Privacy Policy

This Privacy Policy sets out how Lumos uses and protects the personal data you share with us. We want to make sure that we are clear about how we will use your data and reassure you that we will take appropriate measures to protect the personal data that we collect. Lumos uses personal data supplied by supporters to gain a better understanding of our audience and ensure we effectively communicate our organisation's work, campaigns and achievements. Our supporters are important to us and we are committed to ensuring that your privacy is protected. All information we ask you to provide will be stored in accordance with this Privacy Policy. 

Please read our policy carefully, along with our website's terms and conditions.



Privacy Policy

In this policy wherever you see the words ‘we’, ‘us’ or ‘our’, we are referring to the organisations referenced below and detailed in section 11 of the policy.
  • Lumos Foundation (Lumos) is a company limited by guarantee registered in England and Wales number: 5611912 | Registered charity number: 1112575
  • Lumos Foundation USA Inc. (Lumos USA), a 501(c)(3) non-profit organization Registered Office: 557 Broadway, New York, 10012, USA EIN: 47-2301085  
  • Friends of Lumos Foundation USA Ltd.

We will cover: 

1. Where Lumos collects information
2. What information we collect 
3. How we use the information we collect 
4. Accessing your information 
5. How we store your data and protect it 
6. The website and use of cookies 
7. Lumos on Social Media 
8. Children and young people’s data 
9. Data Controller contact information
10. Preparing for the General Data Protection Regulation (GDPR) in May 2018
11. Lumos Foundation USA and Friends of Lumos Foundation USA Ltd.


1. Where Lumos collects information


Information provided by you:
• Lumos may collect information provided by you, for instance, through filling out a form on our website, donating to us, attending an event that requires personal registration details or emailing us with a query. 
• We collect information about the services you use, this might be a visit to our website, watching a video on our YouTube or Vimeo channel or any other digital platform owned by us. 
Information obtained from third-parties
• We collect information about you from independent third party platforms, such as fundraising platforms like CrowdRise, Virgin Money Giving and Just Giving. We will only receive data from third-party platforms if you have given consent to pass this information on to us. Please ensure you check the privacy policy that related to the platform if you are concerned about how your data will be processed and stored. 

2. What information we collect 

Personal Details: 
  • Your title, full name and age
  • Your contact details (address, email, phone number)
  • Your professional activities and employment details
Public Information: 
  • We may collect information from publicly available sources such as Companies House, media outlets (such as newspapers, blogs and magazines) or open postings on social media such as LinkedIn
Other details: 
  • Gift aid status and records of donations
  • The last four digits of your payment card number - The payment merchant that Lumos uses to process donations (IATS) collects card details and stores card details for recurring payments. Lumos only stores restricted details, such as the last 4 digits of your card
  • Your contact preferences
  • Information about fundraising activities and the amount raised through the specified activity
  • Your IP address, location or browser for tracking purposes

3. How we use the information we collect

If you have opted-in to receive direct marketing or signed-up to receive our newsletters, you may receive the following communication from us: 
  • Campaign emails 
  • Surveys that will help us better understand our supporters 
  • Our e-newsletter, ‘Stay Connected’, which provides information that we think might interest you. We promise to only send brief and relevant email communications 
  • Reports about our programmatic work that are delivered by email.  
  • Invitations to events 
You can opt-out of receiving any of the above direct-marketing emails at any time. All direct marketing will include a link that gives you an option to unsubscribe at the footer of the email. 
If you have made a donation to Lumos, you will always receive: 
  • Confirmation of the amount you have donated to Lumos
You will only receive direct marketing from Lumos after you have made a donation if you have opted-in to receive communication from us.
Lumos sends all direct-marketing through our Salesforce Customer Relationship Management (CRM) databases and use iContact as our e-marketing platform for building direct-marketing templates.
More information on our newsletters:
Lumos operates an email newsletter program, it is used to inform subscribers about products and services supplied by Lumos, the service is described as ‘Stay Connected’. You can subscribe through an online automated process should you wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with you.
We use tracking facilities in our email campaigns to monitor when you open or forward the email, click on links within the email, and the time, date and frequency of activity. We store this information in our database (Salesforce) and use it to refine future email campaigns and supply you with more relevant information. This information is used to refine future email campaigns and supply you with more relevant content based on Lumos' activity.

4. Accessing your information 

We regularly review your contact information to make sure it’s up to date and always appreciate if you let us know when your contact details change.
All Lumos e-communications have an opt-out option. In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003, subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each direct-marketing email we send. If an automated un-subscription system is unavailable, clear instructions on how to un-subscribe will be detailed. You can also contact the data controller on the details below if you would like to opt-out of any communication from Lumos (which includes direct marketing, email correspondence or any other form of contact). 
If your contact details change, if you believe the information Lumos holds about you is incorrect or if you would like to be removed from our database entirely, please contact the data controller at for help with this or more information.
Right to access your data: 
Any individual who makes a written request is entitled to be:
  • told whether any personal data is being stored
  • given a description of the personal data, the reasons it is being stored, and whether it will be given to any other organisations or people
  • given a copy of the data and the source of the data (where this is available)
You have the right to ask us to stop storing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. registering you for an event) we will do so. You also have a right to ask for a copy of the information we hold about you. If there are any discrepancies in the information we provide, please let us know and we will correct them.
If you would like to access your data, please send a description of the information you would like to see and scanned proof of identity to Lumos’ data protection lead at
Guidance on accessing your data can be found on the Information Commissioner's Office (ICO) website here.

5. How we store your data and protect it 

We have appropriate controls in place to protect any personal information you may provide to us.
All personal details we receive are held securely and in accordance with the Data Protection Act 1998. Lumos will not sell your data, and will only use trusted suppliers to support our work. We always put contracts in place to protect your information. 
Our payment merchant (iATS) is PCI compliant, which means that it hosts and processes your data securely.
Under the Data Protection Act 1998 you may request a copy of personal information held about you by Lumos’ chosen email newsletter program (iContact) or from the contact relationship management database, Salesforce. We will hold your personal information on our systems for as long as is necessary for the relevant activity. 
We will sometimes use third-party platforms and companies to collect and process personal data on our behalf (an example of this would be a third-party Fundraising platform). We do comprehensive checks on companies before we work with them, and we always put a contract in place that sets out our expectations and requirements prior to any work taking place.  
When we share data gathered within the European Economic Area (EEA) with suppliers that run their operations outside the EEA, we will make sure they provide an adequate level of protection in accordance with UK data protection regardless of whether they are subject to the same data protection laws as companies based in the UK.  By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.  

6. The website and use of cookies 

Lumos takes a proactive approach to your privacy and ensures your privacy is protected throughout your visiting experience. Our website complies to all UK national laws and requirements for user privacy.
Use of Cookies: 
Our website uses cookies to better the user's experience while visiting the website. Cookies are small files saved to the website user's computer’s hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server, to provide the user with a tailored experience. 
The Lumos website uses tracking software to monitor its visitors and better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer’s hard drive to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google's privacy policy here for further information on how data is stored:
If you would like any information on Cookies, how they are used and the data we collect, please see for more details. 

7. Social Media Platforms

Communication, engagement and actions taken through Lumos social media platforms are custom to the terms and conditions as well as the privacy policies of each platform. 
Lumos may use social sharing buttons which help to share web content directly from web pages to the social media platform identified. You are advised before using such social sharing buttons that you do so at your own discretion and note that he social media platform may track and save your request to share a web page through your social media platform account.

8. Children and young people’s Data

Lumos takes child protection very seriously- it is at the heart of everything we do. Where possible we will always seek consent from a parent or guardian before collecting information about children under the age of 18. Children’s details (including their name, type of fundraising they are doing and the letters they receive as thanks) are collected and stored when a child fundraises for Lumos or attends an event. Lumos will always anonymise the names of children we have interviewed for case studies or testimonies.

9.Data Controller contact information

If you have any questions about this policy please contact the data protection lead on

10. Preparing for the General Data Protection Regulation (GDPR) 2018

The General Data Protection Regulation (GDPR) is a new EU law that will come into effect on 25 May 2018 to replace the current Data Protection Act. 
It will introduce new requirements for how organisations process personal data. Lumos is currently updating internal procedures and data collection and processing methods to ensure we comply with the new regulation. If you would like more information on how the General Data Protection Regulation (GDPR) will affect you, please visit

11. Lumos Foundation USA Inc. and Friends of Lumos Foundation USA Ltd.

Your data may be accessed by Lumos Foundation USA Inc. and Friends of Lumos Foundation USA Ltd. 
Lumos Foundation USA Inc. is recognised by the Internal Revenue Service as a 501(c)(3) tax exempt organisation based in the USA and is a separate non-profit organisation setup to further the mission of Lumos Foundation internationally.
Friends of Lumos Foundation USA Ltd. is a subsidiary of Lumos Foundation USA inc. and conforms with this privacy policy.
We have a contractual data sharing agreement, which agrees we may share information between Lumos Foundation, Lumos Foundation USA and Friends of Lumos Foundation USA Ltd. The agreement covers all of the data that is shared between the three organisations and provides EEA standard protection.
If you have any questions related to the data sharing agreement, please email the data controller in the USA on