Privacy Policy

Coral Futures Research & Innovation Centre
Last updated: 01/12/2025

1. Introduction

Coral Futures Research & Innovation Centre (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data in a lawful, fair, and transparent manner.
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, interact with us online, take part in our campaigns, donate, volunteer, or participate in our programmes.

We comply with all applicable data protection laws, including:

• The UK General Data Protection Regulation (UK GDPR)

• The Data Protection Act 2018

• The Privacy and Electronic Communications Regulations (PECR)

By using our website or providing your information, you agree to this Privacy Policy.

2. Who We Are

Coral Futures Research & Innovation Centre
A UK-based non-profit organisation undertaking marine conservation, coral research, education, and public engagement initiatives.

Legal status:

• Company Limited by Guarantee (CLG) while awaiting CIO status from the Charity Commission (or update once CIO status is confirmed).
  Registered address: 167-169 Great Portland Street
  London, W1W 5PF
  Email: info@coralfuturesresearch.org
  Website: https://coralfuturesresearch.org 

We act as the Data Controller for the personal information we collect.

3. What Personal Data We Collect

We may collect, store, and process the following categories of personal data:

3.1 Information you provide directly

• Name, email address, phone number

• Postal address

• Donation details (excluding full payment card numbers)

• Subscription preferences

• Event registrations and attendance

• Volunteer applications and CVs

• Messages and enquiries submitted via forms or email

• Petition signatures (name, email, postcode)

• Data provided for research participation (with separate consent forms where applicable)

3.2 Automatically collected information

When you visit our website, we may automatically collect:

• IP address

• Browser type/version

• Device details

• Pages visited and time spent on them

• Referring website

• Cookies and tracking information (see Section 10)

3.3 Sensitive personal data

We do not intentionally collect sensitive personal data (e.g., health, ethnicity).
If it becomes relevant for research participation or safeguarding purposes, we will request explicit consent.

4. How We Use Your Personal Data

We use your information to:

4.1 Provide and improve our services

• Respond to enquiries

• Manage donations and Gift Aid claims

• Process volunteer or job applications

• Register you for events, webinars, or programmes

• Maintain supporter records

• Monitor website performance and security

4.2 Communications

With your consent (or legitimate interest where appropriate), we may send:

• Updates about our work

• Campaign information

• Fundraising appeals

• Volunteer opportunities

• Newsletters
  You can unsubscribe at any time.

4.3 Legal and administrative purposes

• Comply with UK law and regulatory requirements

• Maintain financial records

• Prevent fraud or misuse

• Ensure data security

5. Our Legal Bases for Processing

We process personal data under the following UK GDPR legal bases:

• Consent – for newsletters, petitions, optional cookies, certain research participation

• Contract – when you purchase merchandise or register for certain events

• Legal obligation – financial record-keeping, Gift Aid, safeguarding

• Legitimate interests – improving our website, supporter engagement, organisational administration
  We always balance our legitimate interests with your rights and freedoms.

6. How We Share Your Data

We never sell your personal information.
We may share data with:

• Service providers (e.g., email newsletter platforms, website hosting providers, payment processors such as Stripe or PayPal)

• Regulators (e.g., HMRC for Gift Aid)

• Event or research partners, only when necessary and with appropriate safeguards

• IT security providers for cybersecurity monitoring

• Law enforcement, if required by law or for safeguarding purposes

All partners are contractually bound to comply with UK data protection law.

7. International Transfers

Some service providers (e.g., cloud storage or email marketing platforms) may store data outside the UK.
When this occurs, we ensure:

• Adequate protection under UK adequacy regulations, or

• Data Processing Agreements with standard contractual clauses (SCCs)

This ensures your data remains protected to UK-GDPR standards.

8. How Long We Keep Your Data

We only keep personal data as long as necessary for the purpose it was collected.
Typical retention periods include:

• Donation & Gift Aid records: 6 years

• Volunteer records: 2 years after last engagement

• Email subscription data: until you unsubscribe

• Petition signatures: until the campaign concludes unless you opt in for future contact

• Website analytics: typically 26 months or per cookie provider policies

Data is securely deleted when no longer required.

9. Your Rights Under UK GDPR

You have the right to:

• Access your personal data

• Request correction of inaccuracies

• Request deletion (“right to be forgotten”)

• Object to processing for marketing or legitimate interest reasons

• Restrict certain types of processing

• Data portability (where applicable)

• Withdraw consent at any time

• Make a complaint to the Information Commissioner’s Office (ICO)

Contact the ICO: https://www.ico.org.uk

To exercise your rights, email: info@coralfuturesresearch.org

10. Cookies and Similar Technologies

Our website uses cookies to:

• Improve functionality

• Analyse website traffic

• Personalise content

• Store your consent preferences

Types of cookies used:

• Necessary cookies – essential for website functionality

• Analytics cookies – help us understand website usage

• Marketing cookies – used for advertising (optional)

You can change or withdraw consent at any time via our cookie banner or your browser settings.

11. Security Measures

We take data security seriously and implement:

• HTTPS encryption

• Secure servers and firewalls

• Role-based access controls

• Regular software updates

• Data minimisation practices

• Staff training

• Two-factor authentication for key systems

While no system is 100% secure, we take all reasonable steps to protect your data.

12. Children’s Privacy

Our website and services are not intended for children under 13.
We only process children’s data with explicit parental/guardian consent where necessary (e.g., educational programmes).

13. Links to Third-Party Websites

Our site may link to external websites.
We are not responsible for the privacy practices or content of those sites.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
Any changes will be posted on this page with the updated revision date.

15. Contact Us

If you have questions or wish to exercise your rights, please contact:

Data Protection Lead
Coral Futures Research & Innovation Centre
Email: info@coralfuturesresearch.org
Registered address: 167-169 Great Portland Street, London, W1W 5PF