We understand that the privacy of all of our donors, funders, supporters, volunteers and beneficiaries is important to them and that they care about how their personal data is used. In this Privacy Notice, we refer to all of those individuals as “you” for convenience.
Werespect and value your privacy and will only collect, hold, use, or share your personal data in ways that are described here, and in a way that is consistent with our obligations and your legal rights.
The Corsi-Rosenthal Foundation is a registered charity no: 1206282 and is a charitable incorporated organisation with its principal office in England at 71-75 Shelton Street, London, WC2H 9JQand it is regulated by the Charity Commission
Data Protection Officer: John Muir.
Email address: [email protected].
Telephone number: 07796840742.
Postal address: The Corsi-Rosenthal Foundation UK, 71 - 75 Shelton Street, London. WC2H 9JQ.
This Privacy Notice explains the types of your personal data that we collect, how it is collected, how it is held, how we use it, and how it is processed. It also explains your rights under data protection legislation relating to your personal data. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
Personal data is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Personal data is, in simple terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. The personal data that we collect and use is set out in paragraph 6 below.
Special categories of personal data require higher levels of protection and we require further justification for collecting, storing and using this type of personal information. Sensitive personal data can include data relating to racial or ethnic origin, and data concerning health.
We will not process your special category personal data unless such processing is compliant with applicable data protection legislation.
Under the data protection legislation, you have the following rights, which we will always work to uphold. You have the right to:
Ask to how to contact us for more information about our use of your personal data or exercising your rights as outlined above, see paragraph 12 below.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as wehave that data.
If you wish to make a complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office but please contact us first (see paragraph 12 below) so that we might try to resolve your concerns ourselves.
We may collect and hold some or all of the personal data set out below, using the methods set out there. We do not collect any data relating to criminal convictions and/or offences.
Data collected | How we collect the data |
Identity Information including name, title, date of birth and gender. | Provided by you through direct interaction with you or via our website. |
Contact information including your address, e-mail address and phone number. | Provided by you through direct interaction with you or via our website. |
Financial information including payment details, bank details, whether you are a UK tax payer, your income or whether you receive or are eligible for any state benefits. | Provided by you through direct interaction with you or via our website. |
Data, including contact information and profile information from publicly available sources and from the following third parties: Marketing agencies, fundraisers or event organisers. | Received from publicly available sources or from 3rd parties such as marketing agencies, fundraisers of event organisers. |
Health data such as a Doctor’s letter confirming that you suffer from a health condition. | Provided by you through direct interaction with you. |
Under UK data protection legislation, we must always have a lawful basis for using personal data. The following table describes how we mayuse your personal data, and ourlawful bases for doing so:
What we do | What data we use | Our lawful basis |
Administering our charity. | Your contact information and your financial information. | Legitimate Interest. This is necessary to process donations from you and to inform you of how your donations are used. |
Managing our relationship with you, e.g. as a volunteer or employee. | Your contact information and your financial information. | Legitimate Interest and Contractual Necessity. This is necessary for us to communicate your role to you, to enter into an employment contract with you and to pay any salary or fees we may owe you for your work. |
Supplying our services to you. | Your contact information and your financial information including data related to your financial status such as income, eligibility to receive state benefits etc. | Legitimate Interest. This is necessary for us to assess your eligibility for assistance (see the last activity in this table) then to fulfil any assistance we agree to provide. |
Communicating with you, including where you enquire about us and our work, activities, volunteering or events. | Your e-mail address, your home address and your telephone number. | Legitimate Interest. This information is necessary to answer your enquiry and enter into a relationship with you where you request it. |
Supplying you with information about our work by e-mail or postwhere you have opted-in-to that. (You may opt-out at any time by unsubscribing from our e-mail marketing or contacting [email protected]) | Your e-mail address and your home address. | Consent. You have given us your permission to use your data for this purpose and Legitimate Interest. In order to attract new donors and supporters we must market our organisation to you. |
Receiving a donation from you and claiming Gift Aid on your donations. | Financial information such as your status as a UK tax payer and contact information. | Legitimate Interest. This is necessary for us to fulfil your donation and confirm this to you. |
Assess your eligibility for assistance. | Health data | Consent. You have given us your permission to use your data for this purpose and under schedule 1 part 1 of the Data Protection Act 2018 we may use Health data you provide to us to assess your eligibility for assistance. |
With your permission or where permitted by law, we may use your personal data for marketing purposes, which may include contacting you by e-mail, telephone, text messageor post with newsletters, fundraising appeals, campaigns, or other information or with information about ourproducts or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the UK data protection legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
Wewill always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes (and we will tell you who they are), and you will be able to opt-out at any time.
We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in paragraph 12 below.
If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.
In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the data protection legislation and your legal rights.
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
Type of data | How long we keep it |
Identity Information including e.g. name, title, date of birth, gender. | For no longer than reasonably required to perform the purpose it was collected for, subject to quarterly review. |
Contact information including e.g. address, email address, | For no longer than reasonably required to perform the purpose it was collected for, subject to quarterly review. |
Information including job title, | For no longer than reasonably required to perform the purpose it was collected for, subject to quarterly review. |
Financial transactions information including e.g. card details, bank account | For no longer than reasonably required to perform the purpose it was collected for, subject to quarterly review. |
We will store or transfer your personal data within the UK and European Economic Area (the “EEA”). This means that your personal data will be fully protected under the data protection legislation and/or to equivalent standards by law. With respect to transfers of your personal data outside the UK and EEA, we will take steps to ensure your personal data receives an adequate level of protection including by entering into international data transfer agreements (that incorporate standard contractual clauses approved by the European Commission and the UK’s Information Commissioner’s Office).
Please contact us using the details below in paragraph 12 below for further information about the particular data protection mechanisms used by us when transferring your personal data to a country outside the UK.
The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:
We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions.
If we merge any or all of our organisation or assets, your personal data may be transferred to another charity. Any such new owner of our charity may continue to use your personal data in the same way(s) that we have used it as specified in this Privacy Notice.
When assessing your eligibility for assistance, we take your health status into account. We may consult with medical experts who are external to the foundation and share your health data with them. Where we do this, your health data will be anonymised before it is shared so that you are not personally identifiable in it. External experts we consult are all Medical Professionals subject to confidentiality requirements enacted in law.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in paragraph 9.]
If you want to know what personal data we hold about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a subject access request (“SAR”).
All SARS should be made in writing and sent to the email or postal address shown in paragraph 12.
There is not normally any charge for a SAR. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your SAR within less than one month and, in any case, not more than one month of receiving it. Normally, weaim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
To contact us about anything to do with your personal data and data protection, including to make a SAR, please use the following details (for the attention of John Muir) (Data Protection Officer):
Email address: [email protected].
Telephone number: 07796840742.
Postal Address: The Corsi-Rosenthal Foundation, 71 - 75 Shelton Street, London WC2H 9JQ.
We may change this Privacy Notice from time to time. We will let you know of any changes by notifying you on our website.