Updated 29th June 2023

Theodora Children’s Charity is committed to respecting your privacy and protecting your personal information. This policy (together with any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed. Please read the following carefully to understand our practices regarding your personal data.

The website https://theodora.co.uk/ is owned and operated by Theodora Children’s Charity and we are the Controller of data in accordance with UK data protection law.

Information we may collect from you:

We may collect information from you online in the following ways:

  • When you have donated to us via any method;
  • You have used our services or benefited from them;
  • Through our use of Google Analytics cookies (please see the cookies section below);
  • Through your request for publications and other fundraising materials;
  • Through your request for information about our services and related topics and events;
  • Through your registration for events;
  • When you apply for a job;
  • When you are employed or are a contractor;
  • Through your contacting us with enquiries and comments;
  • Through your donation or publication purchase.
  • If you interact with us online or via social media

If you take one of the steps mentioned above, we may collect and process personal information about you such as:

  • Your name, address, email address and other contact information;
  • Records of your correspondence with us, if you have contacted us;
  • Education achievements;
  • Interests;
  • Donation history;
  • Financial data;
  • Details of your visit to the website;
  • Information about your educational/professional experiences, and any other information provided to us in your comments.

Our Condition for processing data:

We may use one of several conditions for processing your data for example, Consent. If using Consent, we shall be able to demonstrate that you freely gave Consent and understood the purposes and reasons for the processing. You may withdraw your consent at any time.

Another condition we could use for processing your data would be our Legitimate Interest. We would use this on occasions where it would be in our interest to process your data, provided that our interests do not override your fundamental rights and freedoms. Where this is the case, you may object to such processing. We may also process data where we have a legal obligation because a law obliges us to process your data. When you work for us, or provide services to us, we may conduct background checks on you such as DBS checks. Where this is the case we may rely upon an appropriate policy document.

Where we store your personal data:

The data that we collect from you may be transferred to, and stored at, our servers in the UK. It may also be processed by persons operating in the EEA who work for us or an organisation we have instructed. If we do send your personal data outside the EEA, we will take steps to ensure that the recipient implements appropriate safeguards to protect your information. Such safeguards may include the use of the UK Addendum in conjunction with the EU Standard Contractual Clauses or the UK International Data Transfer Agreement. The safeguards are subject to a Transfer Risk Assessment.

Uses made of the information:

We will process any of your personal data, in accordance with our obligations under applicable data protection laws and regulations. These include but are not limited to;

The UK General data Protection Regulation (UK GDPR);

The Privacy and Electronic Communications Regulation (PECR).

The Data Protection Act 2018

We will only process your data for the following reasons:

To provide you with the services you have requested;

To comply with applicable Laws and Regulations;

For administrative purposes;

To assess enquiries, and;

To provide you with information about us, our services aims and objectives.

If, at any time, you do not wish to receive further information about us and our services, contact us at enquiries@theodora.org.

Disclosure of your information:

We may from time to time disclose your personal information to third parties. Generally, this will be when we have a legal obligation, contractual or professional obligation. This might include sharing information with other organisations for the purposes of safeguarding or other statutory regulations we may to comply with.

Your rights:

You have eight rights in the current data protection legislation. For example, you have the right to ask us not to process your personal data for marketing or fundraising purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data or letting one of our team know your preferences. Other rights include;

The right to be Forgotten – you may ask us to delete any information we may have on record about you. Some conditions apply

The right to be Informed – We must tell you up front how and for what purpose we are processing your data;

The right to have Inaccurate Information corrected – For example, if we are using the wrong postal address you can ask us to update it;

The right to question Automated Decisions – Decisions made by software programmes about you. We currently do not use such processes;

The right of Access – You may request access to any of the information we may hold about you. Some conditions may apply.

The right to restrict the processing of your data – Under certain circumstances you may ask us to temporarily stop processing your data;

The right to Portability – You can ask up to send you information to a similar type of organisation to Theodora Children’s charity.

You can also exercise any of your rights at any time in the future by contacting us at enquiries@theodora.org.

Data Retention:

We generally keep data for only as long as it is required for the purpose for which you gave it to us. However, there are some legal obligations which oblige us to keep data for pre-defined periods of time. We detail these periods of time in our Records of Processing Activities, a copy of which is available on request.



We make every effort to ensure that your data is safe and secure. This includes regular assessments and software upgrades. Data is only accessed by those authorised to do so. If you have any concerns about this, please do get in touch.

IP Addresses:

Theodora Children’s Charity may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.


Theodora’s website uses cookies to record visits to the website. This helps us to improve the website and provide you with a good experience when you browse the website.
Please see our Cookies Policy for more information.

Changes to Theodora’s privacy policy:

This privacy policy was last updated on 29th June 2023. Theodora Children’s Charity reserves the right to vary this privacy policy from time to time. Such variations become effective on posting on this website. Your subsequent use of this website or submission of personal information Theodora Children’s Charity will be deemed to signify your acceptance to the variations.


Questions, comments and requests regarding this privacy policy should be addressed to Judi Byrne at enquiries@theodora.org

We have appointed a Data Protection Officer to oversee the processing of data. This person is contactable at, The DPO at enquiries@theodora.org

In case of complaint;

If you are unhappy with our processing of your data, you have the right to complain to the Information Commissioner’s Office who regulates data protection in the UK.  You can do this by;

Telephone 0303 1231113

Or go online at www.oco.org.uk/concerns

If you are based outside of the UK, you may need to complain to the relevant data protection Supervisory Authority in your Country.