Skip to main content


Last updated 28 February 2024

The Joseph Rowntree Foundation (JRF) is committed to protecting your privacy and being transparent about how we collect, use and safeguard your personal information.

JRF collects different information about people depending on the services or relationship we have with them.

JRF general privacy notice

Who are we?

The Joseph Rowntree Foundation (JRF) is an independent social change organisation working to support and speed up the transition to a more equitable and just future, free from poverty where people and planet can flourish.  We are a company limited by guarantee (12132713) and a registered charity (Scotland: SC049712; England and Wales: 1184957). The address of our head office is: The Homestead, 40 Water End, York YO30 6WP.

How we use your information 

We use your information to help us achieve our cause through our policy work, research, and campaigns.

We use your information to communicate with you if you apply for funding.

We use your information to perform a contract with you as one of our employees or suppliers.

We will only use your personal information for the purposes for which we collect it. In limited circumstances we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it.

We may use your personal information for a new purpose if either this is compatible with the original purpose, we get your consent, or we have a clear obligation or function set out in law.

If you do not provide your personal information

If you do not provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as making payments without your bank information).

Legal framework and your rights

We use your information in line with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We refer to these as “the Data Protection Laws”.

The Data Protection Laws require us to have a lawful basis for using your information.

The Data Protection Laws give you rights which you can use to manage your information to:

  • request access (commonly known as a “data subject access request”) to the personal information we hold about you
  • request correction of your information if you believe it is incomplete or inaccurate
  • request erasure of your information where there is no good reason for us continuing to process it
  • object to processing your information where we are relying on a legitimate interest (or those of a third-party) and you want to object to processing on this ground
  • request the restriction of your information if you want us to check its accuracy
  • request the transfer of your personal information to another party in a useful format
  • withdraw consent if we are processing your personal data based on your consent at any time.

Some of these rights only apply in specific circumstances or to a limited extent. If you would like to exercise any of your rights or talk to us about how your data is processed, please contact our Data Protection Officer.

If you are not happy with the way we have handled your information you can complain to the Information Commissioner’s Office (ICO).

Do we use automated decision making?

We do not currently and do not anticipate using any automated decision making (computer only decisions with no human interaction) on your personal information. We will update this notice if this changes.

Security of your information

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, altered, disclosed, used or accessed in an unauthorised way. We limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know.

Third-party processors will only process your personal information on our instructions and where they have agreed to treat the information securely and confidentially.

How long we keep your information

We retain your personal information for the duration of your relationship with us and then for a period defined by legal, accounting, or reporting requirements. Copies of our retention scheme are available on request.

In some circumstances, we anonymise your personal information so that it can no longer be associated with you. In such cases, we may use anonymised information without further notice to you.

The person responsible for how we look after your personal data is the Data Protection Officer.

You can contact them on:
01904 629 241

You can also contact the Data Protection Officer to request this privacy notice in another format, for example, large print.

You can read the privacy notices that relate to each specific area of JRF below:

Individual privacy notices

Updates and changes to your information

We update our privacy statements from time to time and these will be reflected on the website.

Please contact us to update us with any changes to your information and preferences.