Lumos Privacy Policy

Lumos exists to light a path to a brighter future for children.

Founded by author J.K. Rowling, we fight to tackle the causes of family separation and transform systems of care that take children away from their families and communities. We’re committed to ending the institutionalisation of children, so that every child can grow up in a safe and loving family, where they can thrive.

• Lumos Foundation (UK) is a registered charity in England and Wales (1112575) and a registered company in England and Wales (5611912). Lumos Foundation Operations Limited is a subsidiary of Lumos Foundation and is a registered company in England and Wales (12369753).
• Lumos Foundation USA Inc. is recognised by the US Internal Revenue Service as a 501(c)(3) tax exempt organisation based in the USA and is a separate non-profit organisation.
• Friends of Lumos USA Ltd. is a subsidiary of Lumos Foundation USA Inc. and a registered charity in England and Wales (1170023) and a registered company in England and Wales (9502092).

Contact Information

If you have any questions about this Privacy Policy and how we use your information, wish to exercise any rights under this Privacy Policy, and/or make a request regarding this Privacy Policy please contact Lumos’ Global Data Protection Officer at:

• Email: [email protected]
• Telephone: UK: +44 20 7253 6464; USA: 1-646-867-0994
• UK Post: Global Data Protection Officer, Lumos Foundation, 3-7 Temple Avenue, London, EC4Y 0DA
• USA Post: 1350 Avenue of the Americas, Floor 2, Suite 266, New York, NY 10019

There are a number of ways Lumos collects information about you:

• We may collect information provided by you directly, for instance, through filling out a form on our website, donating to us, signing up to or attending an event or training that requires personal registration details, speaking to us at events, meetings or conferences or emailing us.
• We may collect information about your interactions with us, this might be a visit to our website, watching a video on our YouTube or Vimeo channel, interacting on social media, such as: Facebook, X, Instagram and LinkedIn, or any other digital platform used by us.
• We may collect information provided indirectly about you from independent third-party platforms, such as fundraising platforms like Go Fund Me, Prizeo, Virgin Money Giving and JustGiving. These independent third parties will pass your data to Lumos where you have indicated that you wish to support us and have given your consent or it is a necessary part of completing a contract with you. Please check the privacy policy of any other platform if you are concerned about how they process and store your personal information.
• We may collect information about you through personal introductions, or through information, which is publicly available, for example for major donors where we seek to find out more about you, your interests, motivations for giving and capacity to give greater support as well as to assess and manage potential risks.
• Publicly available information may include information from newspapers, or other reputable media sources, open posting on social media sites or information that individuals put in the public domain on company websites, or professional networking sites and information from official sources such as Companies House, Charity Commission and other UK registers, the Electoral Roll, Who’s Who, and Debrett’s guides. We will notify individuals about this processing at the earliest practical opportunity. Where we decide not to make contact, we will delete all personal information obtained, other than basic contact details, to which we will apply a suppression flag to ensure we do not make contact in the future.
• We may gather personal information if your activities relate to our work – for instance, if you are a public figure or you represent an organisation which we work with, or which is related to one of our advocacy campaigns we may gather information about you in order to inform our advocacy campaigning and make decisions (such as whether to engage with you to seek your support for our work).

We collect different information about you according to the relationship you have with us. Whatever your relationship with us, this information will be minimal and linked to the purpose for which we need it.

The information we collect may include personal details, such as:

• Your title, full name.
• Your date of birth, age or confirmation that you are over 18.
• Your contact details which could include your postal address and/or email and/or phone number.
• Details of any correspondence we have had with you relating to your support of us.
• Your contact preferences.
• Records of your donations.
• Whether you have signed up to the Gift Aid scheme (where applicable).
• Any fundraising appeals, campaigns or other promotions that you may have responded to.
• Events or training courses that you have attended or enquired about.
• Your health information that you gave us if you are participating in an event or taking part in any training, to help us ensure your safety.
• Your photograph or video footage of you if you have attended or taken part in an event, with your permission.
• Your photos, stories, interviews or videos provided to us with your consent in connection with our research, advocacy and participation work.
• [Bank account details to process donations or purchase items.
• The last four digits of your payment card number. The payment merchant that Lumos uses to process donations collects card details and stores card details for recurring payments.]
• Your IP address, location or browser.
• We use tracking tools in our email campaigns to monitor when you open or forward an email, click on links within the email, and the time, date and frequency of activity. We store this information in our database and use it to refine future email campaigns and supply you with more relevant information.
• Your background details including professional details and the field in which you work, if you are a potential advocacy campaigner or work with our advocacy team.
• Information about you which appears on publicly available sources such as media outlets (such as newspapers, blogs and magazines), company websites or open postings on social media (such as LinkedIn) including views and positions you have expressed, and details regarding your circumstances – for instance which political roles you hold or what your background is. This information supports our work with high net worth individuals, to understand their philanthropic interests and complete any necessary due diligence.

Sensitive personal information

We only collect this information if there is a clear and specific reason for doing so and will usually ask for your consent. For example, we will collect information about your dietary needs if you are attending an event at which food will be served, so we can provide the appropriate refreshments, or we will collect information about any disability or health condition that you have told us about to provide appropriate facilities and support at an event.

We would not ask for consent if it is information that you have clearly made public, for example, the political views of a political figure, or your religion if you are working with us because you represent a faith-based organisation.

Under 18s

As a charity working with children, Lumos embraces the fact that our supporters are of all ages. We are committed to safeguarding the welfare of all children and young people involved in our work.

If you are under 18, we will always ask for consent from a parent or guardian to collect information about you and to contact you in connection with our fundraising, communications and advocacy work. We may also collect the name and contact details of your parent or guardian, where appropriate.

We will only use your information where we have a legal basis to do so and will always respect your rights.

We use your information to support the work that we do to achieve our mission, to ensure we effectively communicate our work, campaigns and achievements and to maximise our fundraising activities. Your rights are important to us and we are committed to ensuring that your privacy is protected.

We may collect, use, share, and otherwise process your personal information for the following purposes on the following legal bases:

You can withdraw your consent at any time, or object to us processing your data on the grounds of our legitimate interests, by contacting the Global Data Protection Officer.

As an international organisation, Lumos operates globally across the Lumos family of legal entities described above, and therefore may share your data within the Lumos family. For example, if, as a result of a Lumos campaign Lumos Foundation (UK) obtains contact details of supporters who are resident in the USA, Lumos Foundation (UK) may provide that supporter information to Lumos Foundation USA, Inc. so that we can better connect and tailor our communications to you. If your data is shared with a country outside of the UK and the European Economic Area, we will put legal arrangements in place to ensure an adequate level of protection.

We will never share your information with third parties for their own purposes, unless:

• this is explained to you at the time we collect your information – for example passing your details to event organisers to secure your place or gain access to an event venue;
• you give us your permission to, or
• we are legally required to do so – for example, we are legally required to provide your data to the HMRC if you have agreed to us claiming UK Gift Aid on your behalf.

We sometimes use third party platforms and companies or suppliers to collect and process personal information on our behalf (an example of this would be a third party fundraising platform). [Lumos will not sell your personal data to third-parties.]

To enrich our content, we sometimes embed photos and video content from websites such as YouTube and X. As a result, when you visit a page with content embedded from, for example, YouTube or X, these sites may set a cookie.

The Lumos website also carries embedded ‘share’ buttons to enable users of the site to easily share articles with their own friends and family through a number of popular social networks, for example, Facebook and X. These sites may set a cookie when you are also logged in to their service.

Lumos does not control the dissemination of these cookies and you should check the relevant third party website for more information about these.

Facebook

Lumos may engage in the following activities with Facebook:

• Remarketing (or retargeting): Facebook have tags on some pages of our website which allows them to collect information about pages you’ve visited on our website, they will then serve you advertising on Facebook based on this information.
• Lookalikes: we sometimes share with Facebook the email addresses of people who have registered to take part in one of our events or who have made a donation. The emails are used by Facebook to define a type of audience with similar characteristics, and then Facebook will serve adverts to people that match that type of audience – but not (necessarily) the people in the original email file. We do this to increase our profile and to raise more funds.
• Custom Audiences: we may use Facebook Custom Audiences to share Lumos content with you while using Facebook services. For example, if you register to take part in a fundraising event, we may send your email address to Facebook who will serve you content relevant to that event and tips on how to raise more money. Custom Audiences works by using your email address and/or phone number to match to your account on Facebook. We will only do this where you have opted in to our marketing emails or phone calls, and your personal information is kept secure at all times.
• Saved Audiences: we use Facebook Saved Audiences to remember which supporters on Facebook are most likely to respond to our fundraising, campaigning and marketing requests.

Note: updating your preferences with Lumos will not guarantee that you never see Lumos content on social media, since the social media site may select you based on other criteria and without your data having been provided by Lumos.

We have appropriate organisational and technical controls in place to protect your personal information including the use of secure servers, firewalls, virus and malware protection and encryption and our systems are regularly independently tested and reviewed.

We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to or use or disclosure of your personal information.

Electronic data is stored on secure computer systems and we control who has access to information (using both physical and electronic means).

Lumos holds a Cyber Essentials certification.

While we take all of the measures that we’ve outlined above, unfortunately, the transmission of information using the internet is not completely secure. Although we will do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.

We will keep your personal information for as long as necessary to fulfil the purposes for which it was collected, including to meet any legal, accounting, or regulatory obligations. For example, we will retain records of donations and financial transactions for up to seven years to comply with applicable tax laws and regulations (including Gift Aid requirements in the UK).

If you request that we stop sending you marketing materials we will retain a minimal record of your contact details and your marketing preferences to ensure that we can honour your request not to be contacted by us.

Where we do not need to retain your personal information for legal or regulatory reasons, we will delete or securely anonymise it when it is no longer required.

If you would like to know how long we will hold any specific information, then please contact the Global Data Protection Officer and we can provide further details.

Our website uses cookies to help us understand our supporters better, and to improve your experience on our website. Cookies are small files saved to your computer’s hard drive that track, save and store information about your interactions and use of the website. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our website. For information on the types of cookies we use, how we use them and how you can control your cookie preferences, please click here to see our cookies policy

When you visit our website, we will collect data from your computer or other device such as a smart phone or tablet through the use of “cookies”. Cookies are created by your web browser when you visit our website. Every time you go back to our website, your browser will send the cookie file back to the website’s server.

They improve your experience of using our website, for example, by remembering your preference settings so that you are presented with information likely to be most relevant to you, and by measuring your use of the website to enable us to continuously improve our website to ensure that it meets your needs. Cookies can also be used to show you relevant Lumos content on social media services such as Facebook – these are known as “retargeting'” or “advertising” cookies.

We may update this policy to reflect changes in how we use your information and you will always be able to see when it was last updated. All updates to the Privacy Policy will be posted on the website and effective upon posting. Please check this policy each time you are considering providing Lumos with your information.