Data Privacy Notice - Grants


This data privacy notice explains what personal data is collected by Bank of Scotland Foundation through our grant making activities and how/why we use your data.


Bank of Scotland Foundation is a grant making charity, whose income is derived from Lloyds Banking Group.  The Foundation supports charities, who improve the lives of disadvantaged or disabled people throughout Scotland.


Personal data is any information that relates to an individual who can be identified from that data. For example, Main Contact/Senior Contact name, job title, email, telephone, address or photographs.


Purpose and Lawful Basis for Processing your Data

Any personal details of charity representatives will be used to support the grant assessment process, to notify your organisation of the outcome of your grant application, to monitor your grant and to fulfil the evaluation requirements of your grant, should your application be successful.  Your data will be used only for the purposes specified.


We will keep your personal data up to date and store it securely. We will put technical measures in place to protect it from loss, misuse, unauthorized access and disclosure and not collect or retain excessive amounts of personal data.


How long do we keep your data

Your data will be held on our database and will be kept for a period of 10 years. Any additional information provided in support of your application/evaluation, will be attached to the grant management system and retained for the same period.


This period is in line with Lloyds Banking Group’s retention policy. Lloyds Banking Group are the sole donor of Bank of Scotland Foundation.


After a period of 10 years, your personal data will be removed from the grant management system. Details of the grant will be maintained, to highlight the grant relationship with your charity.


The information provided to us is being collected by Bank of Scotland Foundation. We are responsible for the safe storage and use of your data. Our IT grant system software provider will have access to your data. Safety measures are in place to ensure your personal data remains secure and is only used for the purpose intended.


Fraud Prevention

If you apply for a grant or receive a grant from us, we may undertake checks for the purposes of preventing fraud. These checks require us to process personal data you have provided about you and your charity office bearers and data we have received from third parties.


We and fraud prevention agencies may also enable law enforcement agencies, regulators, Government, and other funders to access and use your personal data to prevent crime.




GDPR (General Data Protection Regulations)

Under GDPR, you have the right:


  • to access your personal data (if anything is inaccurate or incorrect, please let us know and we will correct it);
  • to have your personal data expunged from our database if we no longer need it for the purpose we collected it. For example, if during the assessment process, we would require an alternative main contact/senior contact in order to process the application for funding;
  • to withdraw consent at any time (see below)


Data Controller

To exercise your personal data rights, to make a complaint about our use of your data or for any further information, please contact: Jillian Baillie (Chief Executive) at


Alternatively by writing to

Jillian Baillie, Chief Executive,

Bank of Scotland Foundation

The Mound




Such requests will be dealt with within one calendar month.


We value your privacy. We’ll never share your data with others without your permission and we’ll only use it for the purposes we’ve outlined and you’ve agreed to. By submitting this form, you agree that we may process your information in accordance with these terms.


Sign In