Notice

Introduction

The Open Society Foundations (“Open Society”, “we”, “us”, “our”) is committed to upholding data protection laws and providing you with transparent information about how we deal with your data.  

This data use notice (“Notice”) provides information about the data we collect when you make a grant application, what we do with it, the legal basis for this and the rights that maybe available to you under relevant data protection laws. 

If further personal data processing is required in connection with a grant application, further notice will be provided to you at the time of that processing.

More information about our data protection, privacy and security practices is available in our general Privacy Policy accessible here. 

Data Controller

The Open Society Foundations have offices located throughout the world. You can learn more about where we are located on our Offices and Foundations page.

In general, the Open Society program managing the grant you are applying for, along with our management and operations functions act as joint controllers for your application, together determining its outcome. The program managing the grant fields and reviews applications and the management and operations functions undertake administration, due diligence and compliance work.

Where your data is shared between Open Society offices, this is on the basis of our legitimate interests and supported by agreements that ensure data is kept secure and confidential, including protections for international transfers of data in compliance with applicable data protection laws.

For further information about the offices involved in processing your application or if you have any questions or concerns about data processing, you can contact [email protected].

Data we process and the purpose and legal basis for this

When making a grant application with us, we ask you to provide information about:

  • your work, project or idea
  • the social, political and other context of it
  • your background and experience and/or the background and experience of your organisation and/or its other members
  • the impact you hope to create through receiving a grant
  • you and/or your organisation’s contact and location details
  • any other information relevant to the application

We process this data in order to assess your application and to manage our grant making and programmatic work, on the basis of our legitimate interests and/or in preparation for entry into a grant contract with you.

Management and operations functions of OSF may also process your application to monitor and evaluate grant making generally and for research and archiving purposes so that we can identify key trends in connection to our programs and projects.

Special category data

As part of your application, you may choose to provide information of a more sensitive nature, for example the race, ethnicity, sexual orientation, political or philosophical beliefs or health status of you or members of your organisation. Because of its potentially sensitive nature, under data protection laws this information is classed as “special category data” and requires particular treatment.

We process this data in order to reach a decision on awarding the grant that is informed by diversity considerations, to monitor and promote diversity in our grant making generally and in certain cases, where this data relates to grant criteria, to decide whether the application meets that criteria.

As an individual making a grant application, we process this data on the basis of your consent. When making an application on behalf of an organisation, we process this data in the course of our legitimate activities as a non-profit organisation with a political and/or philosophical aim. Alternatively, where this information has manifestly been made public by the data subject, we process the data on this basis.  More information about this is provided in the consent section below.

Data Sharing and Subprocessors

Sharing within the Open Society Foundations Network

Your application is shared with the program managing the grant you apply for and with management and operations functions for the purposes set out above, on the basis of our legitimate interests.

External reviewers

We may engage a panel of external reviewers, made up of individuals with specialized knowledge or experience relevant to the particular grant, in order to help us review and assess grant applications. Where external reviewers are engaged, we may share a copy of your grant application with them for this purpose. We engage external reviewers on the basis of contracts that ensure the protection and confidentiality of your data. We share data in this way on the basis of our legitimate interests in assessing your application.

Processors

We work with certain carefully selected third party service providers who perform data processing tasks on the basis of our legitimate interests in administrating grant applications. These include service providers who assist with equivalency determinations. These third parties are engaged by us on terms which ensure confidentiality and compliance with data protection laws. A list of the subprocessors we engage is available upon request.  

International transfers of data

Where it is necessary to transfer your data to a recipient outside of the European Union (EU)or European Economic Area (EEA) where local laws may provide a lower standard of protection for personal data, we ensure personal data is adequately protected by using international transfer safeguards, for example the Standard Contractual Clauses issued by the European Commission.  

Retention

We are in the process of reviewing our retention periods and will publish those, once available, on our website. In general, we retain personal data only for as long as required to carry out the purpose it was collected for - in this case managing your grant application. We may also retain some personal data for archiving and research purposes.  

Your rights

In some circumstances you may have certain rights in relation to your personal data under UK and EU data protection laws,including the right to request access to, rectification or erasure of your data, the right to object to processing, withdraw your consent,and to limit processing of your data.  

Generally, these rights are only available if you are based in the UK or EU and/or when our office(s)dealing with your personal data are in the UK or EU.

If you would like to enquire about this Notice, how these rights may apply to you or to exercise these rights, contact us by email to [email protected].

If you feel that your personal data has been unlawfully processed you may have the right to notify the relevant UK or EU data protection supervisory authorities.