PRIVACY AND PERSONAL DATA
We’re quite proud that our fundraiser operates without online tracking or intrusive marketing tools that compromise your privacy. On this page, we explain in detail how we handle your personal data, who has access to it, and how it is processed.
COOKIES
Cookies are small files stored in your browser’s memory that allow a website to function properly. Some types of cookies are very aggressive and can track you across different websites. Others are harmless and simply ensure that the website loads correctly or supports features that require interaction between the server and your browser.
On our websites, we only use cookies necessary for the basic functioning of the site. These tools do not require consent under the GDPR directive. Specifically, they fall under the category of “Strictly necessary cookies.”
These cookies are essential for browsing the website and using its features — for example, accessing secure areas of the site. An example of strictly necessary cookies would be those that allow online stores to keep items in your cart while you shop. These are usually first-party session cookies. While consent is not required for these cookies, users should be informed about what they do and why they are necessary.
Source: https://gdpr.eu/cookies/
Plausible
We use Plausible to track our website traffic. Unlike Google Analytics, Plausible does not use invasive tracking methods. The company is based in Europe, and among all available analytics tools, Plausible offers the best combination of privacy, accuracy, and technical quality. We pay for this service from the foundation’s budget.
Google API
We use Google Cloud for certain functions, such as storing code, processing payments, and supporting other essential site features. It is a paid hosting service necessary for our website to function.
Amazon CloudFront
We use CloudFront for certain functions, where some of our code is stored for payment processing and other basic operations. It is a paid hosting service required for our website to operate. No personal data is processed on this platform.
JQuery
Some minor features (not related to your personal data) use JavaScript. jQuery is a service where these scripts are stored, and our website occasionally downloads small pieces of code from it.
JSDelivr
Some minor features (not related to your personal data) also use JavaScript. JSDelivr is another service that hosts these scripts, and our website occasionally retrieves code from there.
Google Static (Google Fonts)
For the visual design of our site, we use font libraries provided by Google Fonts. This service temporarily downloads the fonts used on our site to your browser so that the website appears visually correct and consistent.
Why do you use tracking pixels?
We have to, because currently it is not possible to achieve the purpose of our e-shop (raising enough funds to run campaigns for Ukraine) without precise ad targeting. We’ve tried, it doesn’t work otherwise. We need to be visible on Facebook, Instagram, and elsewhere, and most importantly: with pixels, we only pay for actual purchases. This is absolutely essential for generating enough revenue on our e-shop to run the fund.
Why don’t you use your own servers?
It’s true that with our own servers we wouldn’t need to use cloud services, but the costs for operation, maintenance, and security would be significantly higher, and it didn’t seem responsible given our budget for running the project. Own servers would also be an easier target for DDoS attacks.
Wouldn’t it be better not to use Google Fonts?
Yes, of all the tools we use, Google Fonts are purely for aesthetics and it’s very easy for us to give our campaigns a slightly different look each time. From a GDPR perspective, Google Fonts access IP addresses, which are considered personal data. The alternative would be to install the fonts locally on our websites, and we decided this solution is better for privacy and we are already switching to it.
How can I protect myself from online tracking?
Use dedicated tools for this purpose. For analysis and settings, you can use Ghostery, and instead of unsecured browsers, you can use Firefox, Safari, or Brave, which allow you to better manage your privacy. The downside is that some websites or their functions may not work properly. Our website will function without issues.
Personal Data
We only collect personal data on our websites if you request it, and we process it in accordance with principles that ensure maximum privacy and anonymity.
PAYMENT
When making a payment, personal data is processed — not on our website, but by the bank handling the transaction. The following banks and payment services are used:
ČSOB (Czechoslovak Commercial Bank, a.s.)
For card payments via ČSOB’s payment gateway, the bank does not share any personal data with us except the last four digits of your card (for payment identification). We do not know your name or any other information. This transaction is completely anonymous from our side. Your bank and card provider (VISA, Mastercard, etc.) are aware of the transaction and your details, but they are strictly regulated and cannot share your information without a court order.
For bank transfers, we can see your account number and, if your banking system provides it, your name. This information is accessible only to foundation staff and, in some cases, technical personnel. These details are never shared, are not stored on third-party services, and are not necessary for website operation.
Personal Data Processing Policies
Stripe (Stripe, Inc.)
For international payments, we use Stripe, which offers a variety of payment methods from different providers. Stripe requires your email address, which we can see in the payment record. Your address is not processed or shared with anyone else. This email is not used for marketing purposes, but we may contact you through it regarding operational or important matters related to your donation.
Personal Data Processing Policies
PayPal (PayPal Holdings, Inc.)
For some older campaigns, we used PayPal, which allowed us to see your name and email address. This service will no longer be used for new campaigns.
Which payment method is the most anonymous?
Definitely card payment via the ČSOB gateway, ideally combined with Apple Pay—which even modifies the last four digits of your card, so we know absolutely nothing about you. Keep in mind, however, that your bank may provide the transaction details to authorities by court order.
Why don’t you offer crypto payments?
Our project is very sensitive, and due to the nature of our work, we cannot guarantee that crypto funds do not come from criminal activity. This is absolutely unacceptable given what we do.
What to do if I have to share my email address (e.g., with Stripe) but don’t want to?
If you use Apple products, you can use the “Hide my address” feature with Apple Pay. If you don’t use Apple, you can use a one-time public email, e.g., the free Mailinator service, which allows you to create a temporary email address that is automatically deleted afterward.
Donation Receipt
If you request a donation receipt from us, personal data will naturally be transmitted. We do not share this data with anyone, but it must be processed through a few necessary services.
Airtable (Formagrid, Inc.)
When you fill out the receipt form on our website, the submitted data is sent via a secure protocol to our server, which stores it in Airtable along with payment information. Your data remains readable in the record only for as long as necessary to process the receipt. Once the receipt is sent, all data in the database is automatically deleted.
Sendgrid (Twilio Inc.)
To deliver the receipt email, we use the email delivery service Sendgrid. It processes your email address, and other personal information is transmitted in the form of a PDF. Records on Sendgrid about your email address and delivery status are kept for three days; older history is not visible to us.
Donation Receipt (Older Version)
For older receipts (which may still be accessible in the footer of our websites), you submit your data via a Google Form, which then sends it to an internal system responsible for storage and delivery. Each receipt must be manually created by a foundation employee with access to the request database.
Documents
Foundation Statute
Defines your rights and our obligations in the context of making a donation. It also specifies the purposes for which we can use the funds.
Policy on the processing of personal data
A legal document describing how we comply with the principles of personal data protection and the GDPR directives of the European Union.
Report a problem
Let us know at privacy@proukrajinu.cz if you suspect a vulnerability in our privacy or personal data protection system.
The gift for Putin was initiated in 2022 as a project to support the defense of Ukraine. In 2023, we became an independent non-profit organization. Supporting Ukraine’s defense, we collaborated with the Embassy of Ukraine in Prague to send equipment worth over 1 billion CZK, and we will continue doing so until Ukraine is free and safe again.
