email

You have the right to ask the Trust not to process your personal data for marketing purposes. The Trust will usually inform you (before collecting your data) if it intends to use your data for such purposes or if it intends to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by  contacting the Trust.

The Trust’s website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that the Trust does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Complaints will be dealt with by the Data Protection Lead and will be responded to within 30 days at the latest.


Questions, comments and requests regarding this privacy statement are welcomed and should be directed to the Data Protection Lead.