Data Protection Policy

 1 DATA COLLECTION AND STORAGE

Coreus Foundation are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice, or our practices with regards to your personal information, please contact us at info@coreusfoundation.com.
This privacy notice will explain how our organisation uses the personal data we collect from you and applies to all information collected including services, sales, marketing and events.

1.1 WHAT DATA DO WE COLLECT?

Our Foundation collects the following data:

Beneficiaries’ data: Whilst working with beneficiaries, we may collect personal identification information such as name, email address, phone number.

Employee data: Throughout your employment life cycle we will collect personal identification information such as name, email address, phone number, pay, personal development.

Log and Usage Data. Log and usage data is service-related, diagnostic usage and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings and information about your activity in the Services.

Device Data. We collect device data such as information about your computer, phone or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device application identification numbers, location, browser type, hardware model Internet service provider and/or mobile carrier, operating system configuration information.

Location Data. We collect information data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type of settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Locations settings on your device.

1.2 HOW DO WE COLLECT YOUR DATA?

You directly provide Coreus Foundation with most of the data we collect. We collect data and process data when you:

- Sign up to the Coreus Foundation email programme.

- Use or view the Coreus Foundation website via your browser’s cookies.

- By providing your contact details to one of our employees.

1.3 HOW WILL WE USE YOUR DATA?

Coreus Foundation will process your information for purposes based on compliance with our legal obligations, and/or your consent. Coreus Foundation collects your data for the following purposes:
- Marketing and promotional communications, we and/or our third-party marketing partners may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences.
- We may use your information for other purposes, such as data analysis, identifying trends and determining the effectiveness of our promotional campaigns. We may use and store this information in aggregated and anonymised form so that it is not associated with individual end users and does not include personal information. We will not use identifiable personal information without your consent.

1.4 HOW DO WE STORE YOUR DATA?

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice. When we have no ongoing legitimate need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

1.5 MARKETING

Coreus Foundation would like to send you information about our activities that we think you might like. If you have agreed to receive marketing, you may always opt out at a later date.

1.6 WHO WILL YOUR INFORMATION BE SHARED WITH?

We only share and disclose your information with the following third parties. We have categorised each party so that you may easily understand the purpose of our data collection and processing practices.

Cloud Computing Services: Google Cloud Platform

Data Backup and Security: Google Drive Backup

Web and Mobile Analytics: Google Analytics

Website Hosting: WordPress.com

1.7 PRIVACY RIGHTS

Coreus Foundation would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

- The right to access – You have the right to request Coreus Foundation for copies of your personal data.

- The right to rectification – You have the right to request that Coreus Foundation correct any information you believe is inaccurate. You also have the right to request that Coreus Foundation has to complete the information you believe is incomplete.

- The right to erasure – You have the right to request that Coreus Foundation erase your personal data, under certain conditions.

- The right to restrict processing – You have the right to request that Coreus Foundation restrict the processing of your personal data, under certain conditions.

- The right to object to processing – You have the right to object to Coreus Foundation processing of your personal data, under certain conditions.

- The right to data portability – You have the right to request that Coreus Foundation transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email info@coreusfoundation.com

2 ORGANISATION AND MANAGERIAL RESPONSIBILITIES

As Chairman of the foundation, Neville Coles is directly responsible for data protection and privacy matters within the company. The responsible person will seek external assistance where necessary to ensure that the company meets both its statutory obligations and the objectives laid down in this Data Protection Policy.

2.1 BENEFICIARIES RESPONSIBILITIES

Effective security is a team effort requiring the participation and support of everyone involved. It is your responsibility to know and follow these guidelines.

You are personally responsible for the secure handling of confidential information that is entrusted to you. You may access use or share confidential information only to the extent it is authorised and necessary for the proper performance of your duties. Promptly report any theft, loss or unauthorised disclosure of protected information or any breach of this policy to the charity.

3 ARRANGEMENTS FOR DATA PROTECTION

3.1 RISK ASSESSMENT

The Coreus Foundation will complete all necessary data risk assessments and take appropriate actions arising from those risk assessments. The Coreus Foundation will review and update as required by government regulations or as advised by third party specialists.

3.2 DATA PROTECTION BREACH

Failure to abide by the rules set out in this policy could result in disciplinary action. Depending on the severity of the offence, the disciplinary action may even result in the termination of staff contracts or association with the Coreus Foundation. Outside of the organisational disciplinary actions, an employee must also recognise that they may be subject to personal criminal liability should their actions be found to be in breach of this policy.

If an employee believes there many have been a breach, or is notified of a potential breach, they are required to make the foundation aware. Once aware of a breach it is the responsibility of the Coreus Foundation to act to prevent or mitigate the breach within 72 hours, whilst also keeping a clear and succinct record of any breach that occurs.

3.3 TRAINING

The Coreus Foundation will give staff and contractors a Data Protection induction and provide appropriate training. This training will be refreshed when necessary and all staff kept informed of Data Protection matters as they arise.

HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at info@coreusfoundation.com or by post to:
The Coreus Foundation
Winslade Park, Manor Drive
Clyst St. Mary, Exeter
EX5 1FY, United Kingdom

This Policy has been signed off by Chairman Neville Coles for the years 2024 and 2025.

Last updated 30/09/2024