In this policy wherever you see the words ‘we’, ‘us’ or ‘our’, we are referring to the organisations referenced below and detailed in section 11 of the policy.
- Lumos Foundation (Lumos) is a company limited by guarantee registered in England and Wales number: 5611912 | Registered charity number: 1112575
- Lumos Foundation USA Inc. (Lumos USA), a 501(c)(3) non-profit organization Registered Office: 557 Broadway, New York, 10012, USA EIN: 47-2301085
- Friends of Lumos USA Ltd, a charitable company limited by shares on 20 March 2015.
The policy will cover:
- 1. Where Lumos collects information
- 2. What information we collect
- 3. How we use the information we collect
- 4. Accessing your information
- 5. How we store your data and protect it
- 7. Lumos on Social Media
- 8. Children and young people’s data
- 9. Data Controller contact information
- 10. Preparing for the General Data Protection Regulation (GDPR) in May 2018
- 11. Lumos Foundation USA Inc. and Friends of Lumos Foundation USA Ltd.
Information provided by you
- Lumos may collect information provided by you, for instance, through filling out a form on our website, donating to us, attending an event that requires personal registration details or emailing us with a query.
- We collect information about the services you use, this might be a visit to our website, watching a video on our YouTube or Vimeo channel or any other digital platform owned by us.
Information obtained from third-parties
- Your title, full name and age
- Your contact details (address, email, phone number)
- Your professional details and employment details
- We may collect information from publicly available sources such as Companies House, media outlets (such as newspapers, blogs and magazines) or open postings on social media such as LinkedIn
- Gift aid status and records of donations
- The last four digits of your payment card number - The payment merchant that Lumos uses to process donations (IATS) collects card details and stores card details for recurring payments. Lumos only stores restricted details, such as the last 4 digits of your card
- Your contact preferences
- Your IP address, location or browser for tracking purposes
If you have opted-in to receive direct-marketing or signed-up to receive our newsletters, you may receive the following communication from us:
- Campaign emails
- Surveys that will help us better understand our supporters
- Our e-newsletter, ‘Stay Connected’, which provides information that we think might interest you. We promise to only send brief and relevant email communications
- Reports about our programmatic work that are delivered by email
- Invitations to events
You can opt-out of receiving any of the above direct-marketing emails at any time. All direct marketing will include a link that gives you an option to unsubscribe at the footer of the email.
If you have made a donation to Lumos, you will always receive:
- Confirmation of the amount you have donated to Lumos
You will only receive direct marketing from Lumos after you have made a donation if you have opted-in to receive communication from us.
Lumos sends all direct-marketing through our Salesforce Customer Relationship Management (CRM) databases and use iContact as our e-marketing platform for building direct-marketing templates.
More information on our Stay Connected newsletters:
Lumos operates an email newsletter program, it is used to inform subscribers about products and services supplied by Lumos, the service is described as ‘Stay Connected’. You can subscribe through an online automated process should you wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with you.
We use tracking facilities in our email campaigns to monitor when you open or forward the email, click on links within the email, and the time, date and frequency of activity. We store this information in our database (Salesforce) and use it to refine future email campaigns and supply you with more relevant information. This information is used to refine future email campaigns and supply you with more relevant content based on Lumos' activity.
We regularly review your contact information to make sure it’s up to date and always appreciate if you let us know when your contact details change.
All Lumos e-communications have an opt-out option. In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003, subscribers are given the opportunity to un-subscribe at any time through an automated system.
This process is detailed at the footer of each direct-marketing email we send. If an automated un-subscription system is unavailable, clear instructions on how to un-subscribe will be detailed. You can also contact the data controller on the details below if you would like to opt-out of any communication from Lumos (which includes direct marketing, email correspondence or any other form of contact).
If your contact details change, if you believe the information Lumos holds about you is incorrect or if you would like to be removed from our database entirely, please contact the data controller at email@example.com for help with this or more information.
Right to access your data:
Any individual who makes a written request is entitled to be:
- told whether any personal data is being stored
- given a description of the personal data, the reasons it is being stored, and whether it will be given to any other organisations or people
- given a copy of the data and the source of the data (where this is available)
You have the right to ask us to stop storing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. registering you for an event) we will do so. You also have a right to ask for a copy of the information we hold about you. If there are any discrepancies in the information we provide, please let us know and we will correct them.
If you would like to access your data, please send a description of the information you would like to see and scanned proof of identity to Lumos’ data protection lead at firstname.lastname@example.org.
Guidance on accessing your data can be found on the Information Commissioner's Office (ICO) website here.
We have appropriate controls in place to protect any personal information you may provide to us.
All personal details we receive are held securely and in accordance with the Data Protection Act 1998. Lumos will not sell your data, and will only use trusted suppliers to support our work. We always put contracts in place to protect your information.
Our payment merchant (iATS) is PCI compliant, which means that it hosts and processes your data securely.
Under the Data Protection Act 1998 you may request a copy of personal information held about you by Lumos’ chosen email newsletter program (iContact) or from the contact relationship management database, Salesforce. We will hold your personal information on our systems for as long as is necessary for the relevant activity.
We will sometimes use third-party platforms and companies to collect and process personal data on our behalf (an example of this would be a third-party Fundraising platform). We do comprehensive checks on companies before we work with them, and we always put a contract in place that sets out our expectations and requirements prior to any work taking place.
When we share data gathered within the European Economic Area (EEA) with suppliers that run their operations outside the EEA, we will make sure they provide an adequate level of protection in accordance with UK data protection regardless of whether they are subject to the same data protection laws as companies based in the UK. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
Lumos takes a proactive approach to your privacy and ensures your privacy is protected throughout your visiting experience. Our website complies to all UK national laws and requirements for user privacy.
Cookies are small files saved to the website user's computer’s hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server, to provide the user with a tailored experience.
If you would like any information on Cookies, how they are used and the data we collect, please see http://www.allaboutcookies.org/ for more details.
Communication, engagement and actions taken through Lumos social media platforms are custom to the terms and conditions as well as the privacy policies of each platform.
Lumos may use social sharing buttons which help to share web content directly from web pages to the social media platform identified. You are advised before using such social sharing buttons that you do so at your own discretion and note that he social media platform may track and save your request to share a web page through your social media platform account.
Lumos takes child protection very seriously- it is at the heart of everything we do. Where possible we will always seek consent from a parent or guardian before collecting information about children under the age of 18. Children’s details (including their name, type of fundraising they are doing and the letters they receive as thanks) are collected and stored when a child fundraises for Lumos or attends an event. Lumos will always anonymise the names of children we have interviewed for case studies or testimonies.
If you have any questions about this policy please contact the data protection lead on email@example.com.
The General Data Protection Regulation (GDPR) is a new EU law that will come into effect on 25 May 2018 to replace the current Data Protection Act.
It will introduce new requirements for how organisations process personal data. Lumos is currently updating internal procedures and data collection and processing methods to ensure we comply with the new regulation. If you would like more information on how the General Data Protection Regulation (GDPR) will affect you, please visit http://www.eugdpr.org/.
Your data may be accessed by Lumos Foundation USA Inc. and Friends of Lumos Foundation USA Ltd.
Lumos Foundation USA Inc. is recognised by the Internal Revenue Service as a 501(c)(3) tax exempt organisation based in the USA and is a separate non-profit organisation setup to further the mission of Lumos Foundation internationally.
Friends of Lumos Foundation USA Ltd. is a is a dual qualified charity that permits individuals to give to Lumos in the United States and the United Kingdom.
We have a contractual data sharing agreement, which agrees we may share information between Lumos Foundation, Lumos Foundation USA and Friends of Lumos Foundation USA Ltd. The agreement covers all of the data that is shared between the two organisations and provides EEA standard protection.
If you have any questions related to the data sharing agreement, please email the data controller in the USA on privacyUSA@wearelumos.org.