Privacy Policy for romaniabenefica.live
Last Updated: [Date]
This Privacy Policy describes how romaniabenefica.live ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our website and related services. We are committed to protecting your privacy and handling your data in an open and transparent manner in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) (EU) 2016/679.
By using our website, you consent to the data practices described in this policy. If you do not agree with any part of this Privacy Policy, please do not use our website.
1. Data Controller
The data controller responsible for your personal data is:
[Legal Entity Name][Physical Address]
[City, Postal Code]
Romania
Email: [Data Protection Email Address]
For any questions regarding this Privacy Policy or our data practices, please contact us using the details above.
2. Information We Collect
We collect several types of information from and about users of our website, which may include personal data.
2.1. Information You Provide Directly
- Contact Information: Such as your name, email address, telephone number, and mailing address when you fill out contact forms, donation forms, volunteer applications, or newsletter sign-ups.
- Financial Information: Details necessary to process donations, such as payment card information or bank account details. Please note that sensitive payment data is processed directly by our secure third-party payment processors and is not stored on our servers.
- Identity and Background Information: In the context of volunteer applications or specific programs, we may collect data such as date of birth, nationality, identification number, skills, and employment history.
- Communications: Records of your correspondence with us, including emails and messages submitted through the website.
- Content: Any other personal data you choose to provide in free-text fields, comments, or uploaded documents.
2.2. Information Collected Automatically
- Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Usage Data: Information about how you use our website, including the full Uniform Resource Locators (URL) clickstream to, through, and from our site (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
- Cookies and Similar Technologies: Please see our separate Cookie Policy in Section 9 for detailed information.
2.3. Information from Third Parties
We may receive personal data about you from various third parties, including:
- Technical data from analytics providers (such as Google), advertising networks, and search information providers.
- Contact and transaction data from providers of technical, payment, and delivery services.
- Publicly available sources or data from partner organizations, where lawful and with necessary safeguards.
3. How We Use Your Information (Purposes and Legal Bases)
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances and for the following purposes:
| Purpose/Activity | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To provide you with information, services, or materials you request from us (e.g., responding to inquiries). | Contact, Identity, Communications. | Performance of a contract or taking steps at your request to enter into a contract; Legitimate interests (to respond to your queries). |
| To process and acknowledge your donations, issue receipts, and manage our relationship with you as a donor. | Contact, Identity, Financial, Transaction. | Performance of a contract; Compliance with a legal obligation (e.g., tax); Legitimate interests (to administer donations and maintain donor records). |
| To manage volunteer applications and coordinate volunteer activities. | Contact, Identity, Background, Communications. | Performance of a contract; Legitimate interests (to recruit and manage volunteers); Your explicit consent (for special category data, if collected). |
| To send you newsletters, updates, and marketing communications about our projects, campaigns, and fundraising events (where you have consented or where we have a legitimate interest). | Contact, Profile, Marketing Preferences. | Consent (for direct electronic marketing); Legitimate interests (to promote our charitable mission to existing supporters, subject to opt-out rights). |
| To administer and protect our website and business (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data). | Technical, Usage, Contact. | Legitimate interests (for running our charity, provision of administration and IT services, network security, to prevent fraud); Necessary to comply with a legal obligation. |
| To use data analytics to improve our website, services, marketing, donor relationships, and experiences. | Technical, Usage. | Legitimate interests (to define types of supporters for our services, to keep our website updated and relevant, to develop our charity, and to inform our marketing strategy). |
| To comply with legal and regulatory obligations, including fraud prevention, tax reporting, and responding to lawful requests from public authorities. | All relevant categories of data. | Compliance with a legal obligation. |
4. Data Sharing and Disclosures
We may share your personal data with the following categories of recipients in strict accordance with the law:
- Service Providers: Trusted third parties who provide services on our behalf, such as IT and system administration, hosting, payment processing, email delivery, marketing, and analytics. These providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- Professional Advisors: Including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services, where necessary.
- Government and Regulatory Authorities: To the extent we are required to do so by law, or in response to valid requests by public authorities (e.g., tax agencies, courts).
- Partner Organizations: In specific cases, and only with your explicit consent, we may share your data with partner non-profit organizations for joint initiatives that align with our mission.
- Successor Entities: In the event of a merger, reorganization, dissolution, or similar event, personal data may be part of the transferred assets. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.
We do not sell, rent, or trade your personal data to third parties for their commercial purposes.
5. International Data Transfers
We primarily store and process data within the European Economic Area (EEA). However, some of our external third-party service providers may be based outside the EEA, so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:
- Transferring data to countries deemed by the European Commission to provide an adequate level of protection.
- Using specific contracts approved by the European Commission (Standard Contractual Clauses) which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the EU-US Data Privacy Framework which requires them to provide similar protection to personal data shared between the EU and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
6. Data Security
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. These measures include encryption, access controls, secure networks, and regular security assessments. However, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. Any transmission of personal information is at your own risk.
7. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means, and applicable legal requirements.
For example, we are required to keep basic information about our donors (including Contact, Identity, Financial and Transaction Data) for tax and audit purposes for a minimum of [e.g., 10] years after the transaction. In some circumstances you can ask us to delete your data: see Your Legal Rights below.
8. Your Legal Rights Under GDPR
Under certain circumstances, you have rights under data protection laws in relation to your personal data. If you wish to exercise any of these rights, please contact us using the details in Section 1.
- Right of Access: You have the right to request copies of your personal data.
- Right to Rectification: You have the right to request correction of any information you believe is inaccurate or to complete information you believe is incomplete.
- Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data, under certain conditions.
- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions, including for direct marketing purposes.
- Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement. In Romania, this is the National Supervisory Authority for Personal Data Processing (ANSPDCP).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
9. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to distinguish you from other users, enhance your experience, and analyze website traffic. A cookie is a small file placed on your device.
We use the following categories of cookies:
- Strictly Necessary Cookies: Required for the website to function and cannot be switched off. They are usually set in response to your actions.
- Performance/Analytics Cookies: Allow us to count visits and traffic sources to measure and improve site performance.
- Functionality Cookies: Enable enhanced functionality and personalization, such as remembering your preferences.
- Targeting/Advertising Cookies: Set by our advertising partners to build a profile of your interests and show relevant ads on other sites.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more detailed information, please see our full Cookie Policy available on our website.
10. Third-Party Links
Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every site you visit.
11. Children's Privacy
Our website is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers.
12. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Data Controller at:
[Legal Entity Name]Attn: Data Protection
[Physical Address]
[City, Postal Code]
Romania
Email: [Data Protection Email Address]