Lumos Foundation works closely with its partner organisations, Lumos Foundation USA and Friends of Lumos USA Ltd. to deliver its mission across the world. In doing this all Lumos organisations work hard to protect the data which is entrusted to us and to process it in accordance with all relevant laws and regulations, including the General Data Protection Regulation 2018.
In this policy wherever you see the words ‘Lumos’, ‘we’, ‘us’ or ‘our’, we are referring to all three organisations. Further details about the relationship between these partner organisations can be found in section 9.
Lumos uses personal data to support the work that we do to achieve our mission, to ensure we effectively communicate our organisation's work, campaigns and achievements and to gain a better understanding of our current and potential supporters, donors, partners and friends. This Lumos family is important to us and we are committed to ensuring that your privacy is protected.
Lumos takes child protection very seriously. It is at the heart of everything we do, so we take particular care with storing and processing data about children.
We will only ever process your data within the limits of what is lawful and for reasons which are permissible under UK data protection laws and regulations.
Please read our policy carefully, along with our website's terms and conditions.
The policy will cover:
- How Lumos collects information
- What information we collect
- How we use the information we collect
- Accessing your information
- How we store your data and protect it
- Lumos on Social Media
- Data Protection Officer contact information
- Lumos Foundation, Lumos Foundation USA Inc. and Friends of Lumos USA Ltd
Lumos may collect information provided by you, for instance, through filling out a form on our website, donating to us, attending an event that requires personal registration details or emailing us.
We collect information about the services you use, this might be a visit to our website, watching a video on our YouTube or Vimeo channel or any other digital platform used by us.
We collect different information about people according to their relationship with Lumos. The information we collect may include personal details, such as:
- Your title, full name and date of birth, or age
- Your contact details (address, email, phone number)
- Your professional details and employment details
We may collect information from publicly available sources such as media outlets (such as newspapers, blogs and magazines), company websites (such as Companies House) or open postings on social media (such as LinkedIn, Twitter or Facebook).
Other details we may collect include:
- Gift aid status
- Records of donations
- The last four digits of your payment card number. The payment merchant that Lumos uses to process donations (IATS) collects card details and stores card details for recurring payments.
- Your contact preferences
- Your IP address, location or browser
We use tracking tools in our email campaigns to monitor when you open or forward an email, click on links within the email, and the time, date and frequency of activity. We store this information in our database and use it to refine future email campaigns and supply you with more relevant information.
If your contact details change, if you believe the information Lumos holds about you is incorrect or if you would like to be removed from our database entirely, please contact the Data Protection Officer at firstname.lastname@example.org for help with this or more information.
We use the data we collect to inform you about our work around the world, to invite you to take part in Lumos activities including events, to ask for donations to support our mission and to help us to understand you better.
We may collect information about you from public sources, as described in section 2 above. This information helps us to understand the background and interests of our supporters, donors, partners and friends and to tailor our engagement with you.
Lumos may contact you using some, but not necessarily all of the following methods of communications: post, email, telephone or text messaging.
If you have chosen to hear from us, you may receive the following communications:
- Campaign emails
- Surveys that will help us better understand our supporters
- Our e-newsletter
- Reports about our programmatic work that are delivered by email
- Invitations to events
We promise to only send emails which are relevant to the work that we do and our relationship with you.
You can opt out of hearing from us at any time. All email communications will include a link that gives you an option to unsubscribe or you can contact us at email@example.com to update your communication preferences.
If you have made a donation to Lumos, you will always receive confirmation of the amount you have donated. You will only receive further communications from Lumos if you have chosen to hear from us.
Lumos sends all emails through trusted third party platforms, where we have ensured that they maintain the appropriate standards around the security of your data.
In order to handle your information most effectively to support our work and relationship with you, we may transfer data to trusted partners and suppliers in other countries. We will take every care to ensure that your data is properly protected, in accordance with UK laws and regulations.
Everyone has the right to request a copy of the information we hold about you. Please email us at firstname.lastname@example.org or write to Data Protection Officer, Lumos Foundation, Peninsular House, 30-36 Monument Street, London EC3R 8NB, United Kingdom. We may ask for proof of identity.
Any individual who makes a written request is entitled to be:
- told whether any personal data is being processed
- given a description of the personal data
- given the reason the data is being processed
- told whether it is going to be given to any other organisations or people
- given a copy of the information comprising the data
- given the details of the source of the data (where this is available)
You have the right to ask us to stop processing your personal data. We will comply with any such request except in circumstances where we may have a legal obligation to retain it.
If there are any discrepancies in the information we provide, please let us know and we will correct them.
Further guidance on accessing your data can be found on the Information Commissioner's Office (ICO) website here.
We have appropriate controls in place to protect any personal information you may provide to us.
Lumos will not sell your data, and will only use trusted suppliers to support our work. We always put contracts in place to protect your information.
Our payment merchant (iATS) is PCI compliant, which means that it hosts and processes your data securely.
We sometimes use third party platforms and companies to collect and process personal data on our behalf (an example of this would be a third party fundraising platform). We always do comprehensive checks on the companies with whom we work, and put a contract in place that sets out our expectations and requirements as well as our responsibilities and theirs.
When we share data with suppliers that operate in other countries, we will make sure they provide an adequate level of protection in accordance with UK data protection laws and regulations.
We will hold your personal information on our systems for as long as is necessary for the relevant activity, for example we will keep a record of donations subject to gift aid for at least seven years to comply with HMRC rules.
If you request that we stop sending you marketing materials we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.
Cookies are small files saved to your computer’s hard drive that track, save and store information about your interactions and use of the website.
From time to time, we may also use the email address you have given us to reach you through your social media profiles on platforms such as Facebook and Google.
Lumos uses social sharing buttons to share web content directly from Lumos web pages to your social media profiles. Before using such social sharing buttons, you should be aware that you do so at your own discretion and that the social media platform may track and save your request.
Lumos uses social media to promote our mission around the world. We welcome your engagement through social media but note that your actions and ours on these social media platforms are governed by the terms and conditions and privacy policies of those platforms.
If you have any questions about this policy, please contact the Data Protection Officer at email@example.com or on +44 020 7253 6464.
For the purposes of this policy the Data Controller under the terms of UK data protection laws and regulations is Lumos Foundation, a company limited by guarantee registered in England and Wales No. 5611912 and Registered Charity No 1112575.
Lumos Foundation USA Inc. is recognised by the US Internal Revenue Service as a 501(c)(3) tax exempt organisation based in the USA and is a separate non-profit organisation set up to further the mission of Lumos Foundation internationally.
Friends of Lumos USA Ltd. is a dual qualified charity that permits individuals to give to Lumos in the United States and the United Kingdom.