The Lyla Nsouli Foundation for Children’s Brain Cancer Research is a registered charity in England and Wales (1145172). Registered as a company limited by guarantee in England and Wales (7801855). Registered address: Sixth Floor, 3 Burlington Gardens, Mayfair, LONDON W1S 3EP.
The Lyla Nsouli Foundation takes data protection and our responsibilities to correctly and lawfully treat personal data as a data controller seriously. We are committed to complying with legal obligations and practicing industry standards when collecting, processing and storing personal data.
This privacy notice provides detailed information about how we treat information that you provide to us. Our Data Protection Officer can be contacted by email on email@example.com if you have any queries regarding your personal data.
2. Types of personal data we process
We process personal data about people interested in finding out more about our foundation, contributing and registering for fundraising events. We process personal data about employees and prospective employees of our organisation.
The personal data we collect, process and store will be personally identifiable information related to people making donations, employees, friends and supporters. The personal data processed includes recorded information that is true and correct about an individual. Information such as:
Other types of data we may collect, process and store is sensitive information related to an individual. Information such as:
3. How we collect and process personal data
The Lyla Nsouli Foundation collects information in several ways, including:
As an organisation, we may be lawfully required to share personal information with relevant authorities: government services such as Visa and Immigration, Revenue and Customs. Our members of staff collect, process and store personal information only for the purpose for which it is intended.
All personal data resides within the European Economic Area on systems that are provided by the third parties and/or cloud storage providers. These systems include human resources information systems, payroll systems, web servers and email systems. We do not transfer personal data outside of the European Economic Area unless we are satisfied that the personal data will be afforded an equivalent level of protection.
Our foundation has a Data Protection Standard in place to oversee the effective and secure processing of your personal data. We have policies around the use of technology, electronic devices and access to our systems. We try to ensure that all personal data held in relation to an individual is as up to date and accurate as possible.
4. Purposes for which we process personal data
The Lyla Nsouli Foundation processes personal data to lawfully and legitimately support the foundation’s operation as a charitable organisation. Our foundation collects information about fundraisers, contributors and staff when necessary to:
Our foundation collects information about staff, prospective staff and contractors when necessary for:
5. How long do we keep personal data
We retain personal data only for a legitimate and lawful reason and only for so long as necessary or required by law. Our Data Protection Officer can be contacted by email on firstname.lastname@example.org if you have any queries regarding the retention of your personal data.
6. Your rights
Under Data Protection Law you have rights regarding the collection, processing and storage of your personal data. These rights are, however, subject to certain exemptions and limitations.
You have the right to:
Our Data Protection Officer can be contacted by email on email@example.com if you have any queries regarding your rights. Any request for data we store and process about you must be completed in writing.
7. Subject Access Requests
Under Data Protection Law you have the right to request information or request to delete information we store about you without incurring costs. We are only obligated to provide information that is related to you. You can submit a Subject Access Request form to obtain information on the data we hold about you. Any data access request is, however, subject to certain exemptions, limitations or contractual obligations. Data belonging to or identifying other individuals is exempt from right of access and will be subject to legal privilege. We cannot disclose confidential information on any of our staff.
Any request for data we store and process about you must be completed in writing. The Subject Access Request form can be obtained from our Data Protection Officer by email on firstname.lastname@example.org. Data Protection Law allows us to respond to any such written requests within one calendar month. Excessive requests or simultaneous requests for the same information may incur an administration fee or be refused where Data Protection Law allows us to do so.
Under Data Protection Law we are required to obtain consent to process an individual’s personal data. This is with limitations and exceptions as we may have lawful and legitimate reasons to process such data to support the foundation’s operation or to fulfil contractual or legal obligations, regardless of consent. When our foundation collects information about you, our foundation takes reasonable steps to advise you of certain matters. This includes the purpose of the collection, and how to access, update and correct information held about you. In some cases, we may send out separate consent requests using:
9. Cookies Policy
10. Privacy Notice Updates
The Lyla Nsouli Foundation will update this Privacy Notice from time to time. Any substantial changes that affect how we process your personal data will be notified on our website. If required we will also notify you directly. This Privacy Notice should be read in conjunction with other policies and any contract terms and conditions.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO) http://www.ico.org.uk. We recommend that you contact our Data Protection Officer by email on email@example.com to take necessary steps to resolve the matter before contacting the ICO.