Please see https://www.cumberlandlodge.ac.uk/about-us to find out more about Cumberland Lodge and the work that we do. We are an incorporated charity registered with the Charity Commission (Registered Number 1108677) and Companies House (Company Number 5383055). Cumberland Lodge Enterprises is a wholly-owned trading subsidiary of Cumberland Lodge. Our designated statutory authority under the General Data Protection Regulation (GDPR) is the ICO. We are based in the UK.
The data we collect
Attendees and potential attendees of conferences, seminars and other events organised by Cumberland Lodge as part of its programme
For academic conferences, seminars and other events organised by Cumberland Lodge as part of its programme of events we capture information on individuals in academia and public life who we believe are appropriate attendees with an academic or policy-making background of relevance.We capture these individuals’ names, contact details employer/institution name, and job title/role/research interest.
The lawful reason that we use to process this data is legitimate interest, because it is essential to our charitable purpose that we attract to our events those with an appropriate background, expertise or interest in the subject matter. It is important that we reach out to those from across a broad spectrum of opinion and from a wide variety of backgrounds.
We hold only that data necessary for us to be able to contact those individuals and to identify their research/professional fields of interest. We will retain details as long as they are relevant so that we can send further invitations, reviewing periodically – at least every 5 years – and cleansing our data.
We keep an audit trail of when and how we capture this data and when and how we process data relating to these individuals. We will always give those contacted the opportunity to opt out of any further contact from us and will ensure these wishes are respected.
Business clients (companies)
For Business Clients of Cumberland Lodge, we capture information on the individuals who we believe are responsible for making or who influence decisions to use or promote Cumberland Lodge’s services within the companies that they work for, or are, for example, the lead contact for existing business relationships. We capture these individuals’ names, business email addresses, business telephone numbers, business location, employer company name, and job title/role.
The lawful reason that we use to process this data is either for fulfilment of an existing contract or our legitimate interest in promoting our services to relevant potential business customers.
We keep this data as long as a business relationship is ongoing and for up to five years beyond to facilitate easy resumption of business in the future. Such data has either been gathered from public sources or directly from individuals.
We keep an audit trail of when and how we capture this data and of when and how we process data relating to these individuals. We will always give those contacted the opportunity to opt out of any further contact from us and will ensure those wishes are respected.
Business clients (individuals)
For Individual Business Clients of Cumberland Lodge, we capture information on the individuals who have requested services from us. We capture these individuals’ names, contact and financial details.
The lawful reason that we use to process this data is for fulfilment of an existing contract. We do not directly market our services to individuals.
We keep this data as long as a business relationship is ongoing and for up to five years beyond to facilitate easy resumption of business in the future. Such data has been gathered directly from individuals.
We keep an audit trail of when and how we capture this data and of when and how we process data relating to these individuals.
Delegates attending conferences hosted by Cumberland Lodge and organised by other organisations or individuals
For conferences and events where Cumberland Lodge is acting only as the venue on behalf of a client, we capture information on the individuals attending only such as is necessary to deliver services e.g. room bookings, dietary requirements.
The lawful reason that we use to process this data is fulfilment of contract. Only such data as is necessary for this is captured; it is provided by the client organising the event. The data is kept for up to two years to facilitate continued personalised service to returning guests.
We keep an audit trail of when and how we capture this data and of when and how we process data relating to these individuals.
Donors and potential donors (trusts, foundations and similar grant-giving organisations)
For Donors and Potential Donors to Cumberland Lodge (Trusts, Foundations and Similar Grant-Giving Organisations), we capture information on the individuals who we believe are responsible for making, or who influence decisions of Trusts, Foundations or other Grant-giving bodies which have given or may be prepared to give to Cumberland Lodge.
We capture these individuals’ names and contact details, and details of any donations made.
The lawful reason that we use to process this data is legitimate interest because it is our legitimate interest to fundraise for the charity. Data is gathered from public sources or provided by individuals. We do not engage in any form of automated profiling nor do we enter into contract with others to do this for us but we do conduct our own research from public sources to ensure we are approaching only those it is appropriate for us to approach and in an appropriate way.
Donors and potential donors (individuals)
For individual donors/potential donors, we capture information on those we believe may be both in a position to and have an interest in supporting causes like ours. We capture these individuals’ names and contact details, and details of any donations made.
The lawful reason that we use to process this data is legitimate interest because it is our legitimate interest to fundraise for the charity. Data is gathered from public sources or is provided by individuals directly. We do not engage in any form of automated profiling nor do we enter into contract with others to do this for us but we do conduct our own research from public sources to ensure we are approaching only those whom it is appropriate for us to approach and in an appropriate way.
In the case of both Trusts and Foundations and of individuals, we keep the data for so long as there is an ongoing relationship and for two years beyond the last positive interaction, unless asked to remove it under the right to be forgotten provision. We will keep details of donations made, and by whom, indefinitely (again, unless asked to remove it under the right to be forgotten)
We keep an audit trail of when and how we capture this data.
We keep an audit trail of when and how we process data relating to these individuals.
Friends of Cumberland Lodge
For members of the Friends of Cumberland Lodge, we store individuals’ names, contact details and payment details from the point of joining the scheme and during the membership period.
The lawful reason that we use to process this data is in order to fulfil our contract with our Friends. In return for their subscription we provide them with information about the work of Cumberland Lodge and of events which they are entitled to or may wish to attend. This data is stored in our CRM database, Donorflex, and in secured filing cabinets.
The data is kept while individuals remain members of the Friends of Cumberland Lodge and up to one year beyond expiry of membership to ease the process of re-joining.
We keep an audit trail of when and how we capture this data.
We keep an audit trail of when and how we process data relating to these individuals.
Others (e.g. those who attend public events such as Cumberland Conversations)
For others, we capture information on the individuals who express an interest in attending our public events in order to facilitate that attendance and subsequently so that we may notify them of future such events.
We capture these individuals’ names and contact details.
The lawful reason that we use to process this data is Consent.
We keep this data until individuals tell us that they no-longer wish to hear from us or until a period of five years has elapsed since they last attended or since we last heard from them.
We keep an audit trail of when and how we capture this data.
We keep an audit trail of when and how we process data relating to these individuals.
Further information on data handling
We store and process data for which we act as Data Controllers in the UK.
We do not provide information for which we act as Data Controllers to any third-parties.
How we look after data
We take reasonable technical and procedural precautions to prevent the loss, misuse or unauthorised alteration of personal data.
We store the personal data that we collect securely.
We do not publish the details of the safeguards we use to protect personal data that we control as this could reduce the effectiveness of those safeguards.
Cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies allow your web browser to remember you, whether you’ve visited our site before and what your preferences are. Although cookies contain identifying information, they do not contain any information that identifies you personally. It is possible to block cookies by changing the settings on your browser, but be aware that some functionality of this site may be restricted.
When you visit our website you will be presented with a choice which will allow you to decide whether cookies are used or not. In a few cases some of our website features may not function if you choose not to allow cookies on our website.
Other websites
Our website may contain links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.
Your rights
Cumberland Lodge recognises the rights of data subjects as defined in the General Data Protection Regulation (GDPR).
We will always seek to uphold those rights and the links provided will enable you to communicate with us to exercise those rights, where relevant.
- Your right to be informed (this page and further information in communications we might send to you)
- Your right of access
- Your right to rectification
- Your right of erasure (right to be forgotten)
- Your right of restriction of processing
- Your right to data portability
- Your right to object
- Your rights in relation to automated decision-making and profiling
Cumberland Lodge recognises your right to lodge a complaint with a supervisory authority. You can access the ICO’s website from this link.