You and Your Data
We want everyone who supports us, or who comes to us for support, to feel confident and comfortable with how any personal information you share with us will be looked after or used.
On 25th May 2018 the new European privacy law came into effect that requires all organisations to make changes in line with the General Data Protection Regulation (GDPR), imposing new rules regarding the collection, processing and security of data linked to EU establishments.
The Foundation of Light and Beacon of Light monitor our activities regularly to ensure that we meet the guidelines and standards set out by the information Commissioners Office (ICO). We have published ‘Your Rights’ on our websites from the ICO guidelines.
Within the Foundation of Light family, the Senior Leadership Team is responsible for information security, however regarding GDPR we have an appointed a Data Protection Officer. We are also monitored by the Charity Commission and English Football League, HMRC tested and recognised, BACS accredited and their respective authorities.
Foundation of Light is committed to protecting your personal information and making every effort to ensure that your personal information is processed in a fair, open and transparent manner.
We are a “data controller” for the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation 2016/679 (“Data Protection Law”). This means that we are responsible for, and control the processing of, your personal information.
For further information about our privacy practices, please contact our ‘Data Protection Coordinator’ by:
- Writing to Data Protection Coordinator’, Foundation of Light, Beacon of Light, Sunderland, SR5 1SN
- Calling 0191 563 4753
- Emailing DPO@foundationoflight.co.uk
Collecting Your Information
Everything we do, we do to ensure that we can help people in our local communities to live better lives, be more fulfilled, successful, happier and healthier.
We want to make sure you receive the communications that are most relevant to you, be it through visiting our website or receiving emails, post or phone calls.
We want to make sure you receive the best attention when you attend a course, become involved, become a partner or make a donation.
We collect information from you in the following ways:
- When you interact with us directly: This could be if you ask us about our activities, register with us for a course or an event, make a donation to us, ask a question about our services, purchase something, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website, make a purchase from us, or get in touch through the post, or in person.
- When you interact with us through partners or suppliers working on our behalf: This could be if you access a service or course which is delivered through a trusted organisation or partner working on our behalf and always under our instruction.
- When you interact with us through third parties: This could be if you provide a donation through a third party such as Just Giving or one of the other third parties that we work with and provide your consent for your personal information to be shared with us.
- When you visit our website: We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use “cookies” to help our site run effectively. There are more details below – see ‘Cookies’.
- We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.
- From other information that is available to the public: In order to tailor our communications with you to your background and interests we may collect information about you from publicly available sources or through third party subscription services or service providers.
How We Use Your Information
Personal information we collect includes details such as your name, date of birth, email address, postal address, telephone number and credit/debit card details (if you are booking a course or donation), as well as information you provide in any communications between us. You will have given us this information whilst making a donation, registering for an event, placing an order on our website or any of the other ways to interact with us.
We will mainly use this information:
- To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.
- To provide the services or goods that you have requested.
To update you with important administrative messages about your donation, an event or services or goods you have requested.
- To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations.
- To keep a record of your relationship with us.
- Where you volunteer with us, to administer the volunteering arrangement.
- If you do not provide this information, we will not be able to process your donation, sign you up for a particular event or provide goods and services you have requested.
- We may also use your personal information:
- To contact you about our work and how you can support Foundation of Light (see section 8 on ‘Marketing’ below for further information).
- To invite you to participate in surveys or research.
Sensitive Personal Information
Please note – Sensitive personal data was defined in the DPA 1998 but is not included in GDPR. Sensitive Personal data is not defined under GDPR and has been replaced with special category data, which includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (for the purposes of uniquely identifying a person, data concerning health or a person’s sex life or sexual orientation.
For example the Foundation may ask for your medical details in order to keep you safe whilst you are doing an activity with us and manage risk.
Profiling: Making Our Work Unique to You
We want to improve how we talk to you and the information we provide through our website, services, products and information. To do this we sometimes use profiling and screening methods so that we can better understand our supporters, your preferences and needs to provide a better experience for you.
We may carry out targeted fundraising activities using profiling techniques based on the information that we hold about you. We may also work with third party organisations who provide additional insight and general information about you that is publicly available. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a person, to analyse or predict aspects concerning that person’s economic and health situation, reliability, personal preferences and interests.
This information can be appended to the information that you have provided which allows us to use our resources more effectively by better understanding the background of our supporters and making appropriate requests based on what may interest them and their capacity to give. We will also profile your contact preference information to ensure that we are providing the service and information that you maybe interested in.
Please find our third parties that the Foundation have data sharing agreements with, we will only share this data where it is appropriate and necessary to provide you with services and products.
Under Article 21 of the GDPR, you have the right to object to the processing of your personal data at any time, including profiling for direct marketing.
To do this, email The Data Protection Coordinator, DPO@foundationoflight.co.uk with the subject line ‘Please stop analysis of my data’.
In some cases, we will only use your personal information where we have your consent or because we need to use it in order to fulfil a contract with you (for example, because you have signed up for a course or event).
However, there are other lawful reasons that allow us to process your personal information and one of those is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate interest for Foundation of Light to process your information.
Whenever we process your Personal Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that it has a negative impact on the individual interests, rights or freedoms.
Some examples of where we have a legitimate interest to process your Personal Information are where we contact you about our work via post, use your personal information for data analytics, conducting research to better understand who our supporters are, improving our services, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission.
We will only contact you about our work and how you can participate with or support Foundation of Light by phone, mail, email or text message, if you have agreed for us to contact you in this manner.
Under Article 21 of the GDPR, you have the right to object to the processing of your personal data at any time, including profiling for direct marketing and withdraw your consent to contact.
You can update your consent contact choices or stop us sending you Marketing and communications at any time by contacting the Data Protection Coordinator, DPO@foundationoflight.co.uk or clicking the unsubscribe link at the bottom of the relevant communication.
Sharing Your Information
The personal information we collect about you will mainly be used by our staff (and volunteers).
We will never sell or share your personal information with other organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.
We may however share your information with our trusted partners and suppliers who work with us or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. You can find a list of our partners that we may share data with here. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes.
Some examples of where we may share your information are with our fulfilment partners who help to create and send information to you to reduce our costs, with our partners who help us to process donations and claim Gift Aid and our partners who help us to manage our social media accounts.
We enter into contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.
We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our conditions of sale and other agreements.
Keeping Your Information Safe
Any information held by the Foundation about individuals is held securely and in compliance with the Data Protection Act 2018 and GDPR.
The Foundation of Light is committed to protecting your personal data. We have put information security measures in place to ensure that our staff, service providers, partners and suppliers all look after your information in line with good practice and the law. These follow the rules and practices known as Information Governance (IG).
Our electronic data is held on SharePoint, Views, My Concern, PeopleHR and DCS Payroll who are certified to the required standards for their operating processes.
The information security measures we’ve put in place include:
- following good Information Governance practice and the law when it comes to collecting, handling and giving access to information
- training staff in their data protection responsibilities
- putting processes in place to ensure good Information Governance practices for information we collect, hold or handle in both manual and electronic forms
- access to your information is only given to those who need to know and where it is necessary
- information will not be held for longer than required and will be disposed of securely
- we encrypt all our electronic devices and sensitive information that is transmitted is encrypt
- protect your personal information from improper access, use, alteration, destruction and loss.
Unfortunately, the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.
Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or Web sites that have links on our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those websites or advertisers.
Any debit or credit card details which we receive on our website are passed securely to our payment processing partner, according to the Payment Card Industry Security Standards.
How Long We Store Your Data
We are legally required to hold some types of information to fulfil our statutory obligations (for example, the collection of Gift Aid). We will hold your personal information on our systems for as long as it is necessary for the relevant activity or service that we provide to you, or as required by law. We review our retention periods of the information we hold about you on a regular basis. Full details of the Foundation’s data retention periods can be found here.
Updating Your Data
Data Protection law gives you the right to apply for a copy of information about yourself held by the Foundation. This is called a ‘Subject Access Request’. If you make a subject access request, and we hold information about you, we will:
- Give you a description of it
- Tell you why we are holding, and processing it, and how long we will keep it for
- Explain where we got it from, if not from you or your child
- Tell you who it has been, or will be, shared with
- Let you know whether any automated decision-making is being applied to the data, and any consequences of this
- Give you a copy of the information in an intelligible form
- If you wish to make a subject Access Request, please contact Data Protection Coordinator by email at DPO@foundationoflight.co.uk.
The accuracy of your information is important to us to be able to provide relevant services more quickly. We are working to make our record keeping more efficient. If you wish to restrict data processing or sharing including use for marketing or do not want to be contacted by the Foundation in any way, please inform us. You can request that we remove your details from our database at the address below. We will remove data in accordance with your wishes excluding data we are required to keep by law.
If you change your address or email address, or if any of your circumstances change or any of the other information we hold is inaccurate or out of date, please let us know so that we can update our records accordingly.
Where we use your personal data for other purposes other than what you have consented or where we have to fulfil a statutory obligation, or where the data protection law allows, then we will let you know so that you can make an informed choice about how your information is used.
If you do not want your information to be used for any purpose beyond providing the services you have agreed to receive, such as; sharing it with our partners or providers for service delivery planning or improvement of services, you can choose to opt-out of this.
However, if you opt out or withdraw consent from certain processing of your information, we may not be able to deliver certain services to you.
You may not be able to object to your information being used, held, or shared under certain circumstances. For example, where have a duty to safeguard a vulnerable adult or a child, or the prevention and detection of crime, or where we are required to fulfil our statutory obligations.
Where you would like to withdraw your consent or opt-out of any other use of your information, please write to: Data Protection Coordinator by email at DPO@foundationoflight.co.uk.
The Information Commissioner is the UK’s independent body set up to uphold information rights.
If you would like to know more about your rights under the Data Protection law, and what you should expect from us, visit the Information Commissioner’s website.
If you have any concerns regarding our privacy practices or about exercising your Data Protection rights, you may contact:
For more information about GDPR and Your Rights, please view the extract from the Information from the Information Commissioner’s Office within our Data Protection Policy.
Foundation of Light website use “cookies” to help personalise the online experience, to support the provision of relevant information and functionality to you, and to provide us with information about how you use our Website.
A “cookie” is the name for a small file stored on the user’s computer or mobile device tied to information about that user. They also allow us to identify those devices when they return to a site. You can set your browser to notify you before you receive a cookie, giving you the option of whether to accept it. You can also set your browser to turn off cookies. If you do so, areas of some sites may not function properly.
To help us provide better service, we sometimes collect anonymous information from visits to our sites using performance cookies such as Google Analytics Remarketing and Advertising Reporting Features.
These do not access your personal information, but rather allow Foundation of Light to log users who have visited our website. We use this data to analyse trends and statistics to help us provide better customer service. If you do not want your transaction details used in this manner, see the paragraph above on cookies.
We automatically collect and store only the following information about your visit:
- the internet domain and IP address from where you access our Website;
- the type of browser software and operating system used to access our Website;
- the date and time you access our Website;
- the pages you enter, visit and exit our Website from; and
- if you linked to our Website from another Website, the address of that Website.
We use this information to help us identify click stream patterns, to compile aggregate data in order to observe behaviour and to improve our Website, to learn about the number of visitors to our Website, the types of technology our visitors use, to target the advertising and to assess the general effectiveness of such advertising.
We only use this information to ensure that our Webpages stay compatible with a selection of browsers and systems and thereby ensure that the pages appeal to a wide audience.
We granted our web developers Mediaworks access to our Google Analytics account, to collect certain anonymous information when you visit our websites. Google Analytics do not collect any personal information from you.
If you visit a Website operated by a third party through a link included on our website, your information may be used differently by the operator of the linked website and a third-party website may have different privacy and security policies. We do not have any control over any websites other than www.foundationoflight.co.uk and take no responsibility for information given to any website other than www.foundationoflight.co.uk.
You can opt out of all our cookies but, if you choose to refuse all cookies, our website may not function for you as we would like it to.
To find out more about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
Your communications with our team (including by telephone or email) may be monitored and/or recorded for training, quality control and compliance purposes to ensure that we continuously improve our customer service standards.
The terms of this Privacy Notice may change, so please recheck periodically. This statement was last updated June 2022.