The Lyla Nsouli Foundation logo

Privacy Policy

Data Controller

The Lyla Nsouli Foundation for Children's Brain Cancer Research
Sixth Floor, 3 Burlington Gardens
Greater London
United Kingdom

1. Introduction

The Lyla Nsouli Foundation for Children’s Brain Cancer Research is a registered charity in England and Wales (1145172). Registered as a company limited by guarantee in England and Wales (7801855). Registered address: Sixth Floor, 3 Burlington Gardens, Mayfair, LONDON W1S 3EP.

This privacy notice provides detailed information about how we collect and process the information that you provide to us according to Data Protection Act 2018 and UK GDPR. Our Data Protection Officer can be contacted by email on if you have any queries on your personal data.

2. Types of personal data we process

We process personal data about people interested in finding out more about our foundation, contributing and registering for fundraising events. We process personal data about prospective partners and supporters. The personal data processed include:

• Identification and contact details;
• Bank account details;
• CV, proposal and professional information for a grant;
• Information about your activities on our website(s) or social media platforms when you interact with us, and about the device you use to access these, for instance your IP address and geographical location;
• Information about your preferences regarding events, activities or products we offer to you;
• In the case you leave us your legacy, any information regarding next of kin with which you may have provided us to administer this;
• Any other information that you want to share with us.

We could also process sensitive information that the individuals want to share with us such as health condition, race or ethnicity, ideology, or religion.

3. How we collect and process personal data

The Lyla Nsouli Foundation collects information directly by the individuals interested or a legal representative through our website, by email or post mail.

4. Purposes for which we process personal data

The Lyla Nsouli Foundation processes personal data to support the Foundation’s operations lawfully and legitimately as a charitable organisation. Our entity collects information about fundraisers, contributors and supporters when necessary to:

• Attend your enquiry;
• Organise fundraising events and reach charitable objectives;
• Process and monitor applications for grants and fundraising;
• Send newsletters to our subscribers;
• Support operational management of the foundation including administration of contributor records and subscribers; the administration of invoices, fees and accounts;
• Fulfil legal requirements;
• Promote the foundation on our website or through social media, newsletters and other publications and communications conducted by the foundation.

5. Legal basis to process your data

1. Execution of a contractual relationship of which the interested party is a party: In the case we reach an agreement for research activities;
2. Compliance with our legal obligations: We must manage and store individuals’ records as well as to attend requirements from the relevant competent authorities, in addition to the filing of legal actions;
3. Our legitimate interest: We may need to have information about our supporters, partners and interested individuals to promote our activities by sending newsletters and to carry out our activities, always without interfering in your rights and freedoms (in addition to your consent);
4. Your consent: We may need you to send you our communications, always providing the procedure to exercise your right to withdraw your consent.

6. Sharing data with third parties

We will only share your information with third parties when necessary for the purposes for which it was obtained as set out in this policy. We will not sell or share personal information with any third-party organisation for their own purposes.

We will only process your information or share it with third parties if you have previously provided your consent.

We will only share information with third parties that operate in accordance with the Data Protection Act 2018, the UK GDPR, and this Privacy Policy.

7. International transfer of data

In the event that, it is necessary to comply with our purposes (which could include the sharing of data with a supporter or the use of platforms offered from outside the EEA), personal data may be transferred to countries outside the European Economic Area (EEA), including countries that may offer a lower level of data protection than in the EEA, we will implement the necessary measures to provide appropriate safeguards to protect your personal information, in order to make these transfers compliant with data protection laws.

8. How long do we keep personal data

We retain personal data only for a legitimate and lawful reason and only for so long as necessary or required by law. Once the purpose has expired or you withdraw your consent to process you data, we will erase the information from our systems under the corresponding security measures.

9. Your rights

Under the regulations, you have rights regarding the collection, processing and storage of your personal data. These rights are, however, subject to certain exemptions and limitations disposed in the legal bodies.

You have the right to:

• Access: You have the right to access the personal data we hold about you.
• Erasure: You have the right to ask for the personal data we hold about you to be erased (this is with limitations and exceptions as we may have lawful reason to hold such data).
• Rectification: You can ask for the personal data we hold about you to be amended.
• Object: You have the right to request to us to stop processing such data (this is with limitations and exceptions as we may have lawful reason to process such data).
• Limitation: You have the right to ask for the restriction of the processing of your data in certain circumstances, you can limit the way that we use your data.
• Withdraw consent to process your personal data (this is with limitations and exceptions as we may have lawful reason to process such data regardless of consent).
• If you do not want to receive Newsletters from us, you can unsubscribe from our mailing list by clicking Unsubscribe at the bottom of our emails.

Our Data Protection Officer can be contacted by email on if you have any queries regarding your rights.

10. Minors

We will not collect and process, under any concept, data from individuals under 13 years old. Consent from parents or legal representatives will be always needed.

11. Storing and securing information

We shall ensure the implementation and use of the proper technical and organisational measures to ensure the security, confidentiality, integrity and privacy of the personal data, preventing from unauthorised access or unlawful processing as well as accidental loss, destruction or damage of the files.

12. Payment card information

If you use your credit or debit card to donate to us, fundraising or buying, we will ensure that this is done securely and following the Payment Card Industry Data Security Standard (PCI DSS) which is the international standard for safe card payment processes. You can find out more information about PCI DSS at:

We will not collect, process, and store your payment card information as it will be directly processed by the bank. Our online donation platform is carried out using a 'payment gateway', which is a direct connection to a payment service provided by the bank, so the card information processed by the payment site is directly communicated and processed by the bank, which passes your payment to us. Hence, we will not store your credit or debit card details.

All card details and validation codes are securely destroyed once the payment or donation has been processed. Only staff authorised and trained to process payments will be able to see your card details.

The payment gateways we use are: JustGiving, AmazonSmile and You can find out more about their privacy policies here:

- JustGiving:
- AmazonSmile:

13. Common use with social networks and platforms

This website holds links to other websites and social networks like Instagram, LinkdIn, Twitter and Facebook in addition to the indicated payment platforms. We are not responsible for the privacy practices or the content of such sites. You should be aware that the processing of your personal information is carried out by those sites and governed by their respective privacy policies.

If you do not want these sites to collect and process your information, please review their corresponding privacy policies and astrain from using their Services.

14. Cookies used in our website

We use cookies to provide you with a better experience in the use of our website, as well as to store information about our visitors. This information is related to your session ID and are a way of monitoring single user access.

The Web server is allowed to remember some data concerning the user, such as his preferences for visiting the pages of this server, name and password, products that are more interesting, etc.

The Cookies that we use in our website and that require informed consent by the user are the functional cookies and the targeting cookies. Consent is not required for essential or required cookies, which are those of a technical nature necessary for the operation of the website or the provision of services expressly requested by the user. You can get more information about the cookies we used by visiting our website cookies policy.

If you'd like to learn more about cookies in general, we recommend the About Cookies website

15. Complaints

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO) We recommend that you contact our Data Protection Officer by email on to take necessary steps to resolve the matter before contacting the ICO.

16. Privacy Notice Updates

The Lyla Nsouli Foundation will update this Privacy Notice from time to time. Any substantial changes that affect how we process your personal data will be notified on our website. If required, we will also notify you directly.

Last review September 2023