The Lyla Nsouli Foundation logo

Privacy Policy

1. Introduction

The Lyla Nsouli Foundation for Children’s Brain Cancer Research is a registered charity in England and Wales (1145172). Registered as a company limited by guarantee in England and Wales (7801855). Registered address: Sixth Floor, 3 Burlington Gardens, Mayfair, LONDON W1S 3EP.

The Lyla Nsouli Foundation takes data protection and our responsibilities to correctly and lawfully treat personal data as a data controller seriously. We are committed to complying with legal obligations and practicing industry standards when collecting, processing and storing personal data.

This privacy notice provides detailed information about how we treat information that you provide to us. Our Data Protection Officer can be contacted by email on if you have any queries regarding your personal data.

2. Types of personal data we process

We process personal data about people interested in finding out more about our foundation, contributing and registering for fundraising events. We process personal data about employees and prospective employees of our organisation.

The personal data we collect, process and store will be personally identifiable information related to people making donations, employees, friends and supporters. The personal data processed includes recorded information that is true and correct about an individual. Information such as:

  • Names, addresses, telephone numbers, e-mail addresses and other contact details.
  • Family details.
  • Images.
  • CCTV video footage.
  • Bank account information (employees).

Other types of data we may collect, process and store is sensitive information related to an individual. Information such as:

  • Information about health status or provision of health care linked to a specific individual.
  • Information about criminal records linked to a specific individual.
  • Biometric information.
  • Race and/or ethnicity.
  • Religion.

3. How we collect and process personal data

The Lyla Nsouli Foundation collects information in several ways, including:

  • In person and over the phone: from people making donations, attendees of fundraising events, staff, volunteers, visitors, job applicants and others.
  • From electronic and paper documentation: including job applications, emails, invoices, registration forms, letters to our foundation, consent forms, our foundation’s website or social media.
  • Through online tools: such as apps and other software used by our foundation.
  • Through any CCTV cameras located at our offices.
  • Through any photographic material taken at fundraising events.
  • Through third parties, such as referees, previous schools, professionals or authorities working with the individual.
  • Through publicly available resources.

As an organisation, we may be lawfully required to share personal information with relevant authorities: government services such as Visa and Immigration, Revenue and Customs. Our members of staff collect, process and store personal information only for the purpose for which it is intended.

All personal data resides within the European Economic Area on systems that are provided by the third parties and/or cloud storage providers. These systems include human resources information systems, payroll systems, web servers and email systems. We do not transfer personal data outside of the European Economic Area unless we are satisfied that the personal data will be afforded an equivalent level of protection.

Our foundation has a Data Protection Standard in place to oversee the effective and secure processing of your personal data. We have policies around the use of technology, electronic devices and access to our systems. We try to ensure that all personal data held in relation to an individual is as up to date and accurate as possible.

4. Purposes for which we process personal data

The Lyla Nsouli Foundation processes personal data to lawfully and legitimately support the foundation’s operation as a charitable organisation. Our foundation collects information about fundraisers, contributors and staff when necessary to:

  • Organise fundraising events.
  • Inform those donating about our foundation and future fundraising events.
  • Administer staff information.
  • Support operational management of the foundation including administration of contributor records and subscribers; the administration of invoices, fees and accounts; the management of security and safety arrangements (including the use of CCTV in accordance with our CCTV Policies and monitoring IT and communications systems in accordance with our Acceptable Use Policy); management planning and forecasting; research and statistical analysis; the administration and implementation of the foundation’s policies; the maintenance of historic archives and other operational purposes.
  • Fulfil legal requirements.
  • Take reasonable steps to reduce the risk of reasonably foreseeable harm to staff and visitors (duty of care).
  • Make reasonable adjustments and support for staff with special needs.
  • Provide a safe and secure working environment.
  • Communicate with our subscribers about our foundation.
  • Maintain the good order and management of our foundation.
  • Promote the foundation on our website or through social media, newsletters and other publications and communications conducted by the foundation.

Our foundation collects information about staff, prospective staff and contractors when necessary for:

  • The administration of staff records.
  • The recruitment of staff.
  • The engagement of contractors.
  • Administration of payroll, pensions and sick leave.
  • Staff appraisal.
  • Disciplinary procedures.
  • Administration of human resources records.
  • Providing references.

5. How long do we keep personal data

We retain personal data only for a legitimate and lawful reason and only for so long as necessary or required by law. Our Data Protection Officer can be contacted by email on if you have any queries regarding the retention of your personal data.

6. Your rights

Under Data Protection Law you have rights regarding the collection, processing and storage of your personal data. These rights are, however, subject to certain exemptions and limitations.

You have the right to:

  • Access and understand the personal data we hold about you.
  • Ask for the personal data we hold about you to be erased (this is with limitations and exceptions as we may have lawful reason to hold such data).
  • Ask for the personal data we hold about you to be amended.
  • Ask us to stop processing such data (this is with limitations and exceptions as we may have lawful reason to process such data).
  • Withdraw consent to process your personal data (this is with limitations and exceptions as we may have lawful reason to process such data regardless of consent).

Our Data Protection Officer can be contacted by email on if you have any queries regarding your rights. Any request for data we store and process about you must be completed in writing.

7. Subject Access Requests

Under Data Protection Law you have the right to request information or request to delete information we store about you without incurring costs. We are only obligated to provide information that is related to you. You can submit a Subject Access Request form to obtain information on the data we hold about you. Any data access request is, however, subject to certain exemptions, limitations or contractual obligations. Data belonging to or identifying other individuals is exempt from right of access and will be subject to legal privilege. We cannot disclose confidential information on any of our staff.

Any request for data we store and process about you must be completed in writing. The Subject Access Request form can be obtained from our Data Protection Officer by email on Data Protection Law allows us to respond to any such written requests within one calendar month. Excessive requests or simultaneous requests for the same information may incur an administration fee or be refused where Data Protection Law allows us to do so.

8. Consent

Under Data Protection Law we are required to obtain consent to process an individual’s personal data. This is with limitations and exceptions as we may have lawful and legitimate reasons to process such data to support the foundation’s operation or to fulfil contractual or legal obligations, regardless of consent. When our foundation collects information about you, our foundation takes reasonable steps to advise you of certain matters. This includes the purpose of the collection, and how to access, update and correct information held about you. In some cases, we may send out separate consent requests using:

  • Paper based consent forms.
  • Electronic consent forms.
  • Digital applications to obtain consent.

9. Cookies Policy

The Lyla Nsouli Foundation use cookies on our websites to provide enhanced functionality and improve the user experience. Cookies are small data files that are sent from our website to your computer or mobile phone. They are stored on the hard drive of your device. Some are stored just for the duration of your visit to the website, others are stored for much longer periods. If you'd like to learn more about cookies in general, we recommend the About Cookies website

The Lyla Nsouli Foundation website does not uses cookies that give us access to any personal information about you. Third-party cookies are ones that are not set directly by The Lyla Nsouli Foundation, but they may be dropped onto your computer by a third party when you use one of our websites, or do certain things on one of our websites.

As third party cookies aren't set by us, we can't control how they work - but we can control which websites we choose to work with. We take your privacy seriously and we would never work with a website we don't trust. We may use Google Analytics to help us improve our website. This analytic tool uses cookies that are not controlled by The Lyla Nsouli Foundation, but which are active when you use our website. Analytics tools help us collect information about how people in general use our website. For instance, it helps us monitor how many people visit each page, how long people stay on each page, which search engines people use to find our website and which links are clicked on. Analytics data cannot be used to identify you, or to tell us what you did on our website. It is completely anonymous.

10. Privacy Notice Updates

The Lyla Nsouli Foundation will update this Privacy Notice from time to time. Any substantial changes that affect how we process your personal data will be notified on our website. If required we will also notify you directly. This Privacy Notice should be read in conjunction with other policies and any contract terms and conditions.

11. Complaints

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO) We recommend that you contact our Data Protection Officer by email on to take necessary steps to resolve the matter before contacting the ICO.