Privacy & Cookie Notices

In this section

Last updated: 23 February 2024

This is the eaga Trust privacy and cookie notice. The eaga Trust consists of Eaga Partnership Trustee Limited and Eaga Partnership Trustee Two Limited. The notice also covers processing by the eaga Trust’s group company, eT Business Funding Limited.

1: Introduction and summary

1.1: Introduction

Thanks for reading our privacy notice. It tells you how we collect, use and share your personal information and what your rights are – and how to exercise them.

This notice applies to you if you are:

  • A member: that is a registered beneficiary of the eaga employee benefit trust and prospective members (who are beneficiaries)
  • A supplier: a sole trader or partnership or a contact for us at a corporate supplier who provides services to us
  • A consultant: an adviser, consultant, or other professional expert
  • A job applicant: someone who is interested in joining us
  • An interested person: an individual who isn’t in any of the categories above and who makes an enquiry, complaint or with whom we correspond
  • A relative of a member of our staff: a close family member or next of kin of a member of our staff, or
  • A website visitor: a visitor to our website who isn’t in any of the categories above.

This notice doesn’t apply to the eaga Trust staff.

There are a couple of technical definitions to get out of the way first. Here they are.

By “personal information” we mean personal data as defined in UK data protection law. In general, it means any information relating to you, which identifies you or allows you to be identified. That may be your name, an ID number, location, an online identifier or factors specific to you (e.g. physical, physiology (thoughts, feelings), genetic, mental, economic, cultural or social factors).

By “sensitive” personal information we mean two things: 1. what’s technically known as “special categories” of personal data (personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health or data concerning an individual’s sex life or sexual orientation) and 2. criminal data (criminal offences or related security measures, including the alleged commission of offences, proceedings for an offence committed or alleged to have been committed or the disposal of those proceedings, including sentencing).

For ease, we’ve split this privacy notice up into parts:

Part 1: Introduction and summary

Part 2: Important information about your rights in relation to consent and to object to our use of your personal information

Part 3: Key information required by the GDPR

Part 4: Our website and email newsletters

Part 5: Overview for members

Part 6: Cookies and similar technologies

If you have any queries about this privacy notice, please contact us. Please see “Our identity and contact details” in section a of “Key information required by the GDPR” below for our contact details.

1.2: Effects of Brexit on this privacy notice
On and after 1 January 2021, references to the “GDPR” in this privacy notice will mean the “UK GDPR”

1.3: Summary

Type of individual Our main uses of your personal information Where to find out more
A member: that is a registered beneficiary of the eaga employee benefit trust and prospective members (who are beneficiaries)
  • To provide benefits and related services to you as a member.
  • To keep accounts and records.
  • We may, if you do not object, send you information about Trust benefits by email, text or post. We use MailChimp in the US to do this by email. Please note that we track whether emails are opened and whether links are clicked on.
  • To prepare case studies.
  • To get feedback from members.
  • To develop and evaluate benefits.
 How to withdraw your consent or object to our use (where applicable)

Look in Part 2.

It tells you how to withdraw any consent you’ve given and how to object to both direct marketing and to our use where it’s based on a balancing test (called “legitimate interests”) which involves weighing our interests or a third party’s interests against your rights.

Other information

Look in Part 3 for GDPR-required information; here’s what’s in the different sections.

  • Sections a: our contact details
  • Section c: the purposes and legal basis for our use of your personal information
  • Section d: the legitimate interests often underpinning our use of your personal information
  • Section e: the types of personal information we may get from someone other than you
  • Section f: third parties with whom we may share your personal information
  • Section g: transfers (exports) of personal information
  • Section h: storage periods
  • Section i: your GDPR rights
  • Section j: withdrawing consent
  • Section k: complaints to the ICO
  • Section l: information you must provide (either by law or under a contract)
  • Section m: sources of personal information (where you aren’t the source).
  • Section n: automated decisions

Look in Part 4 for further information about our website and emails.

Look in Part 5 for further an overview of sharing with providers/those who support member benefits.

Look in Part 6 for information about cookies and similar technologies.

Members can find further member-specific information on application forms and in benefit-specific documentation and terms and conditions.
A supplier: a sole trader or partnership or a contact for us at a corporate supplier who provides services to us as a business
  • To receive agreed services from you or your employer or company.
  • To keep accounts and records.
A consultant: an adviser, consultant or other professional expert who provides services to us as a business
  • To receive agreed services from you or your employer or company.
  • To keep accounts and records.
A job applicant: someone who is interested in working for us
  • To enter into a services or employment contract or similar contract with you.
An interested person: an individual who is not a member or beneficiary but who makes an enquiry or a complaint
  • To respond to your enquiry or complaint.
A relative of a member of our staff: a close family member or next of kin of a member of our staff
  • Our member of staff may give us your name, address and date of birth which we may use to contact you in an emergency.
A website visitor: a visitor to our website who isn’t in any of the categories above.
  • We don’t make any routine use of your personal information (such as an online identifier) other than in statistical form, i.e. Google Analytics statistics about the online “footfall” to our site.
  • Unless you log in as a member, we probably can’t identify you.
 Look in Part 3:

  • Sections a: our contact details
  • Section h: storage period
  • Section i: your GDPR rights
  • Section k: complaints to the ICO

Look in Part 4 for further information about our website.

Look in Part 6 for information about cookies and similar technologies.

2: Important information about your rights in relation to consent and to object to our use of your personal information

Your rights in relation to consent: You may, at any time, withdraw your consent or explicit consent to us using your personal information or sensitive personal information as summarised below.

  • On certain forms, we may ask you to indicate whether or not you have a disability, and if so, what it is. This is to help us develop benefits for members with a disability. The question is entirely optional. If you have provided information about your disability and wish to withdraw your explicit consent, please contact us.
  • For some benefits, we may need to ask for your consent. To withdraw your consent, please contact us. Without your consent, we may refuse to provide the benefit or may stop the benefit unless there is another legal condition which applies to our use.
  • To give or withdraw your consent to the use of non-essential cookies on our website please use technical settings. Please see “Cookies and similar technologies” below for details.

Please see:

  • section a in “Key information required by the GDPR” below for our contact details
  • section c in “Key information required by the GDPR” below for further details of where we rely on your consent
  • section j in “Key information required by the GDPR” below for further details of your right to withdraw consent
  • “Our website and email newsletters” below for further details of the browsing information collected on our website and our use of MailChimp
  • “Overview for members” below for further information about sharing with benefit providers and related parties, and
  • “Cookies and similar technologies” below for information about cookies and similar technologies used on this site.

Your right to object to our use of the “legitimate interests” basis for processing: You may, at any time, object to our use of your personal information which is based on our own or others’ legitimate interests, as summarised below.

We consider that our use of your personal information for:

  • Operation and improvement of the employee benefit trust
  • Member relationship management
  • Employee relationship management
  • Supplier relationship management
  • Fraud prevention
  • Informing members by email, text or post of benefits and managing our subscriber lists
  • Internal administration of member personal information within our group
  • Network and information security
  • Reporting possible criminal acts/threats to competent authorities

is in our legitimate interests and in the legitimate interests of members.

You may object to our use on that basis.

Members can object to news or updates by updating their profile in the members’ area of the website. For email news/updates, members can also object by using the opt-out in the email.

To exercise your right to object for other uses, please contact us.

Please see:

  • section a in “Key information required by the GDPR” below for our contact details
  • section d in “Key information required by the GDPR” below for further details of our reliance on the legitimate interests basis for processing, and
  • section i in “Key information required by the GDPR” below for further details of your right to object.

3: Key information required by the GDPR

Here are important details about us and our use of your personal information.

Requirement Our details
a. Our identity and contact details

Identity and contact details and, where applicable, of the representative

 Eaga Partnership Trustee Limited, company number 03724739, ICO Z303366X

Eaga Partnership Trustee Two Limited, company number 03729659, ICO Z3033869

  • These are the two corporate trustees of the employee benefit trust.
  • Each company is a joint controller with the other.
  • The two companies act as one in all respects in determining the purposes and means of processing, with joint privacy notices, joint responses to individuals’ requests and a single point of contact for individuals.
  • They are known as “the eaga Trust”.

eT Business Funding Limited (Company No. 08026173) (eTBF), ICO ZA024813

  • eTBF provides business funding loans to members.

address (operating): 25 Main Street, Ponteland, Northumberland, NE20 9NH

address (registered): 3rd Floor, Citygate, St. James Boulevard, Newcastle upon Tyne NE1 4JE

email: contact@eagatrust.com

It would be very helpful if you would tell us exactly why you are contacting us. For example to exercise a right, please put the name of the right in the subject line of the email. Thank you.
b. Data protection officer and queries

Contact details of the data protection officer, where applicable

 We do not have a data protection officer. For queries, comments or complaints please use our contact details in the “Identity and contact details” section a above.
c. Purposes and legal basis

The purposes of the use for which the personal information is  intended as well as the legal basis for the use

Here’s a key to the second column:

Consent: your consent to one or more specific purposes

Contract: entering into a contract with you or performing a contract with you

Legal obligation: we’re required by law to do this

Legitimate interests: we’ve identified this as a legitimate interest of ours or a third party; we consider that use of your personal information is necessary to achieve that legitimate interest; and we’ve balanced all that against your interests, rights and freedoms

The third column gets a bit more technical. Where we’re dealing with sensitive personal information we need not one legal basis but two, from a different list (and the list is a lot longer).

The main ones are:

Explicit consent: your explicit consent to one or more specific purposes

Legal claims: to establish, exercise or defend a legal claim

Prevention/detection of unlawful acts: this is where we must use personal information without consent so as not to prejudice preventing or detecting unlawful acts

Regulatory requirements relating to unlawful acts and dishonesty etc.: this is where we must use personal information without consent to comply with (or help someone else comply with) a regulatory requirement that involves establishing if someone has committed an unlawful act or is dishonest etc.

Public domain: you’ve deliberately put your sensitive personal information into the public domain

You can find more details on the ICO website at https://ico.org.uk

 Here is a summary of the purposes for which we use personal information and the legal bases for our use.

Our purposes Legal basis (all personal information) Additional legal basis (sensitive personal information)
To enable us to provide benefits and related services to our members, including managing our holiday homes
  • Consent
  • Contract
  • Legal obligation
  • Legitimate interests
  • Explicit consent
  • Legal claims
  • Prevention/detection of unlawful acts
  • Regulatory requirements relating to unlawful acts/ dishonesty etc.
To manage job applicants
  • Consent
  • Contract
  • Legitimate interests
  • Employment, social security and social protection law
  • Equal opportunities
To maintain our accounts and records
  • Contract
  • Legal obligation
  • Legitimate interests
  • Legal claims
  • Prevention/detection of unlawful acts
For crime prevention/detection (includes reporting of possible criminal acts/threats to competent authorities)
  • Legitimate interests
  • Public domain
  • Prevention/detection of unlawful acts
To collect debts, deal with disputes and bring and defend legal claims (includes credit checks, involvement of legal advisers and alternative dispute resolution)
  • Legitimate interests
  • Legal claims
  • Prevention/detection of unlawful acts
  • Regulatory requirements relating to unlawful acts/ dishonesty etc.
To carry out research, analyse data and produce reports to evaluate, plan and develop benefits.
We also track email opens and click-throughts
  • Legitimate interests
  • Consent
  • Archiving, research and statistics
d. Legitimate interests

Where the use of information is based on the legitimate interests condition, the legitimate interests pursued

 Our legitimate interests

Our legitimate interests are:

  • Operation and improvement of the employee benefit trust
  • Member relationship management: this may include keeping your details on our member and email databases, corresponding with you and keeping accounts and records
  • Employee relationship management, including for job applicants
  • Supplier relationship management: this will mainly be limited to keeping accounts and records but we may also use it where appropriate to improve services; this might include information about your performance in providing services to us
  • Fraud prevention
  • Informing members by email, text or post of benefits and managing our subscriber lists
  • Internal administration of member and employee personal information within our group
  • Network and information security
  • Reporting possible criminal acts/threats to competent authorities

Others’ legitimate interests

We may also use your personal information because it is in our members’ legitimate interests as well as or instead of our own. For example, our research and planning will look at individual members’ details to create benefits for all members and improve the administration of the employee benefit trust.
e. Personal information collected indirectly – categories

The categories of personal information collected indirectly

 We collect the following categories of personal information indirectly (e.g. from third parties):

  • Registration details, from a member, where that member is registering their child as a member.
  • Details of third parties on official birth or marriage or civil partnership certificates or other official documentation, where we are seeking to prove a prospective member’s eligibility. In the UK and some other countries, this information is publicly available.
  • A range of feedback and related information from some benefit providers.
  • A range of feedback and related information from third parties we work with to provide benefits (for example confirmation from the Student Loans Company that their own payment has been received by the university, which triggers our payment).
  • Feedback on holiday home stays, from agents at our holiday homes, who will inform us, for example, if ID checks have failed or property has been damaged.

Members can find out more in part 5, Overview for members.
f. Recipients

The recipients or categories of recipients of the personal information, if any

 We may share your personal information with the following.

Members:

  • Our email services provider, to send email newsletters (we use MailChimp, see section 4.2)
  • Benefit providers and those who support the provision of benefits. Members can find out more in part 5, Overview for members.
  • Third party research organisations to carry out surveys and produce reports.

Job applicants:

  • We will share your personal information with recruitment agents.

All types of individuals:

  • Our group companies, for internal administration purposes
  • Our external accounting supplier, who will also receive your bank details if necessary to pay taxes, make payments and administer benefits
  • Our auditors, to audit our accounts
  • Our website providers, if you use our site
  • Our IT providers, to support our hardware, systems, communications, databases and software
  • Our legal advisers, if necessary for legal advice and claims.
  • Our processors, who process personal information on our behalf.

We will not otherwise disclose your personal information to any third party unless required or permitted to do so by law.
g. Transfers to third countries or international organisations

Where applicable, the fact that personal information is to be transferred to a third country or international organisation and the existence or absence of an adequacy decision by the European Commission, or in the case of transfers subject to appropriate safeguards or non-repetitive, limited transfers based on compelling legitimate interests, reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
A “third country” is a country which is outside the EEA (European Economic Area) and/or the UK.

 Our transfers

  1. We transfer email subscribers’ personal information to MailChimp, our US email service provider. The basis for the transfer is our reliance on standard contractual clauses in place with MailChimp. See section 4.2 for more about MailChimp.
  2. We will transfer your personal information to a third country if you are a member that lives in that country. The transfer will normally be on the basis that it’s necessary to enter into or perform the membership “contract” with you. However some countries’ laws give equivalent protection to UK data protection laws. Parts of Canada that are covered by the main Canadian privacy law are an example. If you live in one of those countries/regions, then those countries/regions’ laws will be the basis on which we’ll transfer your personal information.
  3. We will also transfer a member’s personal information to a third country for the purpose of administering the HE Bursary benefit, if you are a member who is studying there, as well as where a member is staying in a holiday home in a third country. This again is on the basis of the “contract” – to administer the benefit and provide the HE Bursary.

Transfers 2 and 3 are (or may be) based on exceptions (for contracts) rather than on safeguards like standard clauses or an adequacy decision, which aren’t available to us in those situations. This creates possible risks for individuals. In the EEA and the UK individuals have certain rights and remedies if the use of their personal information is unlawful. Individuals may not have the same rights and remedies if their personal information is used in a third country or by an international organisation. For example, the third country might not have a supervisory authority (a data protection authority like the UK ICO) and may not provide for data protection principles or individual data protection rights.
h. Storage period

The period for which the personal information will be stored, or if that is not possible, the criteria used to determine that period

 The period for which we will store personal information is based on our need to fulfil our legitimate needs as an employee benefit trust, comply with applicable law, resolve disputes, and enforce our agreements namely:

  • Membership records will be retained for the life of the employee benefit trust
  • Supplier and consultant data may be retained for up to 7 years after the end of the supplier relationship
  • Job applicant data will be retained for 6 months after the campaign if the applicant is unsuccessful, otherwise for up to 7 years after the end of the employment relationship
  • Interested persons’ data will be retained at least in order to respond to the enquiry or complaint and any follow up
  • Relatives’ personal data will be stored with the member of staff’s data for up to 7 years after the end of the employment relationship
  • Website logs are kept for approximately 6 months
  • Cookies are retained until their expiry date or you delete them, whichever is earlier.

Storage periods may be extended for the purpose of any legal claim.
i. Individual rights

The existence of the right to request access to and rectification or erasure of personal information or restriction of use concerning the individual or to object to use as well as the right to data portability

 You have rights to make a request to us:

  • for access to your personal information
  • for rectification or erasure of your personal information
  • for restriction of processing concerning you
  • to object to our processing which is based on legitimate interests
  • to object to archiving in the public interest, research and statistics
  • to port (transfer) personal information you have provided to us, either to you or to another provider.

These rights are more complicated than the simple summary above. To find out more about them, please visit the Information Commissioner’s website. To exercise your rights, please contact us or ask us for a form. Our contact details are in the “Identity and contact details” section a above.

Please make it clear which right(s) you want to exercise, for example by putting “right to object” in the subject line of the email if you wish to exercise the right to object. Thank you.
j. Withdrawal of consent

Where the use is based on consent (for ordinary or sensitive personal information), the existence of the right to withdraw consent at any time, without affecting the lawfulness of use based on consent before its withdrawal

 You have a right to withdraw any consent you give us at any time. This will not affect the legality of our consent-based use before you withdrew consent.

To withdraw consent to cookies, please adjust your browser settings (please see our cookie policy for further details).

To exercise your right to withdraw in any other case, please contact us. Our contact details are in the “Identity and contact details” section a above.

Please make it clear you want to exercise this right, for example by putting “Withdrawal of consent” in the subject line of the email, and if it applies to a particular benefit, provide the name of the benefit. Thank you.
k. Complaints

The right to lodge a complaint with a supervisory authority

 You have a right to complain to the Information Commissioner, whose contact details are:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
England

Telephone: 0303 123 1113 (local rate) or +44 1625 545 700 (from outside the UK).

Website: https://ico.org.uk which includes a live chat on the ‘contact us’ page.
l. Information collected directly – legal or contract requirement

Whether the provision of personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the individual is obliged to provide the personal information and of the possible consequences of failure to provide that information

 Legal requirement

There is no legal obligation to provide information.

Contract requirement

If you are a member, supplier, job applicant or interested person, we’ll normally need your personal details (name and contact details) to provide benefits, receive goods and services, process your application or answer your query or complaint. For members, suppliers and prospective employees, we may also need your financial details (e.g. bank details and, for suppliers, VAT number where applicable) so we can pay you. Our external accounting supplier looks after the financial details and tax/payment side for us.

If any personal information is required for member registration or for members to receive a benefit, that will be clear on the application form or in the accompanying documentation.
m. Sources of personal information collected indirectly

The source of the personal information and if applicable, whether it came from publicly accessible sources

 The sources of the personal information we collect indirectly are listed in the indirect categories section e above.

Members can find out more in part 5, Overview for members.
n. Automated decision-making

The existence of automated decision-making, including profiling. This means a decision based solely on automated profiling which produces legal effects concerning the individual, and which must not be based on special categories of (i.e. sensitive) personal information without explicit consent or substantial public interest, with safeguards. Meaningful information about the logic involved, as well as the significance and the envisaged consequences of the processing for the individual must also be provided.

 We do not conduct automated decision-making. All decisions about you will be made by humans.

4: Our website and email newsletters

4.1: Information about your visit to our site

This includes your IP address, operating system, browser type and version, location, length of your visit, the pages you have visited, weblogs and other communication data. This information is held on our server logs and is used for system administration and for generating statistical information to help improve our service. We may use this information to investigate and take action against any misuse of the site.

4.2: MailChimp

We use MailChimp to send out “Trust matters” emails to members. “MailChimp” is the trading name of The Rocket Science Group LLC, an email services provider based in the US. MailChimp will store your name and email address in the US.

MailChimp’s data processing addendum incorporates standard contractual clauses, recognised in Europe as providing broadly equivalent protection for personal information to the protection provided under European law.

We have switched on tracking in emails (on opens and click throughs). This helps us monitor the effectiveness of our email newsletters and understand better which benefits are of most interest and use to members. We ensure only anonymised statistics are disseminated within the eaga Trust, and that the raw data of opens and click-throughs is available only to those people tasked with producing the statistics. Please see section 6.3.5 for instructions on how to give or withdraw consent to the tracking.

MailChimp will also track those emails. MailChimp uses cookies, unique identifiers, pixels and similar tracking technologies for tracking. For further details please see MailChimp’s cookie statement under the section “Cookies served through the Services” and privacy policy. MailChimp’s terms of use say at section 16: ‘We may view, copy, and internally distribute content from your Emails and account to create algorithms and programs (“Tools”) that help us spot problem accounts. We use these Tools to find Members who violate these Terms or laws and to study data internally to make the Service smarter and create better experiences for Members and their contacts.’

We have excluded members’ data from inclusion in MailChimp’s data science projects. We do not use any additional add-ons or features provided by MailChimp (which create further tracking).

We do not send Trust matters emails to members who are under the age of 16 years.

5: Overview for members

5.1: Benefits

All benefits are paid for by the eaga Trust apart from Business Funding of under £10,000 which is provided by eTBF.

Please see the enquiry form and any online or offline application form for details of the personal information we collect directly from you (if any) for specific benefits.

Please also see section 5.2 for other personal information we will collect directly from you if you correspond with us, which may include sensitive personal information.

The “third parties” in the table below are third party benefit-specific providers or enablers.

The recipients listed in section f of “Key information required by the GDPR” above may also receive your personal information; in particular our external accounting supplier receives personal information (including your bank details where necessary) for arranging payment of taxes, to administer benefits and make payments to you or to a benefit provider/enabler.

Description Personal information collected from you, shared with a benefit provider/enabler or provided to us by a benefit provider/enabler Provider/enabler
Discounts
Affinity Deals Collected

  • Please see members’ area of the website for details.

Shared

  • None

Provided

  • None
 Fiat
The Benefits Website Collected

  • Please see members’ area of the website for details.

Shared

  • None

Provided

  • None
 https://www.thebenefitswebsite.co.uk

(please see their terms and conditions and cookie policy)
Tickets at Work (USA) Collected

  • Please see members’ area of the website for details.

Shared

  • None

Provided

  • None
 https://www.ticketsatwork.com

(note this is a US site – please see their terms and conditions of use and sale and their privacy policy)
Employment and business
Business Funding of over £10,000 Collected

  • Please see members’ area of the website for details.

Shared

  • None
  • We will share your name, date of birth, NI number and business area with Carillion PLC and their liquidators PwC, for tax purposes.
  • We will share your details with our external accounting supplier in order to make payment.

Provided

 The eaga Trust
Business Funding of under £10,000 Collected

  • Please see members’ area of the website for details.

Shared

  • We will share your personal details with a credit reference agency in order to obtain a credit check.
  • We will share your name, date of birth, NI number and business area with Carillion PLC and their liquidators PwC, for tax purposes.
  • We will share your details with our external accounting supplier in order to make payment.

Provided

  • The credit reference agency will provide us with a credit check.
 eTBF
Further Education Bursary Collected

  • Please see members’ area of the website for details.

Shared

  • We will share your name, date of birth, NI number and business area with Carillion PLC and their liquidators PwC, for tax purposes.
  • We will share your details with our external accounting supplier in order to make payment.

Provided

  • None.
 The eaga Trust
HE Bursary (also open to second generation members) Collected

  • Please see members’ area of the website for details.

Shared

  • If you live and study in the UK, we will send the Student Loan Company (SLC) your name, address, NI number, date of birth, unique reference number and SLC number so they can match you to their own records.
  • We may share your name, email, telephone/mobile, University, course and year of study with the benefit auditor, Origin Associates Limited (the Bursary Auditor) for fraud prevention/detection purposes.
  • We will share your name, date of birth, NI number and business area with Carillion PLC and their liquidators PwC, for tax purposes.
  • We will share your details with our external accounting supplier in order to make payment.

Provided

  • If you are from the UK and study in the UK, the SLC will share your name, NI number, date of birth, SLC number, unique reference number, University, course and course start date so we can match that to our own records.
  • If you are from the UK and study in the UK, then up to 9 times during your course, the SLC will confirm that it has validated its own loan payment, or notice that it has not been able to do so (used by us to trigger or withhold payment).
  • If you are from the UK but studying outside the UK, or if you are not from the UK, then we will validate your attendance at your university before we make payment. To do that, we will need to share your details with your university, which may involve a transfer of your personal information to a third country; we will receive further information about you from your university (e.g. confirming your attendance) – that may contain sensitive personal information
  • We may receive a report and possibly further clarifications from the Bursary Auditor – this may contain sensitive personal information
  • We may receive ancillary information e.g. from the Bursary Auditor or (if you are from the UK and study in the UK) from the SLC – this may also contain sensitive personal information.
 The eaga Trust
CEPI Collected

  • Please see members’ area of the website for details.

Shared

  • We will share your name, date of birth, NI number and business area with Carillion PLC and their liquidators PwC, for tax purposes.
  • We will share your details with our external accounting supplier in order to make payment.

Provided

  • None
 The eaga Trust
Childcare Support Collected

  • Please see members’ area of the website for details.

Shared

  • We will share your name, date of birth, NI number and business area with Carillion PLC and their liquidators PwC, for tax purposes.
  • We will share your details with our external accounting supplier in order to make payment.

Provided

  • We will pay childcare support payments directly into your Government Childcare account.
 The eaga Trust

(paid by the eaga Trust)
Skill-Builder Plus (also open to second generation members) Collected

  • Please see members’ area of the website for details.

Shared

  • We will share your name, date of birth, NI number and business area with Carillion PLC and their liquidators PwC, for tax purposes.
  • We will share your details with our external accounting supplier in order to make payment.

Provided

  • We will pay the course provider’s invoice on your behalf.
 Various course providers

(paid by the eaga Trust)
Tutoring Support Collected

  • Please see members’ area of the website for details.

Shared

  • We will share your name, date of birth, NI number and business area with Carillion PLC and their liquidators PwC, for tax purposes.
  • We will share your details with our external accounting supplier in order to make payment.

Provided

  • We will pay tutoring support payments directly to Kip McGrath
 Kip McGrath

(paid by the eaga Trust)
Health and Wellbeing
Serious Injury Insurance benefit Collected

  • None.

Provided

  • Aviva will contact our Insurance Broker Gallaghers, who will contact the Trust to inform us you have enquired about making a claim.

Shared

  • We will confirm your membership (your full name, date of birth, address details and membership number) and therefore inclusion within the programme to Gallaghers who will share it with Aviva. We will keep a record of our correspondence with Gallaghers.
  • We will share your name, date of birth, NI number and business area with Carillion PLC and their liquidators PwC, for tax purposes.
 Aviva

(paid by the eaga Trust)
Wills and LPA Collected

  • Please see members’ area of the website for details.

Shared

  • We will share your name and membership number with Co-Op Legal Services.
  • We will share your name, date of birth, NI number and business area with Carillion PLC and their liquidators PwC, for tax purposes.
  • We will share your details with our external accounting supplier in order to make payment.

Provided

  • We will pay the benefit provider’s invoice on your behalf.
 Co-Op Legal Services
BUPA Healthy Minds Collected

  • None.

Shared

  • We will share your title, first name, surname, address, email address, date of birth and membership number with BUPA.
  • We will share your name, date of birth, NI number and business area with Carillion PLC and their liquidators PwC, for tax purposes.
  • We will share your details with our external accounting supplier in order to make payment.

Provided

  • We receive a ‘claim summary’ report from BUPA once a year, however this does not contain any identifying data.
 BUPA

(paid by the eaga Trust)
Holiday Homes
Holiday Homes Collected

  • Please see website booking requirements and holiday home terms and conditions.
  • If you are staying at the Hyning Estate, CCTV is in operation. These are for the purposes of public and staff safety and crime detection and prevention. In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information about the scheme. We will only disclose CCTV images to others, where required by law or to help prevent crime etc. Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated. You have the right to see CCTV images of yourself and be provided with a copy of the images. However, the images may be withheld if the images also identify a third party.

Shared

  • We will share your booking details with the management agents. This varies according to the holiday home but will typically include your first name and surname, month and year of birth, arrival/departure dates and how many are in your party and may include your telephone number and email address.
  • We will share your name, date of birth, NI number and business area with Carillion PLC and their liquidators PwC, for tax purposes.
  • We will share your details with our external accounting supplier in order to make payment.

Please note that you will also be required to share personal information with the management agent(s) for the holiday home. Please see the holiday home terms and conditions.

 The eaga Trust

5.2: Other personal information collected directly from you

Description Personal information that may be collected from you
Correspondence and surveys
  • Information about your use of our website and any emails, texts or letters you send to us or which is recorded by us as a result of calls from you.
  • Information from our surveys or research that you participate in.
  • Something you tell us in raising an issue or making a complaint, which may include sensitive personal information.

6: Cookies and similar technologies

6.1: Introduction

A cookie is a file containing a small amount of information that a website places on your device. Similar technologies include:

  • Local shared objects (Flash cookies) –  data that websites which use Adobe Flash store on your device
  • Local storage (session storage and database storage) – a type of file placed on your device that can hold data, often related to video or audio content
  • Pixels – (also known as clear gifs, web beacons or web bugs) are code used on a web page or in an email notification. They are used to learn whether you’ve interacted with certain web or email content. This helps to measure and improve services and personalise your experience.

We use cookies and similar technologies to help us understand how people interact with our website. That means we can make improvements and develop the website in an informed way for our website visitors and members. It helps us improve your overall experience.

As at September 2023, and depending on your browser and device settings, we use around 23 cookies on our site at https://www.eagatrust.com/.

6.2: What cookies do we use?

Here is a summary of the cookies we use. This does not include cookies that may be used on other sites, including benefit providers’ sites. Please check the privacy/cookies notices on those sites for details of their use of cookies. We are not responsible for the privacy practices of other site owners or operators or the cookies and other tracking technologies used on other sites, including on benefit providers’ sites.

We use these types of cookie … … for these purposes
Strictly necessary cookies. These cookies are generally used to store a unique identifier to manage and identify you as unique to other users currently viewing the website, in order to provide you with a consistent and accurate service. We use cookies for site security to allow members to log in.
Performance cookies. These cookies are used for performance and to improve the website. For web analytics.

We use Google Analytics – see how Google uses your data here: www.google.com/policies/privacy/partners.
Functionality cookies. These cookies will typically be the result of something you do, but might also be implemented in the delivery of a service not explicitly requested but offered to you. They can also be used to prevent you being offered a service again that had previously been offered to you and rejected. For sharing videos on our site.

We use Vimeo, the video-sharing website, to provide videos to you on our site. Vimeo will set third party cookies if you watch one of those videos.

Please see https://vimeo.com/ for further details.
Targeting or advertising cookies. These cookies contain a unique key that is able to distinguish individual users’ browsing habits or store a code that can be translated into a set of browsing habits or preferences using information stored elsewhere. Cookies may also be used to limit the number times a user sees a particular ad on a website and to measure the effectiveness of a particular campaign. None.

6.3: How to see individual cookies and withdraw consent to cookies and similar technologies

6.3.1: Cookies

Cookies change and their names and descriptions are not very user-friendly for most people but here’s a list we created in May 2018 which you may find helpful. If you want to see the cookies currently used on our website, they should be visible through your browser. (Please see below for instructions.)

To give or withdraw consent to cookies, please use the technical settings provided.

There are different browsers and manufacturers upgrade them frequently. The best way to get the right instructions is to go to the manufacturer’s support page. The following support/privacy pages (for some of the more common browsers) are correct as at May 2018.

If you have problems with these pages, can’t see individual cookies or want find out more about how cookies are handled within your browser, please go to the manufacturer’s site and search for the browser name and your cookie query.

6.3.2: Flash cookies

To disable flash cookies (local shared objects) go to the Global Storage Settings panel of the online Settings Manager at Adobe’s website at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html. This places a permanent flash cookie on the device, informing all other websites that you do not want flash cookies stored on your device.

6.3.3: Analytic cookies

You can prevent Google’s collection of data generated by your use of the sites (including your IP address) by downloading and installing a browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.

6.3.4: Local and session storage

You can delete local storage, session storage and database storage in the same way that you delete cookies.

6.3.5: Pixels

We have switched on tracking on emails in MailChimp. The tracking is enabled by pixels in conjunction with cookies, unique identifiers and similar tracking technologies. You cannot delete pixels but you may be able to disable them by disabling cookies or on a web page by using browser add-ons or extensions. Some pixels in emails can be disabled by selecting an option in your email application not to download images. To avoid triggering pixels in links in emails, don’t click on the link but navigate to the site manually and look for the information. Or you can request that we send you emails in plain text.

Please be aware that restricting cookies and similar technologies may impact on the functionality of our website.

6.4: Further information

To find out more about cookies, including how to see what cookies and other technologies have been set and how to manage and delete them, please visit http://www.allaboutcookies.org/.