We understand that the privacy of all of our donors, funders, supporters, volunteers and beneficiaries is important to them and that they care about how their personal data is used. In this Privacy Notice, we refer to all of those individuals as “you” for convenience.

Werespect and value your privacy and will only collect, hold, use, or share your personal data in ways that are described here, and in a way that is consistent with our obligations and your legal rights.

1. Information about us

The Corsi-Rosenthal Foundation is a registered charity no: 1206282 and is a charitable incorporated organisation with its principal office in England at 71-75 Shelton Street, London, WC2H 9JQand it is regulated by the Charity Commission

Data Protection Officer: John Muir.

Email address: [email protected].

Telephone number: 07796840742.

Postal address: The Corsi-Rosenthal Foundation UK, 71 - 75 Shelton Street, London. WC2H 9JQ.

2. What does this Notice cover?

This Privacy Notice explains the types of your personal data that we collect, how it is collected, how it is held, how we use it, and how it is processed. It also explains your rights under data protection legislation relating to your personal data. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

3. What is “personal data”?

Personal data is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Personal data is, in simple terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. The personal data that we collect and use is set out in paragraph 6 below.

4. What is “special category data” and how is it used?

Special categories of personal data require higher levels of protection and we require further justification for collecting, storing and using this type of personal information. Sensitive personal data can include data relating to racial or ethnic origin, and data concerning health. 

We will not process your special category personal data unless such processing is compliant with applicable data protection legislation. 

5. What are my rights?

Under the data protection legislation, you have the following rights, which we will always work to uphold. You have the right to:

  1. be informed about how we process your personal data;
  2. access and be given a copy of the personal data we hold about you. (See paragraph 11 below about this);
  3. require us to correct any personal data that we hold about you if any of it is inaccurate or incomplete;
  4. be forgotten: in certain circumstances you have a right to have your personal data erased from our records;
  5. restrict (i.e. prevent) the processing of your personal data;
  6. object to the way we process your personal data (e.g. for direct marketing); 
  7. withdraw consent: if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time; 
  8. data portability: the right in certain circumstances to have us transfer your personal data to another organisation; and 
  9. not be subject to a decision based solely on automated processing (including profiling) which produces legal effects on you. We do not use your personal data in this way.

Ask to how to contact us for more information about our use of your personal data or exercising your rights as outlined above, see paragraph 12 below.

It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as wehave that data.

If you wish to make a complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office but please contact us first (see paragraph 12 below) so that we might try to resolve your concerns ourselves. 

6. What personal data do you collect and how?

    We may collect and hold some or all of the personal data set out below, using the methods set out there. We do not collect any data relating to criminal convictions and/or offences. 

    Data collectedHow we collect the data
    Identity Information including name, title, date of birth and gender.Provided by you through direct interaction with you or via our website.
    Contact information including your address, e-mail address and phone number.Provided by you through direct interaction with you or via our website.
    Financial information including payment details, bank details, whether you are a UK tax payer, your income or whether you receive or are eligible for any state benefits.Provided by you through direct interaction with you or via our website.
    Data, including contact information and profile information from publicly available sources and from the following third parties: Marketing agencies, fundraisers or event organisers.Received from publicly available sources or from 3rd parties such as marketing agencies, fundraisers of event organisers.
    Health data such as a Doctor’s letter confirming that you suffer from a health condition.Provided by you through direct interaction with you.

    7. How do you use my personal data?

    Under UK data protection legislation, we must always have a lawful basis for using personal data. The following table describes how we mayuse your personal data, and ourlawful bases for doing so:

    What we doWhat data we useOur lawful basis
    Administering our charity.Your contact information and  your financial information.Legitimate Interest. This is necessary to process donations from you and to inform you of how your donations are used.
    Managing our relationship with you, e.g. as a volunteer or employee.Your contact information and  your financial information.Legitimate Interest and Contractual Necessity. This is necessary for us to communicate your role to you, to enter into an employment contract with you and to pay any salary or fees we may owe you for your work.
    Supplying our services to you.Your contact information and your financial information including data related to your financial status such as income, eligibility to receive state benefits etc.Legitimate Interest. This is necessary for us to assess your eligibility for assistance (see the last activity in this table) then to fulfil any assistance we agree to provide.
    Communicating with you, including where you enquire about us and our work, activities, volunteering or events.Your e-mail address, your home address and your telephone number.Legitimate Interest. This information is necessary to answer your enquiry and enter into a relationship with you where you request it.
    Supplying you with information about our work by e-mail or postwhere you have opted-in-to that. (You may opt-out at any time by unsubscribing from our e-mail marketing or contacting [email protected])Your e-mail address and your home address.Consent. You have given us your permission to use your data for this purpose and Legitimate Interest. In order to attract new donors and supporters we must market our organisation to you.
    Receiving a donation from you and claiming Gift Aid on your donations.Financial information such as your status as a UK tax payer and contact information.Legitimate Interest. This is necessary for us to fulfil your donation and confirm this to you.
    Assess your eligibility for assistance.Health data Consent. You have given us your permission to use your data for this purpose and under schedule 1 part 1 of the Data Protection Act 2018 we may use Health data you provide to us to assess your eligibility for assistance.

    With your permission or where permitted by law, we may use your personal data for marketing purposes, which may include contacting you by e-mail, telephone, text messageor post with newsletters, fundraising appeals, campaigns, or other information or with information about ourproducts or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the UK data protection legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.

    Wewill always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes (and we will tell you who they are), and you will be able to opt-out at any time.

    We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in paragraph 12 below.

    If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.

    In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the data protection legislation and your legal rights.

    8. How long will you keep my personal data?

    We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):

    Type of dataHow long we keep it
    Identity Information including e.g. name, title, date of birth, gender.For no longer than reasonably required to perform  the purpose it was collected for, subject to quarterly review.
    Contact information including e.g. address, email address, For no longer than reasonably required to perform the purpose it was collected for, subject to quarterly review.
    Information including job title, For no longer than reasonably required to perform the purpose it was collected for, subject to quarterly review.
    Financial transactions  information including e.g. card details, bank account For no longer than reasonably required to perform the purpose it was collected for, subject to quarterly review.

    9. How and where do you store or transfer my personal data?

    We will store or transfer your personal data within the UK and European Economic Area (the “EEA”). This means that your personal data will be fully protected under the data protection legislation and/or to equivalent standards by law. With respect to transfers of your personal data outside the UK and EEA, we will take steps to ensure your personal data receives an adequate level of protection including by entering into international data transfer agreements (that incorporate standard contractual clauses approved by the European Commission and the UK’s Information Commissioner’s Office). 

    Please contact us using the details below in paragraph 12 below for further information about the particular data protection mechanisms used by us when transferring your personal data to a country outside the UK.

    The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:

    • limiting access to your personal data to those employees, volunteers, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
    • procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so;
    • Anonymising data you have supplied to us for the purpose of proving your eligibility for assistance, particularly any health data you have supplied to us.

    10. Do you share my personal data?

    We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions.

    If we merge any or all of our organisation or assets, your personal data may be transferred to another charity. Any such new owner of our charity may continue to use your personal data in the same way(s) that we have used it as specified in this Privacy Notice.

    When assessing your eligibility for assistance, we take your health status into account. We may consult with medical experts who are external to the foundation and share your health data with them. Where we do this, your health data will be anonymised before it is shared so that you are not personally identifiable in it. External experts we consult are all Medical Professionals subject to confidentiality requirements enacted in law.

    In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

    If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in paragraph 9.]

    11. How can I access my personal data?

    If you want to know what personal data we hold about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a subject access request (“SAR”).

    All SARS should be made in writing and sent to the email or postal address shown in paragraph 12. 

    There is not normally any charge for a SAR. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

    We will respond to your SAR within less than one month and, in any case, not more than one month of receiving it. Normally, weaim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

    12. How do I contact you?

    To contact us about anything to do with your personal data and data protection, including to make a SAR, please use the following details (for the attention of John Muir) (Data Protection Officer):

    Email address: [email protected].

    Telephone number: 07796840742.

    Postal Address: The Corsi-Rosenthal Foundation, 71 - 75 Shelton Street, London WC2H 9JQ.

    13. Changes to this Privacy Notice

    We may change this Privacy Notice from time to time. We will let you know of any changes by notifying you on our website. 

    Copyright © 2023 Corsi-Rosenthal Foundation