ELECTRICAL INDUSTRIES CHARITY 

WEBSITE TERMS AND CONDITIONS 

PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THIS SITE 

1 WHAT’S IN THESE TERMS?
These terms tell you the rules for using our website https://www.electricalcharity.org (our “site”).

2 WHO WE ARE AND HOW TO CONTACT US
https://www.electricalcharity.org is a site that is operated by The Electrical Industries Charity Limited, a company registered in England and Wales under company number 02726030, whose registered office is at Rotherwick House, 3 Thomas More Street, London, England, E1W 1YZ (“we”, “our”, “us” or “the Company”).
To contact us, please email support@electricalcharity.org or telephone us on 0800 652 1618.

3 BY USING OUR SITE, YOU ACCEPT THESE TERMS
By using our site, you confirm that you accept these terms of use and that you agree to comply with them. If you do not agree to these terms, you must not use our site. You may want to print a copy of these terms for future reference.
There are other terms that may apply to you. These terms of use refer to the following additional terms, which also apply to your use of our site:
• Our Privacy Policy https://electricalcharity.org/policy/ See further under “How we may use your personal information” at paragraph 16 below.
• Our Cookie Policy https://electricalcharity.org/policy/ which sets out information about the cookies on our site.
• Our Safeguarding Policy https://electricalcharity.org/policy/ which sets out our safeguarding roles and responsibilities.

4 WE MAY MAKE CHANGES TO THESE TERMS
We amend these terms from time to time. Every time you wish to use our site, please check these terms to ensure you understand the terms that apply at that time. These terms were most recently updated on 11 March 2026.

5 WE MAY MAKE CHANGES TO OUR SITE
We may update and change our site from time to time to reflect changes to our services, our users’ needs and our business priorities.

6 WE MAY SUSPEND OR WITHDRAW OUR SITE
Our site is made available free of charge.
We do not guarantee that our site, or any content on it, will always be available or be uninterrupted. We may suspend or withdraw or restrict the availability of all or any part of our site for business and operational reasons. We will try to give you reasonable notice of any suspension or withdrawal.
You are also responsible for ensuring that all persons who access our site through your internet connection are aware of these terms of use and other applicable terms and conditions, and that they comply with them.

7 WE MAY TRANSFER THESE TERMS TO SOMEONE ELSE
We may transfer our rights and obligations under these terms to another organisation. We will add a notification banner to the site to inform users of a recent change in the operator of the site, which will appear on the site for a period of thirty (30) days. We recommend that you regularly visit our site and review these terms to check for any change in operator. We will ensure that the transfer will not affect your rights under the contract.

8 OUR SITE IS INTENDED FOR USE IN THE UK
Our site, its content and any services provided in relation to the same are intended for use by individuals located in the United Kingdom. We do not represent that content available on or through our site is appropriate for use or available in other locations.
By continuing to access, view or make use of this site and any related content and services, you hereby warrant and represent to us that you are located in the United Kingdom. If you are not located in the United Kingdom, you must immediately discontinue use of this site and any related content and services.

9 HOW YOU MAY USE MATERIAL ON OUR SITE
We are the owner or the licensee of all intellectual property rights in our site, and in the material published on it. Those works are protected by copyright laws and treaties around the world. All such rights are reserved.
You may print off one copy, and may download extracts, of any page(s) from our site for your personal use and you may draw the attention of others within your organisation to content posted on our site.
You must not modify the paper or digital copies of any materials you have printed off or downloaded in any way, and you must not use any illustrations, photographs, video or audio sequences or any graphics separately from any accompanying text.
Our status (and that of any identified contributors) as the authors of content on our site must always be acknowledged (except where the content is user-generated).
You must not use any part of the content on our site for commercial purposes without obtaining a licence to do so from us or our licensors.
If you print off, copy, download, share or repost any part of our site in breach of these terms of use, your right to use our site will cease immediately and you must, at our option, return or destroy any copies of the materials you have made (except that you are permitted to print off a single copy of these terms of use).

10 NO TEXT OR DATA MINING, OR WEB SCRAPING
You shall not conduct, facilitate, authorise or permit any text or data mining or web scraping in relation to our site or any services provided via, or in relation to, our site for any purpose, including the development, training, fine-tuning or validation of AI systems or models. This includes using (or permitting, authorising, or attempting the use of):
• any ‘robot’, ‘bot’, ‘spider’, ‘scraper’ or other automated device, program, tool, algorithm, code, process or methodology to access, obtain, copy, monitor or republish any portion of the site or any data, content, information or services accessed via the same; or
• any automated analytical technique aimed at analysing text and data in digital form to generate information or develop, train, fine-tune or validate AI systems or models which includes but is not limited to patterns, trends and correlations.
The provisions in this clause should be treated as an express reservation of our rights in this regard.
This clause shall not apply insofar as (but only to the extent that) we are unable to exclude or limit text or data mining or web scraping activity by contract under the laws which are applicable to us.

11 DO NOT RELY ON INFORMATION ON THIS SITE
The content on our site is provided for general information only. It is not intended to amount to advice on which you should rely. You must obtain professional or specialist advice before taking, or refraining from, any action based on the content on our site.
Although we make reasonable efforts to update the information on our site, we make no representations, warranties or guarantees, whether express or implied, that the content on our site is accurate, complete, or up to date.

12 WE ARE NOT RESPONSIBLE FOR WEBSITES WE LINK TO
Where our site contains links to other sites and resources provided by third parties, these links are provided for your information only. Such links should not be interpreted as approval by us of those linked websites or information you may obtain from them.
We have no control over the contents of those sites or resources.

13 HOW TO COMPLAIN ABOUT OR REPORT CONTENT
If you come across any material on our site that is illegal or could comprise or be connected to child sexual abuse or exploitation or could comprise terrorist content or be connected to terrorism, please contact us immediately on complaints@electricalcharity.org
If you wish to complain about any other content, please contact us on complaints@electricalcharity.org

14 SOCIAL MEDIA USER-GENERATED CONTENT IS NOT APPROVED BY US
Our site does not incorporate any user-generated content, nor is there any availability for users to upload information or materials directly to our site.
Our site includes links to our social media pages and video-sharing sites, which may include information and materials uploaded by other users of the applicable social media or video-sharing platform. This information and these materials have not been verified or approved by us. The views expressed by other users on our site do not represent our views or values.

15 OUR RESPONSIBILITY FOR LOSS OR DAMAGE SUFFERED BY YOU
We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents, or subcontractors and for fraud or fraudulent misrepresentation.
Different limitations and exclusions of liability will apply to liability arising as a result of various interactions and services we may have with you; these will be specified in the relevant terms and conditions as applicable.

15.1 If you are a business user

We exclude all implied conditions, warranties, representations, or other terms that may apply to our site or any content on it.
We will not be liable to you for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with:
• use of, or inability to use, our site; or
• use of or reliance on any content displayed on our site.
In particular, we will not be liable for:
• loss of profits, sales, business, or revenue;
• business interruption;
• loss of anticipated savings;
• loss of business opportunity, goodwill, or reputation; or
• any indirect or consequential loss or damage.

15.2 If you are a consumer user

Please note that we only provide our site for domestic and private use. You agree not to use our site for any commercial or business purposes, and we have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity.

16 HOW WE MAY USE YOUR PERSONAL INFORMATION
We will only use your personal information as set out in our Privacy Notice, available at https://electricalcharity.org/policy/

17 WE ARE NOT RESPONSIBLE FOR VIRUSES AND YOU MUST NOT INTRODUCE THEM
We do not guarantee that our site will be secure or free from bugs or viruses.
You are responsible for configuring your information technology, computer programmes and platform to access our site. You should use your own virus protection software.
You must not misuse our site by knowingly introducing viruses, trojans, worms, logic bombs or other material that is malicious or technologically harmful or otherwise harmfully interacts with our site or any part of it. You must not attempt to gain unauthorised access to our site, the server on which our site is stored, or any server, computer or database connected to our site. You must not attack our site via a denial-of-service attack or a distributed denial-of-service attack. By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities, and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our site will cease immediately.

18 RULES ABOUT LINKING TO OUR SITE
You may link to our home page, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it. You must not establish a link in such a way as to suggest any form of association, approval, or endorsement on our part where none exists. You must not establish a link to our site in any website that is not owned by you. Our site must not be framed on any other site, nor may you create a link to any part of our site other than the home page. We reserve the right to withdraw linking permission without notice.

19 WHICH COUNTRY’S LAWS APPLY TO ANY DISPUTES?
If you are a consumer, please note that these terms of use, their subject matter, and their formation, are governed by English law. You and we both agree that the courts of England and Wales will have exclusive jurisdiction except that if you are a resident of Northern Ireland, you may also bring proceedings in Northern Ireland, and if you are a resident of Scotland, you may also bring proceedings in Scotland.
If you are a business, these terms of use, their subject matter, and their formation (and any non-contractual disputes or claims) are governed by English law. We both agree to the exclusive jurisdiction of the courts of England and Wales.

Date of last review: March 2026

ELECTRICAL INDUSTRIES CHARITY 

 

TREATMENT POLICY 

The EIC may offer to cover the cost of up to 6 therapy sessions facilitated by a third-party provider. Personal data will be shared with the nominated providers, in accordance with our privacy notice https://electricalcharity.org/policy/ Please note that your failure to attend or late cancellation (i.e., cancelling within 24 hours of your appointment) may result in EIC having to pay for the session.  If you fail to attend your appointment without a valid reason, we may suspend any further support to you. We reserve the right to withdraw our services at any time.  

ELECTRICAL INDUSTRIES CHARITY 

DATA PROTECTION POLICY 

1. INTRODUCTION 

1. This Data Protection Policy sets out how The Electrical Industries Charity Limited, a company registered in England and Wales under number 02726030, whose registered office is at Rotherwick House, 3 Thomas More Street, London, England, E1W 1YZ (“we”, “our”, “us” or “the Company”) handle the Personal Data of our service users, applicants, suppliers, employees, volunteers, fundraisers, donors, business contacts and other third parties. 

1. This Data Protection Policy applies to all Personal Data we Process regardless of the media on which that data is stored or whether it relates to any Data Subject we have supported, worked with, or employed in the past or present. 

1. This Data Protection Policy applies to all Company Personnel (“you”, “your”). You must read, understand, and comply with this Data Protection Policy when Processing Personal Data on our behalf and attend training on its requirements. Data protection is the responsibility of everyone within the Company and this Data Protection Policy sets out what we expect from you when handling Personal Data to enable the Company to comply with applicable law. Your compliance with this Data Protection Policy is mandatory. Any breach of this Data Protection Policy may result in disciplinary action. 

1. This Data Protection Policy is an internal document and cannot be shared with third parties (including regulators) without prior authorisation from the Data Protection Champion. 

1. SCOPE OF POLICY AND WHEN TO SEEK ADVICE ON DATA PROTECTION COMPLIANCE 

1. We recognise that the correct and lawful treatment of Personal Data will maintain trust and confidence in the organisation and will provide for successful business operations. Protecting the confidentiality and integrity of Personal Data is a critical responsibility that we take seriously at all times. The Company is exposed to potential fines of up to £17.5 million or 4% of total worldwide annual turnover, whichever is higher and depending on the breach, for failure to comply with the UK GDPR. 

1. All line managers are responsible for ensuring all Company Personnel comply with this Data Protection Policy and need to implement appropriate practices, processes, controls, and training to ensure that compliance. 

1. The Data Protection Champion is responsible for overseeing this Data Protection Policy. That post is held by Desiree Edwards and Liva Ivanova, and they can be reached at 020 3696 1710 and dataprotection@electricalcharity.org  

1. Please contact the Data Protection Champion with any questions about the operation of this Data Protection Policy or the UK GDPR or if you have any concerns that this Data Protection Policy is not being or has not been followed. In particular, you must always contact the Data Protection Champion in the following circumstances: 

1. if you are unsure of the lawful basis on which you are relying to process Personal Data (including the legitimate interests used by the Company) (see paragraph 4.1); 

1. if you need to rely on Consent or need to capture Explicit Consent (see paragraph 5); 

1. if you need to draft a Privacy Notice (see paragraph 6); 

1. if you are unsure about the retention period for the Personal Data being Processed (see paragraph 10); 

1. if you are unsure what security or other measures you need to implement to protect Personal Data (see paragraph 11.1); 

1. if there has been a Personal Data Breach (paragraph 12); 

1. if you are unsure on what basis to transfer Personal Data outside the UK (see paragraph 13); 

1. if you need any assistance dealing with any rights invoked by a Data Subject (see paragraph 14); 

1. whenever you are engaging in a significant new, or change in, Processing activity which is likely to require a DPIA (see paragraph 18) or plan to use Personal Data for purposes other than for which it was collected (see paragraph 7); 

1. if you plan to undertake any activities involving Automated Processing including profiling or Automated Decision-Making.  

1. if you need help complying with applicable law when carrying out direct marketing activities (see paragraph 19); or 

1. if you need help with any contracts or other areas in relation to sharing Personal Data with third parties (including our vendors) (see paragraph 20). 

1. PERSONAL DATA PROTECTION PRINCIPLES 

1. We adhere to the principles relating to Processing of Personal Data set out in the UK GDPR which require Personal Data to be: 

1. Processed lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency); 

1. collected only for specified, explicit and legitimate purposes (purpose limitation); 

1. adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (data minimisation); 

1. accurate and where necessary kept up to date (accuracy); 

1. not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (storage limitation); 

1. Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (security, integrity and confidentiality); 

1. not transferred to another country without appropriate safeguards in place (transfer limitation); and 

1. made available to Data Subjects and allow Data Subjects to exercise certain rights in relation to their Personal Data (data subject’s rights and requests). 

1. We are responsible for and must be able to demonstrate compliance with the data protection principles listed above (accountability). 

1. LAWFULNESS, FAIRNESS AND TRANSPARENCY 

1. Personal data must be Processed lawfully, fairly and in a transparent manner in relation to the Data Subject. 

1. You may only collect, Process, and share Personal Data fairly and lawfully and for specified purposes. The UK GDPR restricts our actions regarding Personal Data to specified lawful purposes. These restrictions are not intended to prevent Processing but ensure that we Process Personal Data fairly and without adversely affecting the Data Subject. 

1. The UK GDPR allows Processing for specific purposes, some of which are set out below: 

1. the Data Subject has given their Consent; 

1. the Processing is necessary for the performance of a contract with the Data Subject; 

1. to meet our legal compliance obligations; 

1. to protect the Data Subject’s vital interests; 

1. where it is in the public interest or in the performance of a public task; or  

1. to pursue our legitimate interests (or those of a third party) for purposes where they are not overridden because the Processing prejudices the interests or fundamental rights and freedoms of Data Subjects. The purposes for which we process Personal Data for legitimate interests need to be set out in applicable Privacy Notices. 

1. You must identify and document the legal ground being relied on for each Processing activity.  Please contact the Data Protection Champion for support with this. 

1. CONSENT 

1. We must only process Personal Data on one or more of the lawful bases set out in the UK GDPR, which include Consent. 

1. A Data Subject consents to Processing of their Personal Data if they clearly indicate agreement to the Processing. Consent requires affirmative action, so silence, pre-ticked boxes or inactivity will not be sufficient to indicate consent. If Consent is given in a document which deals with other matters, then the Consent must be kept separate from those other matters. 

1. A Data Subject must be easily able to withdraw Consent to Processing at any time and withdrawal must be promptly honoured. Consent may need to be refreshed if you intend to Process Personal Data for a different and incompatible purpose which was not disclosed when the Data Subject first consented. 

1. When processing Special Category Data or Criminal Convictions Data, we will usually rely on a legal basis for processing other than Explicit Consent or Consent if possible. Where Explicit Consent is relied on, you must issue a Privacy Notice to the Data Subject to capture Explicit Consent. 

1. You will need to evidence Consent captured and keep records of all Consents, so that the Company can demonstrate compliance with Consent requirements.  Please contact the Data Protection Champion for support with this. 

1. TRANSPARENCY (NOTIFYING DATA SUBJECTS) 

1. The UK GDPR requires us to provide detailed, specific information to a Data Subject depending on whether the information was collected directly from the Data Subject or from elsewhere. The information must be provided through an appropriate Privacy Notice which must be concise, transparent, intelligible, easily accessible, and in clear and plain language so that a Data Subject can easily understand them. 

1. Whenever we collect Personal Data directly from a Data Subject, including for HR or employment purposes, we must provide the Data Subject with all the information required by the UK GDPR including the identity of our charity and how and why we will use, Process, disclose, protect and retain that Personal Data through a Privacy Notice which must be presented when the Data Subject first provides the Personal Data. 

1. When Personal Data is collected indirectly (for example, from a third party or publicly available source), we must provide the Data Subject with all the information required by the UK GDPR as soon as possible after collecting or receiving the data. We must also check that the Personal Data was collected by the third party in accordance with the UK GDPR and on a basis which contemplates our proposed Processing of that Personal Data. 

1. If you are collecting Personal Data from a Data Subject, directly or indirectly, then you must provide the Data Subject with a Privacy Notice. Details relating to our Privacy Notice can be found https://electricalcharity.org/policy/ .  

1. PURPOSE LIMITATION 

1. Personal Data must be collected only for specified, explicit and legitimate purposes. It must not be further Processed in any manner incompatible with those purposes. 

1. You cannot use Personal Data for new, different, or incompatible purposes from that disclosed when it was first obtained unless you have informed the Data Subject of the new purposes and they have Consented where necessary. 

1. If you want to use Personal Data for a new or different purpose from that for which it was obtained, you must first contact the Data Protection Champion for advice on how to do this in compliance with both the law and this Data Protection Policy. 

1. DATA MINIMISATION 

1. Personal Data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is Processed. 

1. You may only Process Personal Data when performing your job duties requires it. You cannot Process Personal Data for any reason unrelated to your job duties. 

1. You may only collect Personal Data that you require for your job duties: do not collect excessive data. Ensure any Personal Data collected is adequate and relevant for the intended purposes. 

1. You must ensure that when Personal Data is no longer needed for specified purposes, it is deleted or anonymised in accordance with the Company’s data retention policy. 

1. ACCURACY 

1. Personal Data must be accurate and, where necessary, kept up to date. It must be corrected or deleted without delay when inaccurate. 

1. You must ensure that the Personal Data we use and hold is accurate, complete, kept up to date and relevant to the purpose for which we collected it. You must check the accuracy of any Personal Data at the point of collection and at regular intervals afterwards. You must take all reasonable steps to destroy or amend inaccurate or out-of-date Personal Data. 

1. STORAGE LIMITATION 

1. Personal Data must not be kept in an identifiable form for longer than is necessary for the purposes for which the data is processed. 

1. The Company will maintain a retention policy to ensure Personal Data is deleted after an appropriate time, unless a law requires that data to be kept for a minimum time. You must comply with the Company’s Data Retention Policy. 

1. You must not keep Personal Data in a form which permits the identification of the Data Subject for longer than needed for the legitimate business purpose or purposes for which we originally collected it including for the purpose of satisfying any legal, accounting or reporting requirements. 

1. You will take all reasonable steps to destroy or erase from our systems all Personal Data that we no longer require in accordance with all the Company’s Data Retention Policy. This includes requiring third parties to delete that data where applicable. 

1. You will ensure Data Subjects are provided with information about the period for which data is stored and how that period is determined in any applicable Privacy Notice. 

1. SECURITY INTEGRITY AND CONFIDENTIALITY 

1. Personal Data must be secured by appropriate technical and organisational measures against unauthorised or unlawful Processing, and against accidental loss, destruction, or damage. 

1. We will develop, implement, and maintain safeguards appropriate to our size, scope and business, our available resources, the amount of Personal Data that we own or maintain on behalf of others, and identified risks (including use of encryption and Pseudonymisation where applicable). We will regularly evaluate and test the effectiveness of those safeguards to ensure security of our Processing of Personal Data. You are responsible for protecting the Personal Data we hold. You must implement reasonable and appropriate security measures against unlawful or unauthorised Processing of Personal Data and against the accidental loss of, or damage to, Personal Data. You must exercise particular care in protecting Special Categories of Personal Data and Criminal Convictions Data from loss and unauthorised access, use or disclosure. 

1. You must follow all procedures and technologies we put in place to maintain the security of all Personal Data from the point of collection to the point of destruction. You may only transfer Personal Data to third-party service providers who agree to comply with the required policies and procedures and who agree to put adequate measures in place, as requested. 

1. You must maintain data security by protecting the confidentiality, integrity, and availability of the Personal Data, defined as follows: 

1. Confidentiality: only people who have a need to know and are authorised to use the Personal Data can access it; 

1. Integrity: Personal Data is accurate and suitable for the purpose for which it is processed; and 

1. Availability: authorised users are able to access the Personal Data when they need it for authorised purposes. 

1. You must comply with and not attempt to circumvent the administrative, physical, and technical safeguards we implement and maintain in accordance with the UK GDPR and relevant standards to protect Personal Data. 

1. REPORTING A PERSONAL DATA BREACH 

1. The UK GDPR requires us to notify any Personal Data Breach to the Information Commissioner and, in certain instances, the Data Subject.  We will notify the Data Subject or any applicable regulator where we are legally required to do so. 

1. If you know or suspect that a Personal Data Breach has occurred, do not attempt to investigate the matter yourself. Immediately contact the Data Protection Champion.  You should preserve all evidence relating to the potential Personal Data Breach. 

1. TRANSFER LIMITATION 

1. The UK GDPR restricts data transfers to countries outside the UK to ensure that the level of data protection afforded to individuals by the UK GDPR is not undermined. In this context, “transfer” means to transmit, send, view or access that data originating in the UK in or to a different country. 

1. You may only transfer Personal Data outside the UK if one of the following conditions applies: 

1. the UK has issued regulations confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for the Data Subject’s rights and freedoms; 

1. appropriate safeguards are in place such as binding corporate rules, standard contractual clauses approved for use in the UK, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the Data Protection Champion; 

1. the Data Subject has provided Explicit Consent to the proposed transfer after being informed of any potential risks; or 

1. the transfer is necessary for one of the other reasons set out in the UK GDPR including: 

1. the performance of a contract between us and the Data Subject; 

1. reasons of public interest; 

1. to establish, exercise or defend legal claims; 

1. to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving Consent; and 

1. in some limited cases, for our legitimate interest. 

1. Please contact the Data Protection Champion for support with this. 

1. DATA SUBJECT’S RIGHTS AND REQUESTS 

1. A Data Subject has rights when it comes to how we handle their Personal Data. These include rights to: 

1. withdraw Consent to Processing at any time; 

1. receive certain information about our Processing activities; 

1. request access to their Personal Data that we hold (including receiving a copy of their Personal Data); 

1. prevent our use of their Personal Data for direct marketing purposes; 

1. ask us to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or Processed or to rectify inaccurate data or to complete incomplete data; 

1. restrict Processing in specific circumstances; 

1. object to Processing which has been justified on the basis of our legitimate interests or in the public interest; 

1. request a copy of an agreement under which Personal Data is transferred outside of the UK; 

1. object to decisions based solely on Automated Processing, including profiling (ADM); 

1. prevent Processing that is likely to cause damage or distress to the Data Subject or anyone else; 

1. be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms; 

1. make a complaint to the supervisory authority; 

1. in limited circumstances, receive or ask for their Personal Data to be transferred to a third party in a structured, commonly used and machine-readable format; and 

1. You must verify the identity of an individual requesting data under any of the rights listed above (do not allow third parties to persuade you into disclosing Personal Data without proper authorisation). 

1. You must immediately forward any Data Subject request you receive to the Data Protection Champion.  

1. ACCOUNTABILITY 

1. We must implement appropriate technical and organisational measures in an effective manner to ensure compliance with data protection principles. We are responsible for, and must be able to demonstrate, compliance with the data protection principles. 

1. The Company must have adequate resources and controls in place to ensure and to document UK GDPR compliance including: 

1. appointing a suitably qualified Data Protection Champion accountable for data privacy; 

1. implementing Privacy by Design when Processing Personal Data and completing DPIAs where Processing presents a high risk to rights and freedoms of Data Subjects; 

1. integrating data protection into internal documents including this Data Protection Policy or Privacy Notices; 

1. regularly training Company Personnel on the UK GDPR, this Data Protection Policy, and data protection matters including, for example, a Data Subject’s rights, Consent, legal basis, DPIA and Personal Data Breaches. The Company must maintain a record of training attendance by Company Personnel; and 

1. regularly testing the privacy measures implemented and conducting periodic reviews and audits to assess compliance, including using results of testing to demonstrate compliance improvement effort. 

1. RECORD KEEPING 

1. The UK GDPR requires us to keep full and accurate records of all our data Processing activities. 

1. You must keep and maintain accurate corporate records reflecting our Processing including records of Data Subjects’ Consents and procedures for obtaining Consents in accordance with the Company’s Retention Policy. 

1. These records should include, at a minimum: 

1. the name and contact details of the charity and the Data Protection Champion; and 

1. clear descriptions of: 

1. the Personal Data types; 

1. the Data Subject types; 

1. the Processing activities; 

1. the Processing purposes; 

1. the third-party recipients of the Personal Data; 

1. the Personal Data storage locations; 

1. the Personal Data transfers; 

1. the Personal Data’s retention period; and 

1. the security measures in place. 

1. To create the records, data maps should be created which should include the detail set out above together with appropriate data flows. 

1. TRAINING AND AUDIT 

1. We are required to ensure all Company Personnel have undergone adequate training to enable them to comply with data privacy laws. We must also regularly test our systems and processes to assess compliance. 

1. You must undergo all mandatory data privacy-related training and ensure your team undergoes similar mandatory training. 

1. You must regularly review all the systems and processes under your control to ensure they comply with this Data Protection Policy and check that adequate governance controls and resources are in place to ensure proper use and protection of Personal Data. 

1. PRIVACY BY DESIGN AND DATA PROTECTION IMPACT ASSESSMENT (DPIA) 

1. We are required to implement Privacy by Design measures when Processing Personal Data by implementing appropriate technical and organisational measures (like Pseudonymisation) in an effective manner, to ensure compliance with data privacy principles. 

1. You must assess what Privacy by Design measures can be implemented on all programmes, systems or processes that Process Personal Data by taking into account the following: 

1. The state of the art. 

1. The cost of implementation. 

1. The nature, scope, context and purposes of Processing. 

1. The risks of varying likelihood and severity for rights and freedoms of the Data Subject posed by the Processing. 

1. We must also conduct a DPIA in respect to high-risk Processing. 

1. You should conduct a DPIA (and discuss your findings with the Data Protection Champion) when implementing major system or business change programs involving the Processing of Personal Data including: 

1. Use of new technologies (programs, systems or processes, including the use of AI), or changing technologies (programs, systems or processes). 

1. Automated Processing including profiling and ADM. 

1. Large-scale Processing of Special Categories of Personal Data or Criminal Convictions Data. 

1. Large-scale, systematic monitoring of a publicly accessible area. 

1. A DPIA must include: 

1. A description of the Processing, its purposes and our legitimate interests if appropriate. 

1. An assessment of the necessity and proportionality of the Processing in relation to its purpose. 

1. An assessment of the risk to individuals. 

1. The risk mitigation measures in place and demonstration of compliance. 

1. DIRECT MARKETING 

1. We are subject to certain rules and privacy laws when engaging in direct marketing to our service users, donors and fundraisers (for example when sending marketing emails or making telephone sales calls). 

1. A Data Subject’s prior consent is generally required for electronic direct marketing (for example, by email, text or automated calls).  

1. The right to object to direct marketing must be explicitly offered to the Data Subject in an intelligible manner so that it is clearly distinguishable from other information. 

1. A Data Subject’s objection to direct marketing must always be promptly honoured. If a Data Subject opts out of marketing at any time, their details should be suppressed as soon as possible. Suppression involves retaining just enough information to ensure that marketing preferences are respected in the future. 

1. You should consult the Data Protection Champion if you are unsure regarding how to comply with this Data Protection Policy the law relating to direct marketing. 

1. SHARING PERSONAL DATA 

1. Generally, we are not allowed to share Personal Data with third parties unless certain safeguards and contractual arrangements have been put in place. 

1. You may only share the Personal Data we hold with another employee, agent, or representative of our group (which includes our subsidiaries and our ultimate holding company along with its subsidiaries) if the recipient has a job-related need to know the information and the transfer complies with any applicable cross-border transfer restrictions. 

1. You may only share the Personal Data we hold with third parties, such as our service providers, if: 

1. they have a need to know the information for the purposes of providing the contracted services; 

1. sharing the Personal Data complies with the Privacy Notice provided to the Data Subject and, if required, the Data Subject’s Consent has been obtained; 

1. the third party has agreed to comply with the required data security standards, policies and procedures, and put adequate security measures in place; 

1. the transfer complies with any applicable cross-border transfer restrictions; and 

1. a fully executed written contract that contains UK GDPR-approved third party clauses has been obtained. 

1. CHANGES TO THIS DATA PROTECTION POLICY 

1. We keep this Data Protection Policy under regular review. This version was last updated on 20 August 2024.  

1. This Data Protection Policy does not override any applicable national data privacy laws and regulations in countries where the Company operates. Certain countries may have localised variances to this Data Protection Policy which are available on request to the Data Protection Champion.  

1. definitions 

1. “Automated Decision-Making (ADM)” means when a decision is made which is based solely on Automated Processing (including profiling) which produces legal effects or significantly affects an individual. The UK GDPR prohibits Automated Decision-Making (unless certain conditions are met) but not Automated Processing. 

1. “Automated Processing” means any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Profiling is an example of Automated Processing, as are many uses of artificial intelligence (AI) where they involve the processing of Personal Data. 

1. “Company” means The Electrical Industries Charity Limited, a company registered in England and Wales under number 02726030, whose registered office is at Rotherwick House, 3 Thomas More Street, London, England, E1W 1YZ 

1. “Company Personnel” means all employees, workers, contractors, agency workers, consultants, directors, members and others. 

1. “Consent” means agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear positive action, signify agreement to the Processing of Personal Data relating to them. 

“Controller” means the person or organisation that determines when, why and how to process Personal Data. It is responsible for establishing practices and policies in line with the UK GDPR. We are the Controller of all Personal Data relating to our Company Personnel and Personal Data used in our business for our own commercial purposes. 

1. “Criminal Convictions Data” means personal data relating to criminal convictions and offences, including personal data relating to criminal allegations and proceedings. 

1. “Data Subject” means a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data. 

1. “Data Privacy Impact Assessment (DPIA)” means tools and assessments used to identify and reduce risks of a data processing activity. A DPIA can be carried out as part of Privacy by Design and should be conducted for all major system or business change programmes involving the Processing of Personal Data. 

1. “Data Protection Champion” means the nominated person who has responsibility for the management and monitoring of data protection compliance. 

1. “Explicit Consent” means consent which requires a very clear and specific statement (that is, not just action). 

1. “UK GDPR” means the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) as defined in the Data Protection Act 2018. Personal Data is subject to the legal safeguards specified in the UK GDPR. 

1. “Personal Data” means any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Special Categories of Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.  

1. “Personal Data Breach” means any act or omission that compromises the security, confidentiality, integrity, or availability of Personal Data or the physical, technical, administrative, or organisational safeguards that we or our third-party service providers put in place to protect it. The loss, or unauthorised access, disclosure, or acquisition, of Personal Data is a Personal Data Breach. 

1. “Privacy by Design” means implementing appropriate technical and organisational measures in an effective manner to ensure compliance with the UK GDPR. 

1. “Privacy Notices (also referred to as Fair Processing Notices) or Privacy Policies” means separate notices setting out information that may be provided to Data Subjects when the Company collects information about them. These notices may take the form of: 

1. general privacy statements applicable to a specific group of individuals (for example, employee privacy notices or the website privacy policy); or 

1. stand-alone, one-time privacy statements covering Processing related to a specific purpose. 

1. “Processing or Process” means any activity that involves the use of Personal Data. It includes obtaining, recording, or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing, or destroying it. Processing also includes transmitting or transferring Personal Data to third parties. 

1. “Pseudonymisation or Pseudonymised” means replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person to whom the data relates cannot be identified without the use of additional information which is meant to be kept separately and secure. 

1. “Special Categories of Personal Data” means information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data. 

ELECTRICAL INDUSTRIES CHARITY
RETENTION POLICY

1 ABOUT THIS POLICY

1.1 The corporate information, records, and data of The Electrical Industries Charity Limited, a company registered in England and Wales under number 02726030, whose registered office is at Rotherwick House, 3 Thomas More Street, London, England, E1W 1YZ (“the Company”) is important to how we conduct ourselves and manage employees.

1.2 There are legal and regulatory requirements for us to retain certain data, usually for a specified amount of time. We also retain data to help our Company operate and to have information available when we need it. However, we do not need to retain all data indefinitely, and retaining data can expose us to risk as well as be a cost to our Company.

1.3 This Data Retention Policy explains our requirements to retain data and to dispose of data and provides guidance on appropriate data handling and disposal.

1.4 Failure to comply with this policy can expose us to fines and penalties, adverse publicity, difficulties in providing evidence when we need it and in running our business.

1.5 This policy does not form part of any employee’s contract of employment, and we may amend it at any time.

2 SCOPE OF POLICY

2.1 This policy covers all data that we hold or have control over. It applies to both personal data and non-personal data. In this policy we refer to this information and these records collectively as “data”.

2.2 This policy covers data that is held by third parties on our behalf, for example cloud storage providers or offsite records storage. It also covers data that belongs to us but is held by employees on personal devices.

2.3 This policy explains the differences between our formal or official records, disposable information, confidential information belonging to others, personal data and non-personal data. It also gives guidance on how we classify our data.

2.4 This policy applies to all units and functions of the Electrical Industry Charity.

3 GUIDING PRINCIPLES

Through this policy, and our data retention practices, we aim to meet the following commitments: We comply with legal and regulatory requirements to retain data.
-We comply with our data protection obligations, in particular to keep personal data no longer than is necessary for the purposes for which it is processed (storage limitation principle).
-We handle, store and dispose of data responsibly and securely.
-We create and retain data where we need this to operate our business effectively, but we do not create or retain data without good business reason.
-We allocate appropriate resources, roles and responsibilities to data retention.
-We regularly remind employees of their data retention responsibilities.
-We regularly monitor and audit compliance with this policy and update this policy when required.

4 ROLES AND RESPONSIBILITIES

4.1 Responsibility of all employees: We aim to comply with the laws, rules, and regulations that govern our organisation and with recognised compliance good practices. All employees must comply with this policy, Appendix B of this Policy, any communications suspending data disposal and any specific instructions from the Data Protection Champions. Failure to do so may subject us, our employees, and contractors to serious civil and/or criminal liability. An employee’s failure to comply with this policy may result in disciplinary sanctions, including suspension or termination. It is therefore the responsibility of everyone to understand and comply with this policy.

4.2 The Data Protection Champions: The Data Protection Champions are responsible for identifying the data that we must or should retain, and determining, in collaboration with the relevant teams, the proper period of retention. They also arrange for the proper storage and retrieval of data, co-ordinating with outside vendors where appropriate. They shall also be responsible for:
-Helping department heads implement the data management programme and related best practices;
-Planning, developing, and prescribing data disposal policies, systems, standards, and procedures; and
-Providing guidance, training, monitoring, and updating in relation to this policy.

5 TYPES OF DATA AND DATA CLASSIFICATIONS

5.1 Formal or official records: Certain data is more important to us and is therefore listed in the Record Retention Schedule. This may be because we have a legal requirement to retain it, or because we may need it as evidence of our transactions, or because it is important to the running of our business. Please see paragraph 6.1 below for more information on retention periods for this type of data.

5.2 Disposable information: Disposable information consists of data that may be discarded or deleted at the discretion of the user once it has served its temporary useful purpose and/or data that may be safely destroyed because it is not a formal or official record as defined by this policy and the Record Retention Schedule. Examples may include:
-Duplicates of originals that have not been annotated.
-Preliminary drafts of letters, memoranda, reports, worksheets, and informal notes that do not represent significant steps or decisions in the preparation of an official record.
-Books, periodicals, manuals, training binders, and other printed materials obtained from sources outside of the Company and retained primarily for reference purposes.
-Spam and junk mail.
Please see paragraph 6.2 below for more information on how to determine retention periods for this type of data.

5.3 Personal data: Both formal or official records and disposable information may contain personal data; that is, data that identifies living individuals. Data protection laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed (principle of storage limitation). See paragraph 6.3 below for more information on this.

5.4 Sensitive personal data: Some personal data will constitute “special category” personal data under applicable data protection laws, which means using and holding this type of personal data represents a greater risk to us and to the individual if it is misused. This type of personal data should be handled with care and deleted promptly on expiry of the applicable retention periods.

5.5 Confidential information belonging to others: Any confidential information that an employee may have obtained from a source outside of the Company, such as a previous employer, must not, so long as such information remains confidential, be disclosed to or used by us. Unsolicited confidential information submitted to us should be refused, returned to the sender where possible, and deleted, if received via the internet.

6 RETENTION PERIODS

6.1 Formal or official records: Any data that is part of any of the categories listed in the Record Retention Schedule contained in Appendix B this policy, must be retained for the amount of time indicated in the Record Retention Schedule. A record must not be retained beyond the period indicated in the Record Retention Schedule, unless a valid business reason (or notice to preserve documents for contemplated litigation or other special situation) calls for its continued retention. If you are unsure whether to retain a certain record, contact the Data Protection Champions.

6.2 Disposable information: The Record Retention Schedule will not set out retention periods for disposable information. This type of data should only be retained as long as it is needed for business purposes. Once it no longer has any business purpose or value it should be securely disposed of, should you require any guidance then please contact the Data Protection Champions.

6.3 Personal data: As explained above, data protection laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed (principle of storage limitation). Where data is listed in the Record Retention Schedule, we have taken into account the principle of storage limitation and balanced this against our requirements to retain the data. Where data is disposable information, you must take into account the principle of storage limitation when deciding whether to retain this data. Please refer to our Data Protection Policy for further details.

6.4 What to do if data is not listed in the Record Retention Schedule: If data is not listed in the Record Retention Schedule, it is likely that it should be classed as disposable information. However, if you consider that there is an omission in the Record Retention Schedule, or if you are unsure, please contact the Data Protection Champions.

7 STORAGE, BACK-UP AND DISPOSAL OF DATA

7.1 Receipt of paper records: We may still receive paper records from time to time which are received at our registered address. The Data Protection Champions will ensure these are scanned into the appropriate system and that the paper copy is destroyed appropriately after the process is complete.

7.2 Storage: Our data must be stored in a safe, secure, and accessible manner. Any documents and financial files that are essential to our business operations during an emergency must be duplicated and/or backed up at least once per week and maintained off site.

7.3 Destruction: Our Data Protection Champions are responsible for the continuing process of identifying the data that has met its required retention period and supervising its destruction. The destruction of confidential, financial, and employee-related hard copy data must be conducted by shredding if possible. Non-confidential data may be destroyed by recycling.

7.4 The destruction of data must stop immediately upon notification from the Data Protection Champions that preservation of documents for contemplated litigation is required (sometimes referred to as a litigation hold). This is because we may be involved in a legal claim or an official investigation (see next paragraph). Destruction may begin again once the Data Protection Champions lift the requirement for preservation.

8 SPECIAL CIRCUMSTANCES

8.1 Preservation of documents for contemplated litigation and other special situations: We require all employees to comply fully with our Record Retention Schedule and procedures as provided in this policy. All employees should note the following general exception to any stated destruction schedule: If you believe, or the Data Protection Champions inform you, that certain records are relevant to current litigation or contemplated litigation (that is, a dispute that could result in litigation), government investigation, audit, or other event, you must preserve and not delete, dispose, destroy, or change those records, including emails and other electronic documents, until the Data Protection Champions determine those records are no longer needed. Preserving documents includes suspending any requirements in the Record Retention Schedule and preserving the integrity of the electronic files or other format in which the records are kept.

8.2 If you believe this exception may apply, or have any questions regarding whether it may apply, please contact the Data Protection Champions.

8.3 In addition, you may be asked to suspend any routine data disposal procedures in connection with certain other types of events, such as our merger with another organisation or the replacement of our information technology systems.

9 WHERE TO GO FOR ADVICE AND QUESTIONS
Questions about the policy: Any questions about retention periods relevant to your function should be raised with your function lead or the Data Protection Champions.

10 BREACH REPORTING AND AUDIT

10.1 Reporting policy breaches: We are committed to enforcing this policy as it applies to all forms of data. The effectiveness of our efforts, however, depends largely on employees. If you feel that you or someone else may have breached this policy, you should report the incident immediately to your supervisor. If you are not comfortable bringing the matter up with your immediate supervisor, or do not believe the supervisor has dealt with the matter properly, you should raise the matter with the Data Protection Champions. If employees do not report inappropriate conduct, we may not become aware of a possible breach of this policy and may not be able to take appropriate corrective action.

10.2 No one will be subject to, and we do not allow, any form of discipline, reprisal, intimidation, or retaliation for reporting incidents of inappropriate conduct of any kind, pursuing any record destruction claim, or co-operating in related investigations.

10.3 Audits: Our Data Protection Champions will periodically review this policy and its procedures (including where appropriate by taking outside legal or auditor advice) to ensure we are in compliance with relevant new or amended laws, regulations or guidance. Additionally, we will regularly monitor compliance with this policy, including by carrying out audits.

11 OTHER RELEVANT POLICIES
This policy supplements and should be read in conjunction with our other policies and procedures in force from time to time, including without limitation our:
-Data Protection Policy
-Safeguarding Policy
-Cyber Security Policy

To view appendixes please click HERE

Date of last review: March 2026

Safeguarding Policy
The Electrical Industries Charity Limited

1 ABOUT THIS POLICY

1.1 The Electrical Industries Charity Limited (a charitable company registered in England and Wales having charity number 1012131 and registered in Scotland with Scottish charity number SC038811) (“EIC”) strives to deliver its services and activities with honesty and integrity and expects all staff and volunteers to maintain high standards throughout their work.

1.2 EIC is committed to ensuring that all services and activities are carried out in a way which is consistent with the principles of safeguarding and that promote the welfare of children and at risk adults.

2 POLICY STATEMENT

2.1 Safeguarding is the action that an organisation takes to promote the welfare of individuals (including children and at risk adults) and to protect them from harm. Harm may take a number of different forms including physical, emotional, sexual, financial, and neglect.

2.2 EIC is committed to maintaining appropriate policies, practices, and procedures to ensure harm is prevented, as well as reporting mechanisms to ensure appropriate action can be taken in the event that harm is identified.

2.3 We consider safeguarding to include:
2.3.1 protection from maltreatment and neglect;
2.3.2 prevention from impairment of health and development; and
2.3.3 ensuring care is provided safely and effectively.

3 SAFEGUARDING PRINCIPLES

3.1 EIC has embedded the six principles of safeguarding (as outlined in the Care Act 2014) within its practices:
3.1.1 Empowerment – through the provision of appropriate and tailored support;
3.1.2 Prevention – through appropriate vetting processes and the provision of training to staff members to allow them to understand warning signs and ensure appropriate behaviour;
3.1.3 Proportionality – through the provision of appropriate and tailored support;
3.1.4 Protection – through the implementation of reporting mechanisms and links with relevant third parties;
3.1.5 Partnership – all third parties who work with EIC are appropriately vetted and qualified to ensure delivery of high-quality services beyond the point of referral; and
3.1.6 Accountability – through ongoing monitoring and transparency throughout the safeguarding process.

4 SAFEGUARDING POLICY APPLICABILITY

4.1 EIC acknowledges the sensitive area in which it operates and therefore applies the principles identified at 3.1.1 to all of its activities and operations.

4.2 Where particular activities and operations involve children (being anyone under the age of 18) or adults at risk, additional safeguarding measures may be adopted, e.g. additional risk assessment, referral to third party specialist.

4.3 This policy is aimed at EIC’s work with individuals who are beneficiaries of EIC services and/or assistance.

4.4 This policy does not apply in relation to concerns about behaviour among employees or volunteers at EIC, should you have any concerns in this regard please refer to the Staff handbook and Volunteer Agreement policy.

5 ROLES AND RESPONSIBILITIES OF EIC IN RELATION TO SAFEGUARDING

5.1 EIC will ensure that:
5.1.1 all staff and volunteers have access to, are familiar with, and know their responsibilities outlined within policy;
5.1.2 EIC activities are undertaken in a way that protects people from risk of harm that may arise from their coming into contact with EIC;
5.1.3 when working with third party organisations for the provisions of certain services (including mental health therapies), those third party organisations also have in place suitable safeguarding policies and procedures;
5.1.4 EIC staff and volunteers receive appropriate safeguarding training in line with their role within EIC;
5.1.5 appropriate safeguarding procedures when recruiting and managing and staff and volunteers; and
5.1.6 appropriate processes are in place in relation to reporting of safeguarding concerns and that any such reports are addressed promptly.

6 ROLE AND RESPONSIBILITIES OF STAFF AND EMPLOYEES IN RELATION TO SAFEGUARDING
Code of Behaviour

6.1 When working with children and/or at risk adults all employees and volunteers should always:
6.1.1 treat all children and adults at risk with respect and understand the difference between friendliness and familiarity;
6.1.2 act as a role model of good and appropriate behaviour;
6.1.3 bear in mind that someone else might misinterpret your actions, no matter how well intentioned;
6.1.4 be aware that any physical contact with a child or adult at risk may be misinterpreted and so must be avoided whenever possible; and
6.1.5 challenge unacceptable behaviour and report all allegations and/or suspicions of abuse.
Requirement to report – internal

6.2 Report to safeguarding lead
6.2.1 If you consider that someone is at risk of harm or abuse, you should:
(a) take steps to gather as much information as you possible (consider what is reasonable and proportionate in the circumstances and relative to your role before commencing this process);
(b) make a report to the Managing Director; and
(c) consider what monitoring would be appropriate or whether a third-party referral requires to be made (for more information on referral organisations, see appendix 2.
Requirement to report – external

6.3 Emergency
6.3.1 If you consider that someone is experiencing harm or abuse or is at risk of harm or abuse and is in immediate danger, you should take steps to report this to the police as soon as possible.
6.3.2 If you have reported an incident to the police, report this to Managing Director as soon as possible.

6.4 Non-emergency
6.4.1 If you consider that someone is experiencing harm or abuse or is at risk of harm or abuse and based on the nature of the circumstances would benefit from specialist services, you should consider whether you are able to make a report to a third party or whether you should be suggesting such services to the individual concerned (see appendix 1 for additional detail on third party reporting).
Confidentiality and data protection
6.4.2 At all times confidentiality should be maintained, and due consideration should be given to any confidentiality requirements when sharing information with third parties.
6.4.3 EIC has a duty to protect personal data which has been shared when engaging with beneficiaries and due consideration should always be given when sharing personal data with third parties. Please refer to the Data Protection Policy and Privacy Notice if you are sharing personal data with any third parties.

7 REVIEW

7.1 This policy shall be reviewed annually.

APPENDIX 1 – THIRD PARTY REPORTING

In certain circumstances, it may be necessary to report behaviour and/or incident(s) to a third party organisation for example a local authority, or health care service provider. Often where a report is made, it may link also up with a different service for example a referral made in relation to a physical symptom may have a linked mental health service or vice versa. Particularly if a referral relates to a child there may be a number of linked services for example care, health, and education.

Appendix 2 – Safeguarding resources

Charity Commission guidance for charities and trustees – Safeguarding for charities and trustees – GOV.UK

Charity Commission blog – There’s no room for doubt around safeguarding: protecting people is too important – Charity Commission

OSCR Safeguarding guidance – OSCR | Safeguarding guidance

Date of last review: March 2026

Responsible Gambling Policy
The Electrical Industries Charity Limited

Section 3 of the Gambling Commission Licence Conditions and Codes of Practice (LCCP)s outlines the requirements of a licence holder in terms of Protection of Children and other Vulnerable Persons.

Licensees must have and put into effect policies and procedures intended to promote socially responsible gambling including the specific policies and procedures required by the provisions of section 3 of this code.

Licensees must make an annual financial contribution to one or more organisation(s) which are approved by the Gambling Commission, and which between them deliver or support research into the prevention and treatment of gambling-related harms, harm prevention approaches and treatment for those harmed by gambling.

Social responsibility code provision 3.4.2 states that Licensees who are non-commercial societies must:
a) set an upper limit on the value of lottery tickets which may be sold to a person, whether as part of a single transaction or over a period of time, without customer interaction;
b) maintain records of all instances of customer interaction pursuant to (a) above and, in each case, whether purchase of tickets beyond the limits set was then permitted; and
c) ensure such records are made available to the Commission for inspection on request and retained for at least three years from the date of any lottery to which they relate.

Introduction
The Gambling Commission regulates gambling in the public interest. The regulatory framework introduced by the Gambling Act 2005 is based on the following licensing objectives:
• Preventing gambling from being a source of crime and disorder, being associated with crime and disorder, or being used to support crime;
• Ensuring that gambling is conducted in a fair and open way;
• Protecting children and other vulnerable persons from being harmed or exploited by gambling; and
• Promoting social responsibility in gambling.

The EIC is committed to complying with the requirements of the Gambling Act 2005 (the Act). The powerLottery is a lottery which benefits the electrical and energy industry while giving players the chance to win. The EIC is committed to ensuring that the powerLottery is run in compliance with its obligations, and that any gambling is responsible. This policy sets out how the EIC works to support responsible gambling. The powerLottery is operated by our Gambling Commission licensed External Lottery Manager Sterling Management Centre Limited, who are primarily responsible for ensuring compliance.

Linked Policies & Procedures
The EIC has implemented relevant policies and procedures, including this policy, self-exclusion, and complaints procedure.

Policy
The EIC and its staff are committed to the protection of children and other vulnerable persons from being harmed or exploited by gambling. Our society and employees will take reasonable steps to identify customers who may be experiencing difficulties with gambling behaviour and signpost them to appropriate guidance and support.
Whilst the majority of people do gamble within their means, for some gambling can become a problem. It may help you to keep control to remember the following:
• Gambling should be entertaining and not seen as a way of making money
• Avoid chasing losses
• Only gamble what you can afford to lose
• Keep track of the time and amount you spend gambling
• If you want to have a break from gambling you can use our self-exclusion option by emailing us at fundraising@electricalcharity.org with your name, address and membership number(s). We will then close your membership(s) for a minimum period of 6 months, during which time it will not be possible for the account(s) to be re- opened for any reason.
• If you need to talk to someone about problem gambling then contact Gamble Aware.
• Gamble Aware is a registered charity that provides confidential telephone support and counselling to anyone who is affected by problem gambling. Gamble Aware can be contacted on 0808 8020 133 (Freephone).

Procedures
Provide information on what your society/ charity will do in this instance. It’s good practice to break the procedures down under the following sub- headings and include how your society will address each of the licensing objectives:

Preventing gambling from being a source of crime and disorder, being associated with crime and disorder, or being used to support crime

• We will maintain our Gambling Commission licenses in accordance with the Licensing Code of Conduct and Practices and submit the required reports to the Gambling Commission.
• The lottery operator Sterling operates compliance a programme in respect of suspicious transactions and the process of reporting them in line with the Proceeds of Crime Act.
• The lottery operator Sterling operates automatic age verification checks on lottery players who enter by remote means.
• Sterling ensures a single player will be limited to a maximum of £40 worth of entries in our lottery per week.
• Sterling ensures each player in our lottery will be limited to a single membership.
• The EIC and Sterling will not take lottery entry payments in cash.

Ensuring that gambling is conducted in a fair and open way
• Upon request from any player, we will provide a full history of their lottery membership. including complete payment and winnings history.
• Players have access to clear information on matters such as the rules of the game, the prizes that are available, the chances of winning, and the way in which prizes are allocated.
• The rules are fair.
• Any advertising and promotional material is clear and not misleading.

Protecting children and other vulnerable persons from being harmed or exploited by gambling; and
Promoting social responsibility in gambling.
• When a new player signs up to our lottery they will be required to declare that they are over the age of 16 and may be required to confirm their date of birth. Anyone under the age of 16 will not be permitted to purchase a ticket to enter the lottery. If, upon winning, any individual is found to be under the age of 16 then all winnings will be forfeited.
• Our lottery websites and media relating to the promotion of our lottery will provide information on gambling support organisations and alert players to Be Gamble Aware. We will further support this through an annual financial contribution to Gambling Commission approved organisations dealing with research, prevention & treatment of problem gambling.
• On request, we will close any player’s lottery membership for a minimum period of 6 months during which time the membership cannot be reinstated.
• Our society will provide appropriate awareness training to our employees on problem gambling.

To help customers to keep control of their gambling and recognise when it has become a problem we will provide information on our lottery communications to highlight that they should:
• see gambling as entertaining and not as a way of making money
• avoid chasing losses
• only gamble what you can afford to lose
• keep track of the time and amount you spend gambling
• read the game rules
• know that professional help is available.

If a customer contacts us to advise they are concerned that gambling may have become a problem for them or someone they care about then the following prompts will be used by staff to help them identify problem gambling:
• Do you stay away from work, college or school to gamble?
• Do you gamble to escape from a boring or unhappy life?
• When gambling and you run out of money, do you feel lost and in despair and need to gamble again as soon as possible?
• Do you gamble until your last penny is gone, even the fare home or the cost of a cup of tea?
• Have you ever lied to cover up the amount of money or time you have spent gambling?
• Have others ever criticised your gambling?
• Have you lost interest in your family, friends or hobbies?
• After losing, do you feel you must try and win back your losses as soon as possible?
• Do arguments, frustrations or disappointments make you want to gamble?
• Do you feel depressed or even suicidal because of your gambling?

• The more you answer ‘yes’ to these questions, the more likely you are to have a serious gambling problem. To speak to someone about this contact the Gamble Aware confidential helpline on 0808 8020 133 or visit their website www.begambleaware.org for further information.

Where a customer answers ‘yes’ to one or more of these questions they may have a gambling problem and will be advised that if they wish to speak to someone about it they should contact the National Gambling confidential helpline on 0808 8020 133 or visit the website https://www.begambleaware.org/ for further information.

Self-Exclusion

Please see our Self-Exclusion Policy: Terms & Conditions | powerLottery | Electrical Industries Charity
• We will make information about how to self- exclude available on our lottery website, as well as providing the appropriate telephone number for the player to self- exclude telephonically.
• Our ELM, Sterling Management Centre Limited utilises technology which identifies self- excluded players and prevents them from re- entering the lottery.
• A self- excluded individual will be flagged or removed from our marketing databases within two days of receiving a completed self- exclusion notification.
• During self- exclusion, a players account will be closed and any funds held on their behalf will be returned to them.
• Where self- exclusion has expired, we will not market our lottery to that player unless they have made a positive decision to return to the lottery of their own accord.

The Charity complies with the Licence Conditions and Code of Practice governing the procedures for self-exclusion. We will take all reasonable steps to prevent an individual who has entered a self-exclusion agreement with ourselves from participating in our lottery.

Should a member of our staff receive correspondence from an individual who wishes to be self-excluded they will send out a Lottery Exclusion form to be completed and returned. Upon the return of the form the individual’s details will be entered onto the self exclusion register. This will then be cross referenced against the existing membership and any new members signed up for the lottery for the period of the exclusion.

We will not target the individual with marketing material at any time during the self-exclusion. We will take steps to remove the name and details of a self-excluded individual from any marketing databases used by ourselves.

We will close any membership of an individual who has entered a self-exclusion agreement and return any funds held in their name.

We have put into effect the following procedures to ensure that an individual who has self-excluded cannot gain access to the lottery:
• A register of those excluded with appropriate records (name, address, lottery number, and any other appropriate comments).
• Staff training to ensure that staff are able to recognise and enforce the system.
• An individual must take positive action in order to self-exclude by way of a signature.
• The self-exclusion period is a minimum of six months (giving members the option of extending this if they so wish)
• The self-excluded member must take positive action to be removed from the self-exclusion and be able to enter the lottery at a future date.
• Upon notification the player will be given a one day cooling off period before being allowed access to the lottery.
• The record of the self-exclusion will remain on file until the agreement has been formally ended.

Date of last review: March 2026

Lottery Complaints Policy
The Electrical Industries Charity Limited

Section 6 of the Gambling Commission LCCP’s outlines the requirements of a licence holder in terms of Customer Complaints:

Licensees must put into effect appropriate policies and procedures for accepting and handling customer complaints and disputes in a timely, fair, open and transparent manner. The society/ charity must ensure that they have arrangements in place for customers to be able to refer any dispute to an ADR entity in a timely manner if not resolved to the customer’s satisfaction by use of their complaints procedure within eight weeks of receiving the complaint, and where the customer cooperates with the complaints process in a timely manner. The services of any such ADR entity must be free of charge to the customer.

Licensees’ complaints handling policies and procedures must include procedures to provide customers with clear and accessible information on how to make a complaint, the complaint procedures, timescales for responding, and escalation procedures.

Licensees should keep records of customer complaints and disputes and make them available to the Commission on request.

In this Code, ‘ADR entity’ means
a. a person offering alternative dispute resolution services whose name appears on the list maintained by the Gambling Commission in accordance with The Alternative Dispute Resolution for Consumer Disputes (Competent Authorities and Information) Regulations 2015 and,
b. whose name appears on the list of providers that meet the Gambling Commission’s additional standards found in the document ‘Alternative dispute resolution (ADR) in the gambling industry – standards and guidance for ADR providers’.

Introduction

The EIC is committed to upholding the highest standards in resolving complaints, and resolving complaints in compliance with the Gambling Commission’s LCCP.

Scope of policy

We define a complaint as an expression of dissatisfaction made to us by any means, about any aspect of the way we conduct the activities for which we hold a lottery licence. For example, a complaint:
• about the outcome of a lottery
• about the way a lottery has been managed
• that concerns the way we carry out our business in relation to the three licensing objectives.

It applies to supporters, our local communities, or relevant person etc. who feels the need to raise a complaint about our lottery activities, lottery service delivery and/ or lottery communications. It does not apply to staff and volunteers.

Linked Policies & Procedures

The terms and conditions can be read here: Terms & Conditions | powerLottery | Electrical Industries Charity
The Data Protection policy can be read here: https://electricalcharity.org/policy/

Policy
Sometimes we get things wrong, and when we do we would like you to let us know that you’re unhappy. We value your feedback and welcome the opportunity to respond.

• Above all, we aim to resolve all complaints agreeably and efficiently.
• We will endeavour to provide a fair complaints procedure that is easy to access, clear, and simple to use.
• We will be honest in our dealings with your complaint and ensure complaints are investigated thoroughly.
• We are committed to learning from complaints and will take action to improve.

Procedures

How does someone file a complaint?

Any complaints relating to the Lottery should be sent in writing to the Charity giving full details of the complaint and supporting documentation.

Complaints should be made to complaints@electricalcharity.org

The complaint will be acknowledged within 48 hours. The complaint will be investigated internally. Once a complaint is received the head of department or one of his/her colleagues will acknowledge receipt of the complaint in writing within 48 hours. The EIC aims to issue a full written response within 10 working days of the acknowledgement.

If further time is required, the EIC will communicate this to the complainer.

If the complainer is unhappy with the response, the complaint will be escalated to its stage 2 complaints process.

If the complainer is unhappy with the outcome of the stage 2 complaint, stage 2 of the complaints process will be followed: https://powerlottery.charitylotteries.co.uk/terms-conditions/. The complaint will be acknowledged within 48 hours. The complaint will be investigated internally. Once a complaint is received the head of department or one of his/her colleagues will acknowledge receipt of the complaint in writing within 48 hours. The EIC aims to issue a full written response within 10 working days of the acknowledgement.

If a satisfactory resolution cannot be reached then the matter can be referred to an alternative dispute resolution (ADR) entity. The EIC uses IBAS (Independent Betting Adjudication Service) for this purpose. IBAS are on the Gambling Commission’s approved ADR list.

www.ibas-uk.com

PO Box 62639
LONDON
EC39 3AS
Telephone 0207 347 5883
Fax 0207 347 5882
e-mail adjudication@ibas-uk.co.uk

Record Keeping
All disclosure reports made to the NCA will be retained by the EIC for a period of refer to Data Protection policy.

Date of last review: March 2026

Lotteries Marketing and Advertising Policy
The Electrical Industries Charity Limited

The advertising of gambling products and services must be undertaken in a socially responsible manner. When considering the Marketing and Promotion of our Lotteries and Raffle, and working with third parties, we must be aware of and ensure that we are compliant with the relevant regulations.

This will all be covered in our Marketing and Advertising training session which will be given to all employees involved with the marketing of licenced activities.

Marketing materials must be checked against the ASA codes, as set out below, for every new campaign, updated campaign and periodically for changes to the codes of practice.

We must pay particular attention to the following sections of the Codes:
UK Code of Non-broadcast Advertising and Direct and Promotional Marketing (CAP Code) (opens in a new tab)
• 3 Misleading advertising (opens in a new tab)
• 8 Promotional marketing (opens in a new tab)
• 16 Gambling (opens in a new tab)
• 17 Lotteries (opens in a new tab)

UK Code of Broadcast Advertising (BCAP Code) (opens in a new tab)
• 3 Misleading advertising (opens in a new tab)
• 17 Gambling (opens in a new tab)
• 18 Lotteries (opens in a new tab)
• 22 Premium-rate telephone services (opens in a new tab).

For free and paid-for advice on making our advertisements compliant with the Codes we can contact CAP’s Copy Advice team (opens in a new tab). Please also be aware that CAP and BCAP have published its Gambling Consultation update (opens in a new tab) which includes newly strengthened guidance on the protection of adult audiences and technical updates to the introductory parts of the UK Advertising Codes’ gambling.

We should comply with the Gambling industry code for socially responsible advertising (opens in a new tab) which is administered by the Industry Group for Responsible Gambling (IGRG).

This code is designed to supplement the CAP and BCAP codes by providing minimum industry standards in a limited number of related areas.

The CAP Code requires that marketing communications for gambling must not be likely to be of strong appeal to children or young persons, especially by reflecting or being associated with youth culture, particularly if they are generally available to view by them (‘freely accessible’). Read more about how the ASA views this type of content (opens in a new tab).

We must take care with the use of imagery, wording and characters used in marketing communications. Ads must not include a person or character whose example is likely to be followed by those aged under 18 years or who has a strong appeal to those aged under 18, such as sports people and celebrities.

To support our compliance with the advertising rules, CAP’s guidance, Gambling and lotteries advertising: protecting under-18s (opens in a new tab), was released in April 2022.

As a general rule, marketing communications for gambling must not include a child or a young person. No one who is, or seems to be, under 25 years old may be featured gambling or playing a significant role. In all other instances, including social media, under 25s must not feature.

Open and transparent marketing
We must ensure that our marketing communications do not mislead consumers.

All significant terms and conditions which are likely to affect a consumer’s understanding of a marketing promotion must be prominently displayed within the advertisement and positioned close to the headline offer on all relevant landing webpages and sign-up webpages (or equivalent) for that promotion, unless the advertisement is so small that it is impossible to do so.

Significant conditions must be clear, timely, intelligible, unambiguous, non-misleading and transparent. The terms and conditions of each marketing incentive must be made available for the full duration of the promotion.

If the significant conditions are not displayed with sufficient prominence, the ad will be seen as misleading.
Refer to CAP’s guidance on Gambling ads: free bets and bonuses (opens in a new tab) and to the Competition and Markets Authority principles (opens in a new tab) to ensure that all significant terms and conditions relating to promotions are presented in an accessible, clear and transparent way.

Unless expressly permitted by law consumers must not be contacted with direct electronic marketing without their informed and specific consent.

Whenever a consumer is contacted they must be provided with an opportunity to withdraw consent. If consent is withdrawn then you must, as soon as practicable, ensure the consumer is not contacted with electronic marketing unless the consumer consents again, and you must be able to provide evidence which shows that consent.

LCCP 5.1.11 broadly reflects the relevant requirements of the Privacy and Electronic Communications Regulations (PECR), which are enforced by the Information Commissioner’s Office (ICO). Relevant guidance can be found on the ICO’s website (opens in a new tab):
• electronic and telephone marketing
• guidance on direct marketing
• direct marketing checklist
• guidance on cookies.

Responsible placement of digital adverts
We will not place digital advertisements on websites providing unauthorised access to copyrighted content and must take all reasonable steps to ensure that third parties with whom we contract do similar.
The Infringing Website List (IWL) (opens in new tab), owned by the City of London Police’s Intellectual Property Crime Unit (PIPCU), is an online portal containing an up-to-date list of copyright infringing sites. The aim of the IWL is that advertisers, agencies and other intermediaries can voluntarily decide to stop advert placement on these illegal websites.

Where appropriate, the EIC will consult the IWL.

Key outcomes of advertising and marketing for our lottery and raffle can be found HERE.

Date of last review: March 2026

Data Breach Management Policy
The Electrical Industries Charity Limited

1 INTRODUCTION

1.1 This personal data breach policy:
1.1.1 places obligations on staff to report actual or suspected personal data breaches; and
1.1.2 sets out our procedure for managing and recording actual or suspected breaches.

1.2 This policy applies to all staff, and to all personal data and special category personal data held by The Electrical Industry Charity Limited (“we”, “our” or “us”). This policy supplements our policies relating to Data Protection and Data Retention and Cyber Security.

2 RESPONSIBILITY
The Data Protection Champion (as defined below) have overall responsibility for this policy. They are responsible for ensuring it is complied with by all staff.

3 OUR DUTIES

3.1 The Electrical Industry Charity processes personal data relating to individuals including staff, volunteers, donors and third parties. As custodians of data, we have a responsibility under UK data protection law to protect the security of the personal data we hold.

3.2 We must keep personal data secure against loss or misuse. All staff are required to comply with our information security guidelines and policies.

4 WHAT IS AND WHAT CAN CAUSE A PERSONAL DATA BREACH?

4.1 A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. It can broadly be defined as a security incident that has affected the confidentiality, integrity or availability of personal data.

4.2 A personal data breach can happen for a number of reasons:
4.2.1 loss or theft of data or equipment on which data is stored, e.g. loss of a laptop or a paper file;
4.2.2 inappropriate access controls allowing unauthorised use;
4.2.3 equipment failure;
4.2.4 human error, e.g. sending an email or SMS to the wrong recipient;
4.2.5 unforeseen circumstances such as a fire or flood;
4.2.6 hacking, phishing and other ‘blagging’ attacks where information is obtained by deceiving whoever holds it;
4.2.7 alteration of personal data without permission; or
4.2.8 loss of availability of personal data.

4.3 For the purposes of this policy, personal data breaches include both confirmed and suspected incidents. Staff who believe that they may have inadvertently caused a personal data breach or other security breach should, therefore, report that breach in accordance with this policy.

5 IF YOU DISCOVER A PERSONAL DATA BREACH

5.1 If you know or suspect a personal data breach has occurred or may occur, you should:
5.1.1 complete the data breach report form in Appendix 1 (below); and
5.1.2 email the completed form to dataprotection@electricalcharity.org

5.2 Where appropriate, you should liaise with your line manager about completion of the data breach report form.

5.3 You should not take any further action in relation to the breach. In particular, you must not notify any affected individuals or regulators. The Data Protection Champion will acknowledge receipt of the data breach report form and take appropriate steps to deal with the report in collaboration with the Data Breach Team (as defined below).

6 MANAGING AND RECORDING THE BREACH

6.1 On being notified of a suspected personal data breach, the Data Breach Team will investigate the matter and determine the appropriate steps.

6.2 The Data Breach Team will take immediate steps to establish whether a personal data breach has, in fact, occurred. If it has, the Data Breach Team will take appropriate action to:
6.2.1 contain the data breach and (so far as reasonably practicable) recover, rectify or delete the data that has been lost, damaged or disclosed;
6.2.2 assess and record the breach;
6.2.3 notify appropriate parties of the breach; and
6.2.4 take steps to prevent future breaches.
These are explained below.

6.3 Containment and recovery
6.3.1 The Data Breach Team will identify how the breach occurred and take immediate steps to stop or minimise further loss, destruction or unauthorised disclosure of personal data.
6.3.2 The Data Breach Team will identify ways to recover, correct or delete data. This may include contacting the police, e.g. where the breach involves stolen hardware or data and professional advisers e.g. cyber professionals, lawyers, etc.

6.4 Assess and record the breach
6.4.1 Having dealt with containment and recovery (see section 6.3), the Data Breach Team will assess the risks associated with the breach, including:
(a) what type of data is involved?
(b) how sensitive is the data?
(c) who is affected by the breach?
(d) what are the likely consequences of the breach on affected data subjects?
(e) where data has been lost or stolen, are there any protections in place such as encryption or pseudonymisation?
(f) what has happened to the data, e.g. if data has been stolen, could it be used for harmful purposes?
(g) what could the data tell a third party about the data subject?
(h) what are the likely consequences of the personal data breach?
(i) are there wider consequences to consider, e.g. loss of public confidence in an important service we provide?
6.4.2 Details of the breach will be recorded in the charity’s data breach register by the Data Breach Team.

6.5 Notifying appropriate parties of the breach
6.5.1 The Data Breach Team will consider whether to notify:
(a) the ICO;
(b) affected data subjects;
(c) the police; and/or
(d) any other parties, e.g. insurers, external professionals, or commercial partners.
6.5.2 Notifying the ICO
(a) The Data Breach Team will notify the ICO when a personal data breach has occurred where the personal data breach is likely to result in a risk to the rights and freedoms of data subjects.
(b) Where ICO notification is required, this shall be done without undue delay and, where feasible, not later than 72 hours after we became aware of it.
(c) If the Data Breach Team is unsure whether to report, the team shall seek external legal advice to assist with the reportability assessment.
6.5.3 Notifying data subjects
(a) Where the data breach is likely to result in a high risk to the rights and freedoms of data subjects, the Data Breach Team will notify the affected data subject(s) without undue delay, including:
(i) the name and contact details of the Data Protection Champion or other contact point where more information can be obtained;
(ii) the likely consequences of the personal data breach; and
(iii) the measures we have taken, or intend to take, to address the personal data breach, including, where appropriate, recommendations for mitigating potential adverse effects.
(b) When determining whether and how to notify data subjects of the breach, the Data Breach Team will:
(i) co-operate closely with the ICO and other relevant authorities, e.g. the police.; and
(ii) take account of all factors relevant to the breach, including whether appropriate technical and organisational protection measures have been taken to mitigate and manage the breach.
6.5.4 Notifying the police
If the breach arose from a criminal act, the Data Breach Team will notify the police and/or relevant law enforcement authorities.
6.5.5 Notifying other parties
The Data Breach Team will consider and, where appropriate, seek external legal advice on whether there are any legal or contractual requirements to notify any other parties.

6.6 Preventing future breaches
Once the personal data breach has been investigated, in accordance with this policy, the Data Breach Team will:
6.6.1 establish what security measures were in place when the breach occurred;
6.6.2 assess whether technical or organisational measures can be implemented to prevent the breach happening again;
6.6.3 consider whether there is adequate staff awareness of security issues and look to fill any gaps through training or tailored advice;
6.6.4 consider whether it is necessary to conduct a privacy risk assessment; and
6.6.5 debrief Data Breach Team members.

7 MONITORING AND REVIEW

7.1 We will monitor the effectiveness of all our policies and procedures regularly, and conduct a full review and update as appropriate, at least annually.

7.2 Our monitoring and review exercises will include looking at how our policies and procedures are working in practice to reduce the risks posed to our organisation.

8 REPORTING CONCERNS
Prevention is always better than cure. Data security concerns may arise at any time, and we encourage you to report any concerns you have to the Data Protection Champion. This helps us capture risks as they emerge, protect our organisation from personal data breaches and keep our processes up-to-date and effective.

9 CONSEQUENCES OF NON-COMPLIANCE

9.1 Failure to comply with this policy and associated policies (e.g. our Data Protection Policy) puts you and the charity at risk. Failure to notify the Data Protection Champions of an actual or suspected personal data breach is a very serious issue.

9.2 You may be liable to disciplinary action if you fail to comply with the provisions of this, and all related policies and procedures.

10 DEFINITIONS

“data subject” means a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.

“Data Protection Champion” means the nominated person who has responsibility for the management and monitoring of data protection compliance.

“personal data” means any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Special Categories of Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.

“special category personal data” means information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.

“Data Breach Team” means the team responsible for investigating personal data breaches, including: Liva Ivanova, Lucy Raemers, Desiree Edwards, Jess Vailima, with IT support to be provided by EuroSystems (Scotland) Limited, with company number SC360587 and with registered office at 65 Rodney Street, Glasgow G4 9SQ and legal support to be provided by Burness Paull LLP.

“Information Commissioner’s Office (ICO)” means the UK’s independent data protection regulator.

To access Appendix 1: Data Breach Report Form, please click HERE.

Date of last review: March 2026

Grant-making Policy
The Electrical Industries Charity Limited

1. ABOUT THIS POLICY

1.1. Through its grant-making activity, EIC provides short-term, high-impact support to individuals in financial difficulty. The aim is to intervene at critical moments to prevent cases from escalating into financial crisis, providing immediate relief and creating breathing space that enables individuals to regain longer-term stability. In some instances, EIC may also seek to collaborate with other charities to maximise grant funding and ensure individuals receive the most comprehensive support possible during times of need.

1.2. The purpose of this policy is to set out the principles and procedures that guide EIC when providing financial assistance. It also provides information about the processes of EIC for anyone who is applying for a grant.

2. GRANT-MAKING PRIORITIES

2.1. EIC prioritises grant applications where support will have the greatest immediate impact. Grants are considered on a case-by-case basis, recognising that each applicant’s circumstances are different and that there is no one-size-fits-all approach.

2.2. EIC’s grants are intended to provide short-term assistance and are not designed to provide ongoing or long-term financial support. Where an applicant’s circumstances indicate a sustained financial shortfall, alternative long-term solutions may need to be explored, which could include making significant financial adjustments such as downsizing or seeking more sustainable financial arrangements.

2.3. As part of the assessment process, an applicant’s financial position will be reviewed, including their income, expenditure, and available savings. In carrying out this assessment, EIC allows for applicants to retain approximately three months of essential living costs, taking into account their personal situation, income, and expenditure.

2.4. In cases where larger grants may be required, such as housing adaptations or temporary mortgage support during periods when an applicant is unable to work due to medical treatment, EIC may seek to collaborate with other charitable organisations in order to maximise the support available.

3. GRANT-MAKING – CRITERIA

Who can apply for a grant?

3.1. Grants are available to individuals who are actively working in the electrical industries, or to those who had to leave work due to ill health but have either a minimum of five years’ experience in the industry or have spent the majority of their working life in the sector.
What will the EIC fund?

3.2. EIC considers each grant application on a case-by-case basis, taking into account the applicant’s income, expenditure, and available savings. Where savings exist, EIC may provide part-funding. For larger grants, typically in the thousands of pounds, EIC may collaborate with other charitable organisations to maximise support.

3.3. EIC may provide funding for the following purposes:
3.3.1. Equipment grants – including wheelchairs, stairlifts, disability walkers, and similar aids.
3.3.2. Household essentials – such as white goods, supplied through approved industry partners.
3.3.3. Basic living support – including food vouchers, hotel stays, clothing, and toy purchases, delivered directly to the client.
3.3.4. Funeral grants – to assist with bereavement-related costs.
3.3.5. Client-specific financial support – including mortgage or rent payments and essential bills.
3.3.6. Housing repairs and adaptations – including roofing, accessibility modifications, or other urgent improvements.
3.3.7. Transport-related support – including essential car repairs for hospital appointments or employment needs.
3.3.8. Treatment therapy sessions
Please see separate treatment policy at appendix 1

3.4. EIC will not fund:
3.4.1. Ongoing or long-term financial support to cover routine expenditure.
3.4.2. Costs that require significant financial restructuring, such as the sale of property to manage long-term financial shortfalls.

3.5. All grants are intended to provide short-term, high-impact support. Funding may be offered either in full or in partnership with other funders, as appropriate.

3.6. Grant-making – application process

3.7. All grant applications must be submitted digitally via EIC’s online portal, Lightening Reach(https://www.lightningreach.org/application-portal?utm_source=eic&utm_medium=website&utm_campaign=pilot). Applicants are required to connect all relevant household accounts, including savings accounts and those of any partners. Where accounts have been closed, applicants must provide evidence of closure.

3.8. Applicants are also required to submit the following supporting documentation:
3.8.1. Valid photographic identification (e.g., passport or driver’s licence)
3.8.2. Proof of eligibility (e.g., certificates, P45, or payslips)
3.8.3. Medical evidence, where inability to work is due to ill health
3.8.4. Evidence of benefits, where applicable

3.9. Upon receipt and verification of all required documentation, a Case Manager will be assigned to the applicant. The Case Manager will conduct a comprehensive financial assessment to determine eligibility for grant support and the appropriate level of assistance.

3.10. EIC reserves the right to request additional information or documentation where necessary to complete the assessment.

4. GRANT-MAKING – DECISION-MAKING PROCESS

4.1. Once a Case Manager has been assigned, they will conduct a comprehensive financial assessment of the applicant. This process may take up to two weeks and may require the applicant to provide additional information or supporting documentation to fully evaluate their circumstances.

4.2. Where appropriate, EIC may recommend that the case be referred for a financial planning consultation with the external financial planner engaged by EIC. This ensures that grants, particularly larger awards or cases requiring specialist support, are allocated following a thorough analysis of the applicant’s financial situation.

4.3. All applications are also subject to team review, during which the Case Manager and relevant staff will discuss the case to reach agreement on the most suitable level of grant support or alternative support plan for the applicant.

4.4. EIC reserves the right to request further evidence or clarification at any stage of the assessment to ensure that funds are awarded appropriately and in line with organisational priorities.

5. DUE DILIGENCE

5.1. It may be that on some occasions there is a need for EIC to undertake some additional due diligence beyond that outlined above and ahead of making a decision in relation to a grant application.

5.2. Examples of additional due diligence that may be required include:
5.2.1. In cases where an applicant has previously worked in the industry but is unable to provide payslips or a P45, EIC may request a written statement from the applicant’s former employer confirming the period of employment and the position held;
5.2.2. Where bank accounts referenced in the application have been closed, applicants must provide evidence of account closure;
5.2.3. For grants awarded to organisations, rather than directly to individual clients, EIC requires that payment is made directly to the organisation. Prior to disbursing funds, the organisation must undergo verification, including checks to confirm legitimacy and completion of a supplier registration form.

6. AWARD OF GRANT FUNDING

6.1. Once an applicant has completed the assessment process and the Case Manager has assessed the grant, a decision will be made and the applicant duly notified.

6.2. In the event that a decision is taken not to make an award of funding, the applicant shall be entitled to appeal to the Welfare Audit Group against that decision. The Case Manager will provide the applicant with details as to how to make such an appeal if required.

7. REPORTING REQUIREMENTS AND MONITORING

7.1. Where grant funding is provided to cover mortgage payments directly to the client, EIC may require evidence that the payment has been remitted to the mortgage provider. This could include bank statements, payment confirmations, or other verifiable documentation.

8. SUBSEQUENT APPLICATIONS FOR GRANT FUNDING

8.1. Any subsequent requests for support will require the submission of a new financial application and will be subject to the standard assessment process outlined above.

Appendix 1 – Treatment Policy

The EIC may offer to cover the cost of up to 10 therapy sessions facilitated by a third-party provider. Personal data will be shared with the nominated providers, in accordance with our privacy notice https://electricalcharity.org/policy/ Please note that your failure to attend or late cancellation (i.e., cancelling within 24 hours of your appointment) may result in EIC having to pay for the session. If you fail to attend your appointment without a valid reason, we may suspend any further support to you. We reserve the right to withdraw our services at any time.

Date of last review: April 2026