Privacy Policy

Children belong in families,
not orphanages

Lumos Privacy Policy

This Privacy Policy sets out how Lumos Foundation uses and protects the personal data you share with us. We want to make sure that we are clear about how we will use your data and assure you that we will take appropriate measures to protect the personal data that we collect.

Lumos Foundation works closely with its partner organisations, Lumos Foundation USA and Friends of Lumos USA Ltd. to deliver its mission across the world. In doing this all Lumos organisations work hard to protect the data which is entrusted to us and to process it in accordance with all relevant laws and regulations, including the General Data Protection Regulation 2018.

In this policy wherever you see the words ‘Lumos’, ‘we’, ‘us’ or ‘our’, we are referring to all three organisations. Further details about the relationship between these partner organisations can be found in section 9.

Lumos uses personal data to support the work that we do to achieve our mission, to ensure we effectively communicate our organisation's work, campaigns and achievements and to gain a better understanding of our current and potential supporters, donors, partners and friends. This Lumos family is important to us and we are committed to ensuring that your privacy is protected.

Lumos takes child protection very seriously. It is at the heart of everything we do, so we take particular care with storing and processing data about children.

All the information we hold and manage about you will be stored in accordance with this Privacy Policy. In this policy we will outline the types of data we might use to achieve this; for example, we might use information available to improve our donor experience, so you have a more fulfilling journey with Lumos as we work towards our vision and receive the types of communications which interest you most.

We will only ever process your data within the limits of what is lawful and for reasons which are permissible under UK data protection laws and regulations.

Please read our policy carefully, along with our website's terms and conditions.

The policy will cover:

How Lumos collects information
What information we collect
How we use the information we collect
Accessing your information
How we store your data and protect it
The website and use of cookies
Lumos on Social Media
Data Protection Officer contact information
Lumos Foundation, Lumos Foundation USA Inc. and Friends of Lumos USA Ltd

1. Where Lumos collects information

Lumos may collect information provided by you, for instance, through filling out a form on our website, donating to us, attending an event that requires personal registration details or emailing us.

We collect information about the services you use, this might be a visit to our website, watching a video on our YouTube or Vimeo channel or any other digital platform used by us.

We collect information about you from independent third party platforms, such as fundraising platforms like CrowdRise, Virgin Money Giving and Just Giving. Please check the privacy policy of any other platform if you are concerned about how they process and store your data.

2. What information we collect

We collect different information about people according to their relationship with Lumos. The information we collect may include personal details, such as:

Your title, full name and date of birth, or age
Your contact details (address, email, phone number)
Your professional details and employment details

We may collect information from publicly available sources such as media outlets (such as newspapers, blogs and magazines), company websites (such as Companies House) or open postings on social media (such as LinkedIn, Twitter or Facebook).

Other details we may collect include:

Gift aid status
Records of donations
The last four digits of your payment card number. The payment merchant that Lumos uses to process donations (IATS) collects card details and stores card details for recurring payments.
Your contact preferences
Your IP address, location or browser

We use tracking tools in our email campaigns to monitor when you open or forward an email, click on links within the email, and the time, date and frequency of activity. We store this information in our database and use it to refine future email campaigns and supply you with more relevant information.

If your contact details change, if you believe the information Lumos holds about you is incorrect or if you would like to be removed from our database entirely, please contact the Data Protection Officer at privacy@wearelumos.org for help with this or more information.

3. How we use the information we collect

We use the data we collect to inform you about our work around the world, to invite you to take part in Lumos activities including events, to ask for donations to support our mission and to help us to understand you better.

We may collect information about you from public sources, as described in section 2 above. This information helps us to understand the background and interests of our supporters, donors, partners and friends and to tailor our engagement with you.

Lumos may contact you using some, but not necessarily all of the following methods of communications: post, email, telephone or text messaging.

If you have chosen to hear from us, you may receive the following communications:

Campaign emails
Surveys that will help us better understand our supporters
Our e-newsletter
Reports about our programmatic work that are delivered by email
Invitations to events

We promise to only send emails which are relevant to the work that we do and our relationship with you.

You can opt out of hearing from us at any time. All email communications will include a link that gives you an option to unsubscribe or you can contact us at privacy@wearelumos.org to update your communication preferences.

If you have made a donation to Lumos, you will always receive confirmation of the amount you have donated. You will only receive further communications from Lumos if you have chosen to hear from us.

Lumos sends all emails through trusted third party platforms, where we have ensured that they maintain the appropriate standards around the security of your data.

In order to handle your information most effectively to support our work and relationship with you, we may transfer data to trusted partners and suppliers in other countries. We will take every care to ensure that your data is properly protected, in accordance with UK laws and regulations.

4. Accessing your information

Everyone has the right to request a copy of the information we hold about you. Please email us at privacy@wearelumos.org or write to Data Protection Officer, Lumos Foundation, Peninsular House, 30-36 Monument Street, London EC3R 8NB, United Kingdom. We may ask for proof of identity.

Any individual who makes a written request is entitled to be:

told whether any personal data is being processed
given a description of the personal data
given the reason the data is being processed
told whether it is going to be given to any other organisations or people
given a copy of the information comprising the data
given the details of the source of the data (where this is available)

You have the right to ask us to stop processing your personal data. We will comply with any such request except in circumstances where we may have a legal obligation to retain it.

If there are any discrepancies in the information we provide, please let us know and we will correct them.

Further guidance on accessing your data can be found on the Information Commissioner's Office (ICO) website here.

5. How we store your data and protect it

We have appropriate controls in place to protect any personal information you may provide to us.

Lumos will not sell your data, and will only use trusted suppliers to support our work. We always put contracts in place to protect your information.

Our payment merchant (iATS) is PCI compliant, which means that it hosts and processes your data securely.

We sometimes use third party platforms and companies to collect and process personal data on our behalf (an example of this would be a third party fundraising platform). We always do comprehensive checks on the companies with whom we work, and put a contract in place that sets out our expectations and requirements as well as our responsibilities and theirs.

When we share data with suppliers that operate in other countries, we will make sure they provide an adequate level of protection in accordance with UK data protection laws and regulations.

We will hold your personal information on our systems for as long as is necessary for the relevant activity, for example we will keep a record of donations subject to gift aid for at least seven years to comply with HMRC rules.

If you request that we stop sending you marketing materials we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.

6. The website and use of cookies

Our website uses cookies to help us understand our supporters better and to improve your experience on our website.

Cookies are small files saved to your computer’s hard drive that track, save and store information about your interactions and use of the website.

Lumos also uses tracking software, such as Google Analytics, on our website. These software use cookies to track your website journey.

We may use cookies to reach you with messages about Lumos when visiting third party websites.

From time to time, we may also use the email address you have given us to reach you through your social media profiles on platforms such as Facebook and Google.

7. Lumos on Social Media

Lumos uses social sharing buttons to share web content directly from Lumos web pages to your social media profiles. Before using such social sharing buttons, you should be aware that you do so at your own discretion and that the social media platform may track and save your request.

Lumos uses social media to promote our mission around the world. We welcome your engagement through social media but note that your actions and ours on these social media platforms are governed by the terms and conditions and privacy policies of those platforms.

8. Data Protection Officer contact information

If you have any questions about this policy, please contact the Data Protection Officer at privacy@wearelumos.org or on +44 020 7253 6464.

9. Lumos Foundation USA Inc. and Friends of Lumos Foundation USA Ltd.

For the purposes of this policy the Data Controller under the terms of UK data protection laws and regulations is Lumos Foundation, a company limited by guarantee registered in England and Wales No. 5611912 and Registered Charity No 1112575.

Lumos Foundation USA Inc. is recognised by the US Internal Revenue Service as a 501(c)(3) tax exempt organisation based in the USA and is a separate non-profit organisation set up to further the mission of Lumos Foundation internationally.

Friends of Lumos USA Ltd. is a dual qualified charity that permits individuals to give to Lumos in the United States and the United Kingdom.

Lumos Foundation USA Inc. and Friends of Lumos USA Ltd. may be processors of data covered by this privacy policy. Lumos Foundation as data controller is responsible for the safety, protection and management of your information, and so is responsible for the processes and agreements with Lumos Foundation USA Inc. and Friends of Lumos USA Ltd. to ensure your data is properly protected.

Updated: 24.05.2018