loader image



This privacy notice explains how and why Religious of the Assumption (ROTA) uses the personal data you provide when you engage with us and/or benefit from our activities.

Everyone has rights over how their personal data is handled and ROTA is committed to ensuring that your personal data is used in accordance with relevant data protection laws.

Who are we?

ROTA is a charity registered with the Charity Commission in England and Wales with charity number 233084 and with the Information Commissioner’s Office with registration number ZA127625. Our registered address is Convent of the Assumption, 20 Kensington Square, London W8 5HH.

When we refer to “we” or “us” in this privacy notice we mean:

  • ROTA
  • our funding programmes Maria Assumpta Trust (MAT), Assumption Legacy Fund (ALF), and the Duchess of Leeds Assumption Fund
  • the Assumption Volunteers initiative

For the purpose of the data protection legislation (including the General Data Protection Regulation 2016/279 (GDPR) and Data Protection Act (2018), ROTA is the controller of your Personal Data.


You may contact ROTA’s Data Protection Representative on enquiries@assumptionreligious.org or by writing to ROTA, Convent of the Assumption, 20 Kensington Square, London W8 5HH.

We hope that we can satisfy any questions you may have about how we use your personal data. If you have unresolved concerns you also have the right to complain to the Information Commissioner (ICO) (https://ico.org.uk/make-a-complaint/).

What is personal data?

Personal data means any information from which a living person can be identified. This could include your name, address, email address, or telephone number. Personal data does not include information where your identity has been removed (i.e. anonymous data).

Special category personal data means any personal data about your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation.

Criminal offence data means personal data about any criminal convictions, offences, or related security measures relating to you.

What personal data do we use?

PurposePersonal data we collect from you directlyPersonal data we collect from third parties
Job applicantsname, address, email and telephone contact details, other information included in your CV or cover letter or as part of the application processcriminal record check including any criminal offence data (where appropriate to the role) references
Applicants to our grant programmesname, address, telephone, bank details, health information, gender 
Applicants to The Duchess of Leeds Assumption Fundname, date of birth, religion, address, phone, email, education, work experience, skills, details of your project, full costs, own sources, funds applied for, personal statement, parental consent (for applicants under 18) 
Grant sponsors for applications to the Duchess Fundname, contact details, address, telephone number, email, positionduration of knowing the applicant, reasons for recommending
Booking events or conference facilitiesname, telephone number, email address, home address (if required for Gift Aid purposes) 
Booking accommodation for retreats/personal reflectionname, telephone number, email address, home address (if required for Gift Aid purposes) 
Applicants to our youth programme retreats or pilgrimagesname, email, phone, address, DOB, nationality, visa requirements, health conditions, reasons for applying, referee details, emergency contact details  References
Applicants to our volunteer programmesname, address, telephone, email, date of birth, nationality, religion, marital status, dependents, education, work experience, other skills, hobbies, personal statement, referees language skills, dietary requirements, medical conditions/medication taken, emergency contact detailsReferences  
Participation in our volunteer programmesmedical conditions, treatment, medication, dietary information, travel information, passport and visa details, name and email/phone of next of kin, records of volunteer progress reports, records of place and dates of volunteer service, records of reference requests made to ROTA.Criminal record check including any criminal offence data (successful participants only)
Using our websites http://www.assumptionreligious.org/ www.duchessfund.org.uk www.assumptionvolunteers.org.ukInformation collected by Google analytics if you consent to cookies (see the section on Cookies below) 
Mailing listsname, email address, postal address 
Requests, questions, complaints or other contactname, name(s) of any other individuals involved, details of your query or complaint 
Applicants to live in our HMO (259A Waldegrave Road)name, email address, postal address, date of birth, nationality, religion, personal statement, referees, education 
Residents in our HMO (259A Waldegrave Road)name, email address, postal address, date of birth, nationality, religion, educational details, personal statement, referees, copy of passport, medical conditions/medication taken, emergency contact detailsreferences

How do we use your personal data?

Depending on how you interact with us, we may use your personal data to:

  • deliver our activities or services to you
  • process grant applications and obtain references
  • process job applications and obtain references
  • process volunteering applications and obtain references
  • assess medical fitness to participate in certain volunteering programmes
  • contact someone in case of an emergency involving you
  • process visa applications for volunteers and make necessary arrangements for volunteers in serving overseas
  • share information about volunteers with our volunteering partners overseas
  • process donations or other payments you make (for example, if you hire our facilities)
  • keep in touch with you about the work we are doing, upcoming events and activities, ways in which you can support us (for example, by volunteering your time)  
  • seek feedback from you
  • inform you of any changes to our activities
  • administer our work and operations (for example, to keep accounts and records up-to-date)
  • for audit and statistical purposes
  • improve our activities and the way we communicate with you including our website
  • ensure we comply with our legal obligations (for example, by providing information to our regulator the Charity Commission or to HMRC, or to make reports concerning safeguarding)
  • carry out safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments.
  • measure and analyse information about people who visit our website, to tailor the website to make it better for visitors, and to improve technical performance.

Data security

We have appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

The transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your electronic information transmitted to us and any transmission is at your own risk.

We have in place procedures to deal with any suspected personal data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

What is our lawful basis for using your personal data?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data:

  • to perform a contract we have with you or to take necessary steps to enter into a contract with you
  • where we need to comply with a legal obligation
  • if you have given consent
  • where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests

Our legitimate interests for using your personal data may include:

  • making a decision about your application for a job with us, to volunteer with us, or for grant funding (including obtaining references from your named referees and carrying out criminal checks where appropriate)
  • assessing your fitness to participate in our programmes
  • arranging your visa for overseas travel
  • liaising with overseas partners that you plan to volunteer with
  • keeping a record of emergency contact details for you and using them if required
  • retaining records for future contact with you, to respond to any reference requests relating to you, and for our own internal analysis and archiving purposes

We will also use your personal data if we need to protect your vital interests (or someone else’s interests in an emergency).

Sometimes our reasons for using your personal data will overlap and there may be several lawful conditions which justify our use of your personal data.

We use special category personal data and criminal offence data:

  • for reasons of substantial public interest (for example, preventing fraud, safeguarding, or to ensure equality of opportunity and treatment)
  • if you have given your explicit consent
  • in the course of our legitimate activities as a not-for-profit body and with appropriate safeguards in place
  • if you have made the information public
  • where necessary for the establishment, exercise or defense of legal claims
  • where it is necessary to protect your vital interests or the vital interests of someone else and you are incapable of giving consent

Who do we share your personal data with?

Depending on the personal data we have and the reasons we have it, we may share your personal data with the following third parties:

  • our volunteering partners
  • referees whose details you give to us
  • the Disclosure and Barring Service (or other criminal record checking service for overseas volunteers)
  • external service providers such as our bank or auditor (we will always ensure that we have a written contract with any third party processor which complies with data protection legislation)
  • professional advisers (for example, our accountants and lawyers)
  • external agencies that we are legally obliged to share your personal data with (for example, a court or the police where necessary to prevent fraud or other crime)
  • a regulator or government body (for example, HMRC or the Charity Commission)
  • as part of a sale of some or all of our charity and assets to any third party, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, sale, merger, reorganisation, change of legal form, dissolution or similar event (we will always notify you in advance and we will take steps to ensure that your privacy rights will continue to be protected)

How long will we keep your personal data?

We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, and the purposes for which we process your personal data.

Please contact us if you would like to see a copy of our Retention & Disposal of Records Policy.

Your rights

You have the right to:

  • Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Ask us to correct personal data that we hold about you which is incorrect, incomplete or inaccurate.

In certain circumstances, you also have the right to:

  • Ask us to erase your personal data from our files and systems where there is no good reason for us continuing to hold it.
  • Object to us using your personal data to further our legitimate interests (or those of a third party) or where we are using your personal information for direct marketing purposes.
  • Ask us to restrict or suspend the use of your personal data, for example, if you want us to establish its accuracy or our reasons for using it.
  • Ask us to transfer your personal data to another person or organisation.

If you have given your consent to us processing your personal data, you have the right to withdraw your consent at any time.

You also have rights in relation to automated decision making which has a legal effect or otherwise significantly affects you. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces significant legal effects concerning you.

If you (or someone authorised to act on your behalf) want to exercise any of these rights, please contact our Data Protection Representative (contact details above). Please note that we may ask you to provide us with proof of identity for verification and data security purposes before you can exercise your rights.


Cookies, also known as browsers or tracking cookies, are small text files that are added to your computer when you visit a website. They help websites to perform certain functions e.g. to know who you are if you log into a restricted part of a website, for shopping carts, and for tracking purposes.

ROTA uses Google analytics cookies on our website for tracking purposes. The cookies allow us to understand general traffic to our website for example number of visitors and length of time on site. This helps us make improvements, develop the website and enhance the user experience.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

Changes to this Privacy Notice

We may make changes to this Privacy Notice from time to time. We will not make any use of your personal data that is inconsistent with the original purpose(s) for which it was collected or obtained (if we intend to do so, we will notify you in advance wherever possible) or otherwise than is permitted by data protection laws.

Version control

Policy approved by TrusteesOctober 2020 v1
ReviewedJune 2023 v2