Mayor of London logo London Assembly logo
Home

GLA Grants Services privacy policy

This page provides information about the steps we take to protect your privacy when you register with, and use Grants Services provided by the Greater London Authority (GLA). This includes your use of: 

This policy was last reviewed on 13 June 2025.

Information we collect

We require basic information to enable your use of our services. This includes your first name, last name and work email address, which are required to set up an account. We use these to: 

  • send you emails relating to the administration of your account. For example, that your account has been approved or that you need to reset your password

  • notify you of updates relating to your applications. For example information about claims or project updates and submission requests

  • send you communications about related grants which may be of interest

  • ask you to complete customer satisfaction surveys.

Unless the reason for communication is required, we will offer you the option to opt in and out.

Grant applications

When you apply for a grant, we will require further information about you and your organisation which may include financial or personal information. 

This is required as part of the grant application process and to protect the GLA from fraudulent applications.

Other information

We also record information about how you connect to our services, such as your IP address, the time you use our service and details of which version of web browser you used. 

This is necessary for security purposes, so that we can monitor and audit use of our services and ensure they are being used legitimately. 

We may, with your consent, collect additional information for analytical purposes, so we can understand how users engage with our services and find ways to improve them. Where these are used, you will have the option to enable and disable them at any time via your browser.

Sharing your information

To carry out our necessary activities, we will need to share your information with a small number of trusted partners. 

Deloitte UK is contracted to provide technical and development support for GLA OPS and Skills Gateway. To fulfil this activity, our supplier has limited privileged information to user data. Such access is logged and governed by a data sharing agreement. 

Our Grants for London platform is hosted by Salesforce. Hyphen8 is contracted to provide development and critical support for grants programmes on this platform. To fulfil this activity, our suppliers have limited privileged information to user data, which is governed by data sharing agreements. 

We make use of Spotlight, a fraud prevention service provided by the UK Government Cabinet Office. This compares the data you provide with various databases, such as Companies House, to ensure the validity of applications. Spotlight does not perform any automated decision-making. 

As part of its fraud checking and prevention capabilities, Spotlight may also share data with government bodies, including government departments, arm’s length bodies and local authorities. The authorisation for processing this data is outlined in the Cabinet Office's privacy notice for Spotlight

We will not sell or rent your data to third parties 

The GLA may be required to share your personal information with the police and other law enforcement agencies for the purposes of crime prevention or detection. If we are asked to disclose your information, we ask the requesting organisation to demonstrate that the data will assist in the prevention or detection of crime, or that the GLA is legally obliged to disclose it. 

How long we keep data for

We retain data only as long as it is needed for regulatory and auditing purposes.

In many cases this is governed by the type of grant application you apply for. For instance, many UK-funded grants require our retention of data for 7 years; EU-funded grants may extend this to 10 years.

Should any part of this data form part of a criminal or fraud investigation, the principles of Criminal Procedure and Investigations Act 1996 or other legal requirement will supersede any local retention policy.

Protecting your information

Your data is held on servers in the UK. We have implemented technology and policies to safeguard your privacy from unauthorised access and improper use. We will continue to update these measures as new technology becomes available.

We aim to have a secure and reliable web application and use appropriate security technology to protect any personal data we process about you.

However, you must also ensure that any device you use is kept up-to-date and is supported by your organisation and/or vendor, and that you are using a trusted, private internet connection to us.

Cookies

Cookies are small pieces of data that are downloaded to your computer or mobile device when you visit a website or web application.

We use cookies for a variety of essential purposes, such as ensuring you can log in, and to record your preferences.

We also use cookies for analytical purposes, which you can choose to opt-in or out-out of at any time using the cookie controls available from our services.

Changes to our privacy pages

We may need to update our privacy policy occasionally and the ‘last updated’ date appears at the top of this page.

Any updates will apply to you and your data immediately, so please check back here regularly. Your continued use of the application will mean that you accept any revisions.

If these changes directly affect how your personal data is processed, we will take reasonable steps to let you know.

Need a document on this page in an accessible format?

If you use assistive technology (such as a screen reader) and need a version of a PDF or other document on this page in a more accessible format, please get in touch via our online form and tell us which format you need.

It will also help us if you tell us which assistive technology you use. We’ll consider your request and get back to you in 5 working days.