Last updated: 23 February 2024
This is the eaga Trust privacy and cookie notice. The eaga Trust consists of Eaga Partnership Trustee Limited and Eaga Partnership Trustee Two Limited. The notice also covers processing by the eaga Trust’s group company, eT Business Funding Limited.
1. Introduction and summary
1.1. Introduction
Thanks for reading our privacy notice. It tells you how we collect, use and share your personal information and what your rights are – and how to exercise them.
This notice applies to you if you are:
This notice doesn’t apply to the eaga Trust staff.
There are a couple of technical definitions to get out of the way first. Here they are.
By “personal information” we mean personal data as defined in UK data protection law. In general, it means any information relating to you, which identifies you or allows you to be identified. That may be your name, an ID number, location, an online identifier or factors specific to you (e.g. physical, physiology (thoughts, feelings), genetic, mental, economic, cultural or social factors).
By “sensitive” personal information we mean two things: 1. what’s technically known as “special categories” of personal data (personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health or data concerning an individual’s sex life or sexual orientation) and 2. criminal data (criminal offences or related security measures, including the alleged commission of offences, proceedings for an offence committed or alleged to have been committed or the disposal of those proceedings, including sentencing).
For ease, we’ve split this privacy notice up into parts:
Part 1: Introduction and summary
Part 3: Key information required by the GDPR
Part 4: Our website and email newsletters
Part 6: Cookies and similar technologies
If you have any queries about this privacy notice, please contact us. Please see “Our identity and contact details” in section a of “Key information required by the GDPR” below for our contact details.
1.2. Effects of Brexit on this privacy notice
On and after 1 January 2021, references to the “GDPR” in this privacy notice will mean the “UK GDPR”
1.3. Summary
Type of individual | Our main uses of your personal information | Where to find out more |
A member: that is a registered beneficiary of the eaga employee benefit trust and prospective members (who are beneficiaries) |
| How to withdraw your consent or object to our use (where applicable) Look in Part 2. It tells you how to withdraw any consent you’ve given and how to object to both direct marketing and to our use where it’s based on a balancing test (called “legitimate interests”) which involves weighing our interests or a third party’s interests against your rights. Other information Look in Part 3 for GDPR-required information; here’s what’s in the different sections.
Look in Part 4 for further information about our website and emails. Look in Part 5 for further an overview of sharing with providers/those who support member benefits. Look in Part 6 for information about cookies and similar technologies . Members can find further member-specific information on application forms and in benefit-specific documentation and terms and conditions. |
A supplier: a sole trader or partnership or a contact for us at a corporate supplier who provides services to us as a business |
| |
A consultant: an adviser, consultant or other professional expert who provides services to us as a business |
| |
A job applicant: someone who is interested in working for us |
| |
An interested person: an individual who is not a member or beneficiary but who makes an enquiry or a complaint |
| |
A relative of a member of our staff: a close family member or next of kin of a member of our staff |
| |
A website visitor: a visitor to our website who isn’t in any of the categories above. |
| Look in Part 3:
Look in Part 4 for further information about our website. Look in Part 6 for information about cookies and similar technologies. |
2. Important information about your rights in relation to consent and to object to our use of your personal information
Your rights in relation to consent: You may, at any time, withdraw your consent or explicit consent to us using your personal information or sensitive personal information as summarised below.
Please see:
Your right to object to our use of the “legitimate interests” basis for processing: You may, at any time, object to our use of your personal information which is based on our own or others’ legitimate interests, as summarised below.
We consider that our use of your personal information for:
is in our legitimate interests and in the legitimate interests of members.
You may object to our use on that basis.
Members can object to news or updates by updating their profile in the members’ area of the website . For email news/updates, members can also object by using the opt-out in the email.
To exercise your right to object for other uses, please contact us.
Please see:
3. Key information required by the GDPR
Here are important details about us and our use of your personal information.
Requirement | Our details | |||||||||||||||||||||
a. Our identity and contact details Identity and contact details and, where applicable, of the representative | Eaga Partnership Trustee Limited, company number 03724739, ICO Z303366X Eaga Partnership Trustee Two Limited, company number 03729659, ICO Z3033869
eT Business Funding Limited (Company No. 08026173) (eTBF), ICO ZA024813
address (operating): 25 Main Street, Ponteland, Northumberland, NE20 9NH address (registered): 3rd Floor, Citygate, St. James Boulevard, Newcastle upon Tyne NE1 4JE email: contact@eagatrust.com It would be very helpful if you would tell us exactly why you are contacting us. For example to exercise a right, please put the name of the right in the subject line of the email. Thank you. | |||||||||||||||||||||
b. Data protection officer and queries Contact details of the data protection officer, where applicable | We do not have a data protection officer. For queries, comments or complaints please use our contact details in the “Identity and contact details” section a above. | |||||||||||||||||||||
c. Purposes and legal basis The purposes of the use for which the personal information is intended as well as the legal basis for the use Here’s a key to the second column: Consent: your consent to one or more specific purposes Contract: entering into a contract with you or performing a contract with you Legal obligation: we’re required by law to do this Legitimate interests: we’ve identified this as a legitimate interest of ours or a third party; we consider that use of your personal information is necessary to achieve that legitimate interest; and we’ve balanced all that against your interests, rights and freedoms The third column gets a bit more technical. Where we’re dealing with sensitive personal information we need not one legal basis but two, from a different list (and the list is a lot longer). The main ones are: Explicit consent: your explicit consent to one or more specific purposes Legal claims: to establish, exercise or defend a legal claim Prevention/detection of unlawful acts: this is where we must use personal information without consent so as not to prejudice preventing or detecting unlawful acts Regulatory requirements relating to unlawful acts and dishonesty etc.: this is where we must use personal information without consent to comply with (or help someone else comply with) a regulatory requirement that involves establishing if someone has committed an unlawful act or is dishonest etc. Public domain: you’ve deliberately put your sensitive personal information into the public domain You can find more details on the ICO website at https://ico.org.uk | Here is a summary of the purposes for which we use personal information and the legal bases for our use.
| |||||||||||||||||||||
d. Legitimate interests Where the use of information is based on the legitimate interests condition, the legitimate interests pursued | Our legitimate interests Our legitimate interests are:
Others’ legitimate interests We may also use your personal information because it is in our members’ legitimate interests as well as or instead of our own. For example, our research and planning will look at individual members’ details to create benefits for all members and improve the administration of the employee benefit trust. | |||||||||||||||||||||
e. Personal information collected indirectly – categories The categories of personal information collected indirectly | We collect the following categories of personal information indirectly (e.g. from third parties):
Members can find out more in part 5, Overview for members. | |||||||||||||||||||||
f. Recipients The recipients or categories of recipients of the personal information, if any | We may share your personal information with the following. Members:
Job applicants:
All types of individuals:
We will not otherwise disclose your personal information to any third party unless required or permitted to do so by law. | |||||||||||||||||||||
g. Transfers to third countries or international organisations Where applicable, the fact that personal information is to be transferred to a third country or international organisation and the existence or absence of an adequacy decision by the European Commission, or in the case of transfers subject to appropriate safeguards or non-repetitive, limited transfers based on compelling legitimate interests, reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available. | Our transfers
Transfers 2 and 3 are (or may be) based on exceptions (for contracts) rather than on safeguards like standard clauses or an adequacy decision, which aren’t available to us in those situations . This creates possible risks for individuals. In the EEA and the UK individuals have certain rights and remedies if the use of their personal information is unlawful. Individuals may not have the same rights and remedies if their personal information is used in a third country or by an international organisation. For example, the third country might not have a supervisory authority (a data protection authority like the UK ICO) and may not provide for data protection principles or individual data protection rights. | |||||||||||||||||||||
h. Storage period The period for which the personal information will be stored, or if that is not possible, the criteria used to determine that period | The period for which we will store personal information is based on our need to fulfil our legitimate needs as an employee benefit trust, comply with applicable law, resolve disputes, and enforce our agreements namely:
Storage periods may be extended for the purpose of any legal claim. | |||||||||||||||||||||
i. Individual rights The existence of the right to request access to and rectification or erasure of personal information or restriction of use concerning the individual or to object to use as well as the right to data portability | You have rights to make a request to us:
These rights are more complicated than the simple summary above. To find out more about them, please visit the Information Commissioner’s website. To exercise your rights, please contact us or ask us for a form. Our contact details are in the “Identity and contact details” section a above. Please make it clear which right(s) you want to exercise, for example by putting “right to object” in the subject line of the email if you wish to exercise the right to object. Thank you. | |||||||||||||||||||||
j. Withdrawal of consent Where the use is based on consent (for ordinary or sensitive personal information), the existence of the right to withdraw consent at any time, without affecting the lawfulness of use based on consent before its withdrawal | You have a right to withdraw any consent you give us at any time. This will not affect the legality of our consent-based use before you withdrew consent. To withdraw consent to cookies, please adjust your browser settings (please see our cookie policy for further details). To exercise your right to withdraw in any other case, please contact us. Our contact details are in the “Identity and contact details” section a above. Please make it clear you want to exercise this right, for example by putting “Withdrawal of consent” in the subject line of the email, and if it applies to a particular benefit, provide the name of the benefit. Thank you. | |||||||||||||||||||||
k. Complaints The right to lodge a complaint with a supervisory authority | You have a right to complain to the Information Commissioner, whose contact details are: Information Commissioner’s Office Telephone: 0303 123 1113 (local rate) or +44 1625 545 700 (from outside the UK). Website: https://ico.org.uk which includes a live chat on the ‘contact us’ page. | |||||||||||||||||||||
l. Information collected directly – legal or contract requirement Whether the provision of personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the individual is obliged to provide the personal information and of the possible consequences of failure to provide that information | Legal requirement There is no legal obligation to provide information. Contract requirement If you are a member, supplier, job applicant or interested person, we’ll normally need your personal details (name and contact details) to provide benefits, receive goods and services, process your application or answer your query or complaint. For members, suppliers and prospective employees, we may also need your financial details (e.g. bank details and, for suppliers, VAT number where applicable) so we can pay you. Our external accounting supplier looks after the financial details and tax/payment side for us. If any personal information is required for member registration or for members to receive a benefit, that will be clear on the application form or in the accompanying documentation. | |||||||||||||||||||||
m. Sources of personal information collected indirectly The source of the personal information and if applicable, whether it came from publicly accessible sources | The sources of the personal information we collect indirectly are listed in the indirect categories section e above. Members can find out more in part 5, Overview for members. | |||||||||||||||||||||
n. Automated decision-making The existence of automated decision-making, including profiling . This means a decision based solely on automated profiling which produces legal effects concerning the individual, and which must not be based on special categories of (i.e. sensitive) personal information without explicit consent or substantial public interest, with safeguards. Meaningful information about the logic involved, as well as the significance and the envisaged consequences of the processing for the individual must also be provided. | We do not conduct automated decision-making. All decisions about you will be made by humans. |
4. Our website and email newsletters
4.1. Information about your visit to our site
This includes your IP address, operating system, browser type and version, location, length of your visit, the pages you have visited, weblogs and other communication data. This information is held on our server logs and is used for system administration and for generating statistical information to help improve our service. We may use this information to investigate and take action against any misuse of the site.
4.2. MailChimp
We use MailChimp to send out “Trust matters” emails to members. “MailChimp” is the trading name of The Rocket Science Group LLC, an email services provider based in the US. MailChimp will store your name and email address in the US.
MailChimp’s data processing addendum incorporates standard contractual clauses, recognised in Europe as providing broadly equivalent protection for personal information to the protection provided under European law.
We have switched on tracking in emails (on opens and click throughs). This helps us monitor the effectiveness of our email newsletters and understand better which benefits are of most interest and use to members. We ensure only anonymised statistics are disseminated within the eaga Trust, and that the raw data of opens and click-throughs is available only to those people tasked with producing the statistics. Please see section 6.3.5 for instructions on how to give or withdraw consent to the tracking.
MailChimp will also track those emails. MailChimp uses cookies, unique identifiers, pixels and similar tracking technologies for tracking. For further details please see MailChimp’s cookie statement under the section “Cookies served through the Services” and privacy policy. MailChimp’s terms of use say at section 16: ‘We may view, copy, and internally distribute content from your Emails and account to create algorithms and programs (“Tools”) that help us spot problem accounts. We use these Tools to find Members who violate these Terms or laws and to study data internally to make the Service smarter and create better experiences for Members and their contacts.’
We have excluded members’ data from inclusion in MailChimp’s data science projects. We do not use any additional add-ons or features provided by MailChimp (which create further tracking).
We do not send Trust matters emails to members who are under the age of 16 years.
5. Overview for members
5.1. Benefits
All benefits are paid for by the eaga Trust apart from Business Funding of under £10,000 which is provided by eTBF.
Please see the enquiry form and any online or offline application form for details of the personal information we collect directly from you (if any) for specific benefits.
Please also see section 5.2 for other personal information we will collect directly from you if you correspond with us, which may include sensitive personal information.
The “third parties” in the table below are third party benefit-specific providers or enablers.
The recipients listed in section f of “Key information required by the GDPR” above may also receive your personal information; in particular our external accounting supplier receives personal information (including your bank details where necessary) for arranging payment of taxes, to administer benefits and make payments to you or to a benefit provider/enabler.
Description | Personal information collected from you, shared with a benefit provider/enabler or provided to us by a benefit provider/enabler | Provider/enabler |
Discounts | ||
Affinity Deals | Collected
Shared
Provided
| Fiat |
The Benefits Website | Collected
Shared
Provided
| https://www.thebenefitswebsite.co.uk (please see their terms and conditions and cookie policy) |
Tickets at Work (USA) | Collected
Shared
Provided
| (note this is a US site – please see their terms and conditions of use and sale and their privacy policy) |
Employment and business | ||
Business Funding of over £10,000 | Collected
Shared
Provided | The eaga Trust |
Business Funding of under £10,000 | Collected
Shared
Provided
| eTBF |
Further Education Bursary | Collected
Shared
Provided
| The eaga Trust |
HE Bursary (also open to second generation members) | Collected
Shared
Provided
| The eaga Trust |
CEPI | Collected
Shared
Provided
| The eaga Trust |
Childcare Support | Collected
Shared
Provided
| The eaga Trust (paid by the eaga Trust) |
Skill-Builder Plus (also open to second generation members) | Collected
Shared
Provided
| Various course providers (paid by the eaga Trust) |
Tutoring Support | Collected
Shared
Provided
| Kip McGrath (paid by the eaga Trust) |
Health and Wellbeing | ||
Serious Injury Insurance benefit | Collected
Provided
Shared
| Chubb European Group Ltd (paid by the eaga Trust) |
Wills and LPA | Collected
Shared
Provided
| Co-Op Legal Services |
BUPA Healthy Minds | Collected
Shared
Provided
| BUPA (paid by the eaga Trust) |
Holiday Homes | ||
Holiday Homes | Collected
If you are staying at the Hyning Estate, CCTV is in operation. These are for the purposes of public and staff safety and crime detection and prevention. In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information about the scheme. We will only disclose CCTV images to others, where required by law or to help prevent crime etc. Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated. You have the right to see CCTV images of yourself and be provided with a copy of the images. However, the images may be withheld if the images also identify a third party. Shared
Please note that you will also be required to share personal information with the management agent(s) for the holiday home. Please see the holiday home terms and conditions. | The eaga Trust |
5.2. Other personal information collected directly from you
Description | Personal information that may be collected from you |
Correspondence and surveys |
|
6. Cookies and similar technologies
6.1. Introduction
A cookie is a file containing a small amount of information that a website places on your device. Similar technologies include:
We use cookies and similar technologies to help us understand how people interact with our website. That means we can make improvements and develop the website in an informed way for our website visitors and members. It helps us improve your overall experience.
As at Sep 2023, and depending on your browser and device settings, we use around 23[BD1] cookies on our site at https://www.eagatrust.com/.
6.2. What cookies do we use?
Here is a summary of the cookies we use. This does not include cookies that may be used on other sites, including benefit providers’ sites. Please check the privacy/cookies notices on those sites for details of their use of cookies. We are not responsible for the privacy practices of other site owners or operators or the cookies and other tracking technologies used on other sites, including on benefit providers’ sites.
We use these types of cookie … | … for these purposes |
Strictly necessary cookies. These cookies are generally used to store a unique identifier to manage and identify you as unique to other users currently viewing the website, in order to provide you with a consistent and accurate service. | We use cookies for site security to allow members to log in. |
Performance cookies . These cookies are used for performance and to improve the website. | For web analytics. We use Google Analytics – see how Google uses your data here: www.google.com/policies/privacy/partners. |
Functionality cookies. These cookies will typically be the result of something you do, but might also be implemented in the delivery of a service not explicitly requested but offered to you. They can also be used to prevent you being offered a service again that had previously been offered to you and rejected. | For sharing videos on our site. We use Vimeo, the video-sharing website, to provide videos to you on our site. Vimeo will set third party cookies if you watch one of those videos. Please see https://vimeo.com/ for further details. |
Targeting or advertising cookies. These cookies contain a unique key that is able to distinguish individual users’ browsing habits or store a code that can be translated into a set of browsing habits or preferences using information stored elsewhere. Cookies may also be used to limit the number times a user sees a particular ad on a website and to measure the effectiveness of a particular campaign. | None. |
6.3. How to see individual cookies and withdraw consent to cookies and similar technologies
6.3.1. Cookies
Cookies change and their names and descriptions are not very user-friendly for most people but here’s a list we created in May 2018 which you may find helpful. If you want to see the cookies currently used on our website, they should be visible through your browser. (Please see below for instructions.)
To give or withdraw consent to cookies, please use the technical settings provided.
There are different browsers and manufacturers upgrade them frequently. The best way to get the right instructions is to go to the manufacturer’s support page. The following support/privacy pages (for some of the more common browsers) are correct as at May 2018.
If you have problems with these pages, can’t see individual cookies or want find out more about how cookies are handled within your browser, please go to the manufacturer’s site and search for the browser name and your cookie query.
6.3.2. Flash cookies
To disable flash cookies (local shared objects) go to the Global Storage Settings panel of the online Settings Manager at Adobe’s website at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html. This places a permanent flash cookie on the device, informing all other websites that you do not want flash cookies stored on your device.
6.3.3. Analytic cookies
You can prevent Google’s collection of data generated by your use of the sites (including your IP address) by downloading and installing a browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
6.3.4. Local and session storage
You can delete local storage, session storage and database storage in the same way that you delete cookies.
6.3.5. Pixels
We have switched on tracking on emails in MailChimp. The tracking is enabled by pixels in conjunction with cookies, unique identifiers and similar tracking technologies. You cannot delete pixels but you may be able to disable them by disabling cookies or on a web page by using browser add-ons or extensions. Some pixels in emails can be disabled by selecting an option in your email application not to download images. To avoid triggering pixels in links in emails, don’t click on the link but navigate to the site manually and look for the information. Or you can request that we send you emails in plain text .
Please be aware that restricting cookies and similar technologies may impact on the functionality of our website.
6.4. Further information
To find out more about cookies, including how to see what cookies and other technologies have been set and how to manage and delete them, please visit http://www.allaboutcookies.org/.