Privacy Policy

Coram respects your privacy and security, and recognises how important it is that personal information remains secure. We aim to be open and transparent about the personal data we collect, how it is used and how it is shared.

This Privacy Notice explains the types of personal data Coram may collect about you when you interact with us, as well as how we’ll store and handle that data, and keep it safe.

It’s likely that we’ll need to change this Privacy Notice from time to time. We’ll notify you of any significant changes, but please come back and check it whenever you submit personal information via our website.

If you have any questions about this Notice please contact the Coram Privacy Officer, Coram Community Campus, 41 Brunswick Square, London, WC1N 1AZ or email dataprotection@coram.org.uk.

Online Privacy Overview

Your personal data is protected by UK and EU legislation, specifically the EU General Data Protection Regulation 2016/679 (the ‘GDPR’), the Privacy and Electronic Communications (EC Directive) 2003 and the Adoption and Children Act 2002 (ACA). We aim to exceed our legal obligations by following best practice and reviewing our procedures regularly.

Coram is registered as a data controller with the Information Commissioner for the United Kingdom for those purposes for which personal information is collected on this website.

Your use of our website is also governed by our website Terms & Conditions and use of other Coram services is governed by any applicable terms as well as the overall Privacy Policy.

1. Introduction

We want everyone who supports us, or who comes to us for support, to feel confident and comfortable with how any personal information you share with us will be used and looked after. This Privacy Policy explains the types of personal data we may collect about you when you interact with us, as well as how we’ll store and handle that data, and keep it safe.

We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how the Coram group uses your data. If you would like more detail about how a specific project or service uses your data you can view their individual privacy policy on their website.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

It’s likely that we’ll need to change this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

2. What is the Coram Group?

The Coram group of charities – which we’ll refer to as ‘Coram’ in this document – is made up of a number of related charities and wholly-owned trading subsidiaries, all committed to improving the lives of the UK’s most vulnerable children and young people (Registered Charity no. 312278). Coram’s registered office address is Coram Campus, 41 Brunswick Square, London, WC1N 1AZ.

This privacy notice applies to all of the above entities. For simplicity throughout this notice, ‘we’, ‘us’ and ‘our’ means the Coram group of charities and its brands.

We are a ‘data controller’ for the purposes of the EU General Data Protection Regulation 2016/679 (‘Data Protection Law’). This means that we are responsible for, and control the processing of, your personal information.

3. Why do we use your personal data?

You may at times be asked to supply personal information wen booking spaces via the website. Personal information is anything that enables us to identify you in some way, such as your name and email address. For instance, we may collect personal information from you when you complete online forms as part of communicating with us, when you subscribe to our email updates, or otherwise provide us with personal information. Coram will only collect personal information when you specifically and knowingly provide it.

If you supply such information, we are legally bound by the Data Protection Act 1998 to ensure that such information is only used for the purpose for which it was requested and also to ensure that the data is held securely.

4. How do we process your personal data?

Coram complies with its obligations under the GDPR and Data Protection Law by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

5. How secure is the information I submit on this website?

Coram takes the care of your data seriously and undertakes to protect your personal information in a range of ways.

In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. These measures include the use of secure servers, firewalls and SSL encryption.

However, please be aware that the transmission of information over the Internet is never 100% secure so, while we strive to protect your personal information, we can’t guarantee the security of any information you submit to us via our website.

6. How does this website use ‘Cookies’?

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to make sure that the site reflects your needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. Find out more about how Coram uses Cookies.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you want to prevent our cookies being stored on your computer in future, you may do so by referring to your internet browser’s instructions. You can do this by clicking on the “Help” menu. Please note, however, that if you disable our cookies you may not be able to access certain services or facilities on our site and your use of our site may be restricted. Further information on deleting or controlling cookies is available at www.aboutcookies.org.

7. Does Coram share my information with anyone else?

Coram will not sell, distribute or lease your personal information to third parties unless we have your permission or are required to do so by law.

8. How we protect your personal data

We know how much data security matters to you, and with this in mind, we treat your data with the utmost care. Coram employs appropriate administrative, technical, organisational, and physical security measures to protect your information and data against accidental or unlawful destruction, loss, or alteration, and against unauthorised disclosure and access.

We use standard industry practices to protect user information, including firewalls, SSL encryption, and system redundancies. Our staff and volunteers all receive mandatory data protection and information security training and we have a set of detailed data protection procedures that personnel are required to follow when handling personal data.

Unfortunately, no data transmission or storage can be guaranteed to be 100% secure. While we strive to protect your personal information, we cannot guarantee security of the information you transmit to us via email or through our websites.

Where we use external companies to collect or process personal data on our behalf we do comprehensive checks before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they process on our behalf. We have a robust partner monitoring framework to ensure these contractual obligations are met.

10. How long will we keep your personal data?

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. This will be based on either a legal requirement (where a law says we have to keep information for a specific period of time) or accepted business practice.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

11. Who do we share your personal data with?

The personal information we collect about you will mainly be used by our staff (and volunteers) at Coram so that we can support you.

We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.

We may, however, share your personal data with trusted third parties who work with us or on our behalf to deliver our services.

Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:

We provide only the information they need to perform their specific services.
They may only use your data for the exact purposes we specify in our contract with them.
We work closely with them to ensure that your privacy is respected and protected at all times.
They are required to comply with all relevant Data Protection Laws.
If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Examples of the kind of third parties we work with are:

IT companies who support our websites and other business systems.
Direct marketing companies who help us manage our electronic communications with you.
Partners who help us process donations and claim Gift Aid.

Sharing your data with third parties for their own purposes:

We will only do this in very specific circumstances, for example:

With your consent, given at the time you supply your personal data, we may pass that data to a third party for their direct marketing purposes.
For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our supporters, service users and staff into consideration.
We may, from time to time, expand, reduce or sell the Coram Group and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.

For further information please contact our Managing Director for Compliance.

12. Where your personal data may be processed

Sometimes we will need to share your personal data with third parties outside the European Economic Area (EEA), such as the USA.

Protecting your data outside the EEA

The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA.

For example, this might be required in order to process your payment details or provide support services.

If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times. If you wish for more information about these contracts please contact our Managing Director for Compliance.

Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

13. What are your rights over your personal data?

We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights.

YOU HAVE THE RIGHT TO:

Ask us what information we hold about you – and be given that information (usually free of charge).
Ask us to correct, change or update any information we hold about you.
Withdraw your consent for us to use your information.
Ask us to delete your information entirely. For example, when you withdraw consent, or object to us processing your data and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
Object to your data being processed by us (for legitimate interests) for reasons connected to your individual situation. We must do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Make a complaint or ask any other question in relation to your information.
Ask us to stop using your personal data for direct marketing (either through specific channels, or all channels). We must always comply with your request.
Review by a Coram staff member of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).

To exercise any of your rights, or ask us any questions about our data protection practices, please either speak to your Coram contact (if you have one) or email dataprotection@coram.org.uk.

You can also write to us at:
Managing Director of Compliance
Coram Campus
41 Brunswick Square
London
WC1N 1AX

If we choose not to action your request we will explain to you the reasons for our refusal.

CHECKING YOUR IDENTITY

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

14. Contacting the Regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113 (local rate) or 01625 545745 (national rate)

Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites)

Or write to them at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

15. Your consent

By providing us with your personal information you consent to the collection and use of that information for the purposes and in the manner described in this Privacy Policy. Coram reserves the right to modify or amend this privacy statement. Any alterations to our policy on the collection or use of data will be posted on this website. The latest version will be available on this website so please check periodically. By continuing to use this website you will be deemed to have accepted any changes.

16. Any questions?

We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.

If you have any questions that haven’t been covered, please contact our Managing Director for Compliance who will be pleased to help you:

Email us at dataprotection@coram.org.uk
Or write to us at Managing Director of Compliance, Coram Campus, 41 Brunswick Square, London, WC1N 1AZ.

This notice was last updated on 22 May 2018