Privacy Policy & Legal Terms
Updated 10th June 2026
Theodora Children’s Charity is committed to respecting your privacy and protecting your personal information. This policy (together with any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed. Please read the following carefully to understand our practices regarding your personal data.
The website https://theodora.co.uk/ is owned and operated by Theodora Children’s Charity and we are the Controller of data in accordance with UK data protection law.
Information we may collect from you:
We may collect information from you online in the following ways:
- When you have donated to us via any method;
- You have used our services or benefited from them;
- Through our use of Google Analytics cookies (please see the cookies section below);
- Through your request for publications and other fundraising materials;
- Through your request for information about our services and related topics and events;
- Through your registration for events;
- When you apply for a job;
- When you are employed or are a contractor;
- Through your contacting us with enquiries and comments;
- Through your donation or publication purchase.
- If you interact with us online or via social media
If you take one of the steps mentioned above, we may collect and process personal information about you such as:
- Your name, address, email address and other contact information;
- Records of your correspondence with us, if you have contacted us;
- Education achievements;
- Interests;
- Donation history;
- Financial data;
- Details of your visit to the website;
Information about your educational/professional experiences, and any other information provided to us in your comments.
Our Condition for processing data:
Service Users: Legitimate Interests (Art 6(1)(f)) is our primary basis for the delivery of our services including participation and evaluation.
We rely on Consent (Art 6 (1)(a)) for optional activities and processing such as certain participation opportunities, recordings/photography, case studies, surveys or where required by law for specific communications. For safeguarding, where processing is necessary to protect someone’s life or prevent serious harm, we rely on Vital Interests (Art 6(1)(d)).
Where we process special category data (e.g., health, ethnicity, beliefs, sexuality) or criminal offence data, we do so only where strictly necessary and with additional safeguards. Our typical conditions include:
Substantial Public Interest – safeguarding of children and individuals at risk (Art 9(2)(g) and Data Protection Act 2018, Sch. 1, para 18), or for supporting individuals with a medical condition, counselling or equality and diversity.
Vital Interests (Art 9(2)(c)) – where the individual is incapable of giving consent and processing is necessary to protect life.
Human Resources: We reply on Contract (Art 6(1)(b)) and Legitimate Interests (Art 6(1)(f)) for recruitment and onboarding of staff and trustees, and to administer employment engagement.
To administer employment/engagement Contract (Art 6(1)(b)).
We reply on Legal Obligation (Art 6(1)(c)) to meet legal obligations (e.g. HMRC, right to work, health and safety).
Legitimate Interests (Art 6(1)(f)) to manage performance, supervision, learning and development, security and IT systems.
For special category data we rely on Art 9(2)(b) employment and social protection law; Art 9(2)(g) substantial public interest (equality monitoring; occupation health; and where appropriate consent).
Fundraising and Marketing: We rely on Consent (Art 6(1)(a)) for email marketing to individuals where required by PECR.
Legitimate Interests (Art 6(1)(f)) for soft opt-in related email communication when you have expressed an interest.
Contract (Art 6 (1)(b)) to administer event bookings.
Legal Obligation (Art 6(1)(c)) for Gift Aid and financial record keeping.
Where we store your personal data:
The data that we collect from you may be transferred to, and stored at, our servers in the UK. It may also be processed by persons operating in the EEA who work for us or an organisation we have instructed. If we do send your personal data outside the EEA, we will take steps to ensure that the recipient implements appropriate safeguards to protect your information. Such safeguards may include the use of the UK Addendum in conjunction with the EU Standard Contractual Clauses or the UK International Data Transfer Agreement. The safeguards are subject to a Transfer Risk Assessment.
Uses made of the information:
We will process any of your personal data, in accordance with our obligations under applicable data protection laws and regulations. These include but are not limited to; The UK General data Protection Regulation (UK GDPR);
The Privacy and Electronic Communications Regulation (PECR).
The Data Protection Act 2018
We will only process your data for the following reasons:
To provide you with the services you have requested;
To comply with applicable Laws and Regulations;
For administrative purposes;
To assess enquiries, and;
To provide you with information about us, our services aims and objectives.
If, at any time, you do not wish to receive further information about us and our services, contact us at enquiries@theodora.org.
Disclosure of your information:
We may from time to time disclose your personal information to third parties. Generally, this will be when we have a legal obligation, contractual or professional obligation. This might include sharing information with other organisations for the purposes of safeguarding or other statutory regulations we may to comply with. Your rights:
You have eight rights in the current data protection legislation. For example, you have the right to ask us not to process your personal data for marketing or fundraising purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data or letting one of our team know your preferences. Other rights include;
The right to be Forgotten – you may ask us to delete any information we may have on record about you. Some conditions apply
The right to be Informed – We must tell you up front how and for what purpose we are processing your data;
The right to have Inaccurate Information corrected – For example, if we are using the wrong postal address you can ask us to update it;
The right to question Automated Decisions – Decisions made by software programmes about you. We currently do not use such processes;
The right of Access – You may request access to any of the information we may hold about you. Some conditions may apply.
The right to restrict the processing of your data – Under certain circumstances you may ask us to temporarily stop processing your data;
The right to Portability – You can ask up to send you information to a similar type of organisation to Theodora Children’s charity.
You can also exercise any of your rights at any time in the future by contacting us at enquiries@theodora.org.
Data Retention:
We generally keep data for only as long as it is required for the purpose for which you gave it to us. However, there are some legal obligations which oblige us to keep data for pre-defined periods of time. We detail these periods of time in our Records of Processing Activities, a copy of which is available on request.
Security:
We make every effort to ensure that your data is safe and secure. This includes regular assessments and software upgrades. Data is only accessed by those authorised to do so. If you have any concerns about this, please do get in touch.
IP Addresses:
Theodora Children’s Charity may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
Cookies:
Theodora’s website uses cookies to record visits to the website. This helps us to improve the website and provide you with a good experience when you browse the website.
Please see our Cookies Policy for more information.
Changes to Theodora’s privacy policy:
This privacy policy was last updated on 10th June 2026. Theodora Children’s Charity reserves the right to vary this privacy policy from time to time. Such variations become effective on posting on this website. Your subsequent use of this website or submission of personal information Theodora Children’s Charity will be deemed to signify your acceptance to the variations.
Contact:
Questions, comments and requests regarding this privacy policy should be addressed to Molly Franklin and Holly de la Nougeréde at enquiries@theodora.org
We have appointed a Data Protection Officer to oversee the processing of data. This person is contactable at, The DPO at enquiries@theodora.org
In case of complaint;
If you are unhappy with how we handle your personal data, you have the right to raise a complaint with us.
You can contact us by:
- Email: enquiries@theodora.org
Please provide:
- Your name and contact details
- A clear description of your concern
- Any relevant dates or reference numbers
What Happens Next?
- We will acknowledge your complaint within 30 days of receiving it.
- We will investigate your concerns.
- We may contact you if we need further information.
- We will respond as soon as possible and without undue delay.
Our response will explain:
- What we have found
- Whether any action has been taken
- What happens next
If You Are Not Satisfied
If you remain unhappy with our response, you have the right to complain to the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/
Accessibility:
If you require this information in an alternative format, please contact us and we will be happy to assist.