Privacy Policy

Children belong in families,
not orphanages

Lumos Privacy Policy

12 August 2019

This Privacy Policy sets out how Lumos uses and protects the personal data you share with us. We are totally committed to protecting your information and using it responsibly. We want to make sure that we are clear about how we will use your data and assure you that we will take appropriate measures to protect the personal data that we collect.

Please read our Privacy Policy carefully, along with our website's terms and conditions.

The Privacy Policy will cover:

Who we are and what we do
Why we collect and use your information
How and when we collect information
What information we collect
How we use the information we collect and our legal basis for processing your information
How we keep your information safe
How we share your data with other organisations
Transferring your information outside the EEA
How long we keep your information
The website and use of cookies
Your rights and complaints
Changes to this policy

1. Who we are and what we do

Lumos Foundation, Lumos Foundation USA Incand Friends of Lumos USA Ltd work to deliver the Lumos mission across the world of rescuing children from orphanages and reuniting them with families and changing education, health and social care systems so all children and families can access the care and protection they deserve.

The processing of your data is carried out by or on behalf of Lumos Foundation, Lumos Foundation USA Inc, and Friends of Lumos USA Ltd (collectively Lumos ‘we’, ‘us’ or ‘our’).

Lumos Foundation is a registered charity in England and Wales (1112575) and a registered company in England and Wales (5611912).

Lumos Foundation USA Inc. is recognised by the US Internal Revenue Service as a 501(c)(3) tax exempt organisation based in the USA and is a separate non-profit organisation set up to further the mission of Lumos Foundation internationally.

Friends of Lumos USA Ltd. is a dual qualified charity that permits individuals to give to Lumos in the United States and the United Kingdom, registered charity in England and Wales (1170023) and a registered company in England and Wales (9502092).

If you have any questions about this Privacy Policy and how we use your information, please contact Lumos Global Data Protection Officer:

Email: @wearelumos.org

Telephone: +44 2072536464

Post: Global Data Protection Officer, Peninsular House, 30-36 Monument Street, London, EC3R 8NB

2. Why we collect and use your information

We will only use your information where we have a legal basis to do so and will always respect your rights.

We use your information to support the work that we do to achieve our mission, to ensure we effectively communicate our organisation's work, campaigns and achievements and to gain a better understanding of our current and potential supporters, donors, partners and friends. This Lumos family is important to us and we are committed to ensuring that your privacy is protected.

In this policy we will outline the types of data we might use to achieve this; for example, we might use information available to improve our donor experience, so you have a more fulfilling journey with Lumos as we work towards our vision and receive the types of communications which interest you most.

We hold and process your information for a number of reasons:

To keep you updated about our work and projects;
To invite you to events that we hold or training about our work and mission;
To send you information about our fundraising activities and appeals;
To administer our competitions and free prize draws;
To invite you to participate in or work with us in our advocacy campaigns;
To administer our research;
To process and keep a record of donations or payments made by you and related communications, and verify financial transactions to protect against fraud;
To support you and communicate with you when participating in fundraising events;
To claim gift aid on donations and gift aid declarations;
To provide products or information that you have requested;
To check with you on, and record, how you want us to contact you;
To ensure we do not send unwanted information to supporters or members of the public who have informed us they do not wish to be contacted;
To comply with legal obligations;
To manage Lumos and our business needs;
To notify you of changes to our policies.

3. How and when we collect information

There are a number of ways we collect information about you:

We may collect information provided by you directly, for instance, through filling out a form on our website, donating to us, signing up to or attending an event or training that requires personal registration details, speaking to us at events, meetings or conferences or emailing us.
We may collect information about your interactions with us, this might be a visit to our website, watching a video on our YouTube or Vimeo channel or any other digital platform used by us.
We may collect information provided indirectly about you from independent third party platforms, such as fundraising platforms like CrowdRise, Virgin Money Giving and Just Giving. These independent third parties will pass your data to Lumos where you have indicated that you wish to support us and have given your consent or it is a necessary part of completing a contract with you. Please check the privacy policy of any other platform if you are concerned about how they process and store your data.
We may collect information about you through personal introductions or which is publicly available, especially in the relation to philanthropists, where we seek to find out more about these individuals, their interests, motivations for giving and capacity to give greater support through publicly available information. Philanthropists are major funders of the very institutionsLumos aim to close due to their negative impact on children and poor outcomes. It is not only in Lumos’ best interests to understand and empower this group to make more strategic community-based investments through their charitable giving as opposed to funding orphanages, but it is better for the children and communities we work with too. We analyse our database and use information on how supporters have engaged with us in the past to see if we believe that they would be interested in building a relationship with our Major Giving Team. Using this information means that we can tailor communications to areas of our work that we believe will be of interest to this particular group, as we know that donors want information relevant to their motivations.

These external data sources may include information from newspapers or other reputable media coverage, open posting on social media sites or information that individuals put in the public domain on company websites or professional networking sites and information from official sources such as Companies House, Charity Commission and other registers, the Electoral Roll, Who’s Who and Debrett’s guides. We will notify individuals about this processing at the earliest practical opportunity. Where we decide not to make contact, we will delete all personal data obtained, other than basic contact details, to which we will apply a suppression flag to ensure we do not make contact in the future.

We may collect information about you to understand the source or potential source of money that you give to us to discharge our responsibilities and legal duties and may therefore also carry out some research on that basis to assess and manage potential risks with regards to money laundering and other offences and ensure that there is no conflict with Lumos’ vision and mission.

We may gather information if your activities relate to our work - for instance, if you are a public figure such as a Member of Parliament and other holders of public office or you represent an organisation which we work with or which is related to one of our advocacy campaigns we may gather information about you in order to inform our advocacy campaigning and make decisions - for instance, whether we engage with you to seek your support for our work or choose to work with you in another way.

4. What information we collect

We collect different information about you according to the relationship you have with us. Whatever your relationship with us, this information will be minimal and linked to the purpose for which we need it.

The information we collect may include personal details, such as:

Your title, full name
Your date of birth, age or confirmation that you are over 18
Your contact details which could include your address and/or email and/or phone number
Details of any correspondence we have had with you relating to your support of us
Your contact preferences
Records of your donations
Whether you have signed up to the Gift Aid scheme
Any fundraising appeals or campaigns that you may have responded to
Events or training courses that you have attended or enquired about
Your health information that you gave us if you are participating in an event or taking part in any training, to help us ensure your safety
Your photograph or video footage of you if you have attended or taken part in an event, with your permission
Bank account details to process donations or purchase items.
The last four digits of your payment card number. The payment merchant that Lumos uses to process donations collects card details and stores card details for recurring payments.
Your IP address, location or browser.
We use tracking tools in our email campaigns to monitor when you open or forward an email, click on links within the email, and the time, date and frequency of activity. We store this information in our database and use it to refine future email campaigns and supply you with more relevant information.
Your background details including professional details and the field in which you work, if you are a potential advocacy campaigner or work with our advocacy team.
Your details which appear on publicly available sources such as media outlets (such as newspapers, blogs and magazines), company websites (such as Companies House) or open postings on social media (such as LinkedIn) including views and positions you have expressed, and details regarding your circumstances - for instance which political roles you hold or what your background is.
Information to support our work with high net worth individuals, to understand their philanthropic interests and complete any necessary due diligence.

Sensitive personal data

We only collect this information if there is a clear and specific reason for doing so and will usually ask for your consent.For example, we will collect information about your dietary needs if you are attending an event at which food will be served, so we can provide the appropriate refreshments or we will collect information about any disability that you have told us about to provide appropriate facilities and support at an event.

We would not ask for consent if it is information that you have clearly made public, for example, the political views of a political figure, or your religion if you are working with us because you represent a faith-based organisation.

5. How we use the information we collect and our legal basis for processing your information

We will always make sure that we consider why we are processing your personal data and identify our legal basis for doing so.

We rely on the following legal bases:

Consent:

You have given us your consent - for example:

to send marketing emails or SMS text messages; or
to process your health information that you give us to cater for your dietary needs or needs as a consequence of a disability at an event;

You can withdraw your consent at any time by contacting the Global Data Protection Officer:

Email: privacy@wearelumos.org

Telephone: +44 2072536464

Post: Global Data Protection Officer, Peninsular House, 30-36 Monument Street, London, EC3R 8NB

Legal obligation:

We have a legal or statutory duty or requirement to process your information – for example:

confirming details of any direct debit that you have set up with us; or
to claim gift aid.

Carrying out a contract:

We may also process your personal data where it is necessary to carry out the terms of a contract which we have with you (or when we are in the process of forming that contract with you).

Legitimate interest:

We consider that we have a legitimate interest to do so and have assessed that the processing is not likely to be too intrusive, or to unduly infringe on your rights and freedoms – for example;

To communicate with you about marketing and fundraising including:
To send you fundraising packs or information on request
In the case of our major donors occasionally to send you mail or telephone you about activities or events we think you may be interested in (unless you have told us not to, or if you are registered with the Mailing Preference Service, Telephone Preference Service or the Fundraising Preference Service).
To occasionally use social media so you see targeted Lumos adverts on your newsfeed.

To carry out a task including:

Running an event;
Planning or running advocacy campaign activities;
To ensure that we understand our supporters and so can contact them in a way that is relevant for them, and to make sure that we are using our marketing budgets effectively:
To segment and analyse our data that we hold so that we can understand who our supporters are and contact them about a specific activity. For example, to identify which supporters have previously participated in running events, and to send them details of future running events or to identify which supporters have an interest in the Wizarding World and to send them related products or promotions.
To undertake research on potential high value supporters, to understand their philanthropic interests and ensure that we only contact people whose interests align with ours. We usually undertake this research ourselves, but may also engage a third party supplier to support us with this.
To manage our everyday business needs;
To work with third party suppliers, where we can make use of their expertise in a specialist field, or where they can provide services at a more cost-effective rate than we could manage internally.
To update our database records to keep them accurate.

You have the right to object to us processing your data on the grounds of our legitimate interests. If you would like us to stop using your data on this basis, please contact the Global Data Protection Officer:

Email: privacy@wearelumos.org

Telephone: +44 2072536464

Post: Global Data Protection Officer, Peninsular House, 30-36 Monument Street, London, EC3R 8NB

6. How we keep your information safe

We have appropriate organisational and technical controls in place to protect your personal information including the use of secure servers, firewalls, virus and malware protection and encryption and our systems are regularly independently tested and reviewed.

We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.

Electronic data is stored on secure computer systems and we control who has access to information (using both physical and electronic means).

We ensure all of our contractors who need access to your data to deliver services are meeting the same standards as a minimum.

Our payment merchant is PCI compliant, which means that it hosts and processes your data securely.

Lumos holds a Cyber Essentials certification.

While we take all of the measures that we’ve outlined above, unfortunately, the transmission of information using the internet is not completely secure. Although we will do our best to protect your personal data sent to us this way, we cannot guarantee the security of data transmitted to our site.

7. How we share your data with other organisations

We will never share your information with third parties for their own purposes, unless:

this is explained to you at the time we collect your information – for example passing your details to event organisers to secure your place or gain access to an event venue;
you give us your permission to, or
we are legally required to do so - for example, we are legally required to provide your data to HMRC if you have agreed to us claiming Gift Aid on your behalf.

We sometimes use third party platforms and companies or suppliers to collect and process personal data on our behalf (an example of this would be a third party fundraising platform). We do comprehensive checks on the companies with whom we work, and put a contract in place that sets out our expectations and requirements including to take all reasonable care to ensure that they keep your data secure, only use your information in accordance with our instructions and for no other purposes.

To enrich our content, we sometimes embed photos and video content from websites such as YouTube and Twitter. As a result, when you visit a page with content embedded from, for example, YouTube or Twitter, these sites may set a cookie.

The Lumos website also carries embedded 'share' buttons to enable users of the site to easily share articles with their own friends and family through a number of popular social networks, for example, Facebook and Twitter. These sites may set a cookie when you are also logged in to their service.

Lumos does not control the dissemination of these cookies and you should check the relevant third party website for more information about these.

As an international organisation, Lumos manages its work on a global basis within the Lumos family and therefore may share your data within the Lumos family.If your data is shared in a country outside of the EEA, we will put in place contractual clauses approved by the EU Commission as providing an adequate level of protection.

8. Transferring your data outside the EEA

Some organisations who work on our behalf may operate and manage information in other countries outside of the EEA. In those circumstances, we will make sure they provide an adequate level of protection in accordance with data protection legislation.

9. How long we keep your information

We will hold your personal information on our systems for as long as is necessary for the relevant activity, for example we will keep a record of donations subject to gift aid for at least seven years to comply with HMRC rules.

If you request that we stop sending you marketing materials we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.

If you would like to know how long we will hold any specific information, then please contact us and we can provide further details.

10. The website and use of cookies

Our website uses cookies to help us understand our supporters better and to improve your experience on our website.

Cookies are small files saved to your computer’s hard drive that track, save and store information about your interactions and use of the website.

Please see our cookies policy for more detail on how to manage cookies.

11. Your rights and complaints

It is important that you understand your rights about your personal data and our use of it.You have a number of rights, including the rights to see, update, restrict, object to the use of or withdraw use of your data.

In particular, depending upon why we hold your data, you may have the following rights (which may not apply is some circumstances):

Right to be Informed about the data we are processing on you in this Privacy Policy and on our data collection forms.
Right of Access, also known as a Subject Access Request, to the personal data we hold about you, including how we first obtained your details, free of charge in most cases. Please note that we will require you to prove your identity before we disclose any information to you.
Right to Rectification of your personal data if it is incorrect, out of date or incomplete.
Right to Object to direct marketing (either through specific channels, or all channels) – you have the right to stop this type of processing at any time and will always be given the opportunity to object.
Right to be Forgotten which is a right to have your personal data deleted from our systems. You should be aware that there are some circumstances where we may need to keep your details, for example, if it is necessary to comply with a legal obligation on us, such as HMRC requiring us to retain certain data relating to donations for a certain period.
Rights related to Automated Decision Making so that we no longer process your data automatically to decide whether particular marketing activities are likely to be of interest or suggest an appropriate donation level based on your previous donation history. This is known as profiling and helps us to ensure that our marketing is relevant and appropriate.
Right to Restrict Processing of your personal data in certain circumstances for example if you contest the accuracy of the data we are processing, if our processing is unlawful, to pursue legal claims or where we are relying on legitimate interests to process data.
Right to Data Portability to have your data transferred to another organisation in certain circumstances.

You also have the right to withdraw your consent by contacting us at any time. Where we are relying on consent as our legal basis of processing, such as when you have given your permission for marketing by email, SMS text messaging or direct messages on social media or where you have provided us with your health information to participate in or attend an event.

Please contact us if you have any questions or concerns on how we collect and use your personal data, or on your rights, or if you wish to make a complaint:

Email: privacy@wearelumos.org

Telephone: +44 2072536464

Post: Global Data Protection Officer, Peninsular House, 30-36 Monument Street, London, EC3R 8NB

You also have the right to make a complaint direct to the UK’s data protection authority, the Information Commissioner’s Office (ICO). The ICO can be contacted at: https://ico.org.uk/global/contact-us/.

12. Changes to this privacy policy

We may update this policy to reflect changes in how we use your information and you will always be able to see when it was last updated. Please check this policy each time you are considering providing Lumos with your information.

This policy was last updated on 12 August 2019.

Updated: 12.08.2019