Data Protection & The GDPR (General Data Protection Regulation)

The Yianis Christodoulou Foundation is committed to protecting your personal information and being transparent about what information we hold, whether you are a donor, campaigner or receipient.Developing a better understanding of our supporters through their personal data allows us to operate more efficiently, which ultimately helps our causes. We have made improvements to this policy so that transparency is at the core of what we do.

The purpose of this policy is to give you a clear explanation about how the Yianis Christodoulou Foundation collects and uses the personal information you provide to us, and which we collect, whether online, via phone, email, in letters or in any other correspondence.

We ensure that we use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:

  • What information the Yianis Christodoulou Foundation may collect about you;
  • How we will use that information;
  • Whether we disclose your details to anyone else;
  • Your choices regarding the information you provide to us.

If you have any queries about this privacy policy, please contact the Data Protection Officer, 50 Westferry Circus, London, E14 8RR or email: [email protected].

If you have any questions or complaints regarding our use of your personal information, can contact the ICO at

As a data controller under the GDPR data protection rules we are registered with the Information Commissioner’s Office, and our registration number is ZA370957.

It will be mandatory for the Yianis Christodoulou Foundation to notify GDPR representatives, the UK’s data protection registrar of any security breaches within 72 hours.

Who we are…

We are a charity in the UK, and our registered charity number is 1166731. We are also registered as a company in England and Wales under registration number 10113853.

Information collection…

The Yianis Christodoulou Foundation collects data to operate effectively. You provide this data directly when you register with us.


We hold and process the following personal information about you, the main contact, and a second contact if applicable:

  • First name.
  • Surname.
  • Organisation role.
  • Daytime telephone number.
  • Email address.

How we use your information…

The Yianis Christodoulou Foundation uses the personal data we collect for the following main purposes:

  • ​To contact you;
  • To carry out our obligations arising from any contracts entered into between us;
  • To provide you with information about services that we offer;
  • To notify you about changes to our service;
  • To verify your identity;
  • As part of our efforts to keep our site safe and secure and to prevent or detect fraud;
  • To provide support;
  • To comply with the requirements imposed by law or any court order;
  • To provide you with the services, products or information you have requested;
  • To provide information about our work, activities, volunteering or events;
  • To process donations we may receive from you;
  • To fundraise in a manner referred to in this Policy or that you would reasonably expect;
  • For administration purposes (for example we may contact you regarding a donation you have made or an event you have registered for);
  • For internal management, such as record keeping of enquiries, feedback or complaints;
  • To invite you to participate in surveys or research (although this is voluntary);
  • Where collecting and holding your information is required or authorised by law;
  • We may use your personal information for the purposes of credit risk reduction or fraud prevention (using external specialist agencies to help us); and
  • Other specific purposes that you may agree to from time to time.

Recipients – Information and disclosure…

The Yianis Christodoulou Foundation may disclose your personal information in the following circumstances:

  • To third parties who provide a service to us and are data processors.This would include our trusted partners that work with us in connection with our charitable purposes, and other entities that act as fundraisers for the Yianis Christodoulou Foundation, s or provide Yianis Christodoulou information and marketing. We require these third parties to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We enter into contracts with all of our data processors and regularly monitor their activities to ensure they are complying with the Yianis Christodoulou Foundation’s policies and procedures.
  • Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies), or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect the Yianis Christodoulou Foundation, for example in cases of suspected fraud or defamation.

Rest assured, we will never share, sell or swap your details with any third parties for the purposes of their own marketing or the monetising of your data.

Keeping your personal information…

We keep your personal information only for as long as required to operate the service in accordance with legal requirements and tax and accounting rules. Where your information is no longer required, we will ensure it is disposed of in a secure manner.

Your ability to edit and delete your personal information preferences…

The accuracy of your personal information is important to us. Article 15 of the GDPR enshrines an individual’s right of access to the personal data that an organisation holds on them. You can also request to view, and/or to change, your personal data on request by sending an e-mail to or a letter to The Yianis Christodoulou Foundation, 50 Westferry Circus, London. E14 8RR. We will respond to each request within 7 days. We require you to prove your identity with two pieces of approved identification. As per Regulation the information will be provided free and within at least one month of receiving the request.

The right to be forgotten (right to erasure)…

Under Article 17 of the GDPR you have the right to obtain from the Foundation’s data controller, the erasure of personal data concerning you without undue delay The Foundation’s data controller is obliged to comply with such a request where one of the following grounds applies….

  • The personal data is no longer needed in relation to the purposes for which they were collected or otherwise processed;
  • The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  • The data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  • The personal data has been unlawfully processed;
  • The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • The personal data has been collected in relation to the offer of information society services referred to in Article 8(1).

You can request to delete your personal data (including photographs of you on the website) by sending an e-mail to or a letter to The Yianis Christodoulou Foundation, 50 Westferry Circus, London. E14 8RR. We will respond to such a request within 7 days. We require you to prove your identity with two pieces of approved identification. As per Regulation, the information will be provided free and within at least one month of receiving the request.

The right to data portability…

You have the right to obtain and reuse your personal data for your own purposes. Please contact us by sending an e-mail to or a letter to The Yianis Christodoulou Foundation, 50 Westferry Circus, London, E14 8RR.

Storing of personal data…

Personal data collected by The Yianis Christodoulou Foundation is stored in the United States and processed in the United Kingdom, Monaco and Cyprus. The storage location has been chosen in order to operate efficiently, to improve performance and to create redundancies in order to protect the data in the event of an outage or other problems.

​We take steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements applicable to the GDPR.

​Personal data is backed up on a regular occurrence and is encrypted.

In regards to the storage and the protection of personal data, we have the following measures in place:

​Personal data that is held on our IT systems is encrypted using Advanced Encryption Standard (AES).
The operating systems and applications that hold personal data are not passed their ‘end of life’.
Our IT systems that hold personal data are fully patched and up to date.
All e-mail sent and received that may contain personal data is encrypted. E-mail mailboxes and their contents are stored on encrypted hardware.
All IT systems are password protected with complex passwords which are regularly changed.
The premises where personal data is stored and processed is alarmed and is fully secure.
​As your personal information is stored in the United States, the data is transferred outside the European Economic Area.

Under 18’s…

We are committed to protecting the privacy of the young people that engage with us through our services for young people.

When we hold personal information on anyone under 18 we will ensure that we have consent from a parent or guardian before we hold the child’s personal information. When we collect information about a child or young person aged under 18 we will make it very clear as to the reasons for collecting this information and how it will be used.

Changes to this policy…

We may update the terms of this policy at any time, so please do check it from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address you have provided to us or by placing a prominent notice on our website(s). By continuing to use our website you will be deemed to have accepted such changes.

Your debit and credit card information…

If you use your credit or debit card to donate to us via PayPal on our website, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. You can find our more information about PCI DSS here –

We do not store your credit or debit card details at all, following the completion of your transaction. All purchases or donations should be completed through the donation page on our website (

Complaints, compliments or comments…

If you are unhappy with our work or something that we have done or failed to do, we want to know about it. We also welcome your views on what we do well. Your comments enable us as an organisation to learn and continuously improve our services.

Please provide us with feedback, or lodge any complaint, by sending an e-mail to [email protected].