We are quite proud that our fundraising operates without online tracking and marketing tools that invade your privacy. Therefore, on this page, we will explain in detail how we handle your personal data, who sees it, and how we process it.
Cookies are auxiliary files stored in your browser's memory to ensure the proper functioning of the website. Some types of cookies are very intrusive and can track you across different websites. Others are harmless and merely ensure the website loads correctly or provides a function requiring cooperation between the server and the browser.
‍
On our websites, we use only cookies necessary for basic website functionality. These tools do not require consent under the GDPR directive. Specifically, these fall into the category of  Strictly necessary cookies).
These cookies are essential for browsing web pages and using their features, such as accessing secure areas of the website. An example of strictly necessary cookies is those that allow online stores to keep your items in the cart during shopping. These cookies are typically first-party session cookies. Although consent is not required for these cookies, users should be informed about their purpose and why they are necessary.
Source:: https://gdpr.eu/cookies/
‍
We use Plausible to monitor our website traffic. Unlike Google Analytics, Plausible does not use invasive tracking methods. The company is based in Europe, and among all available traffic measurement tools, Plausible offers the best combination of privacy, accuracy, and technical implementation. We pay for this service from the foundation's budget.
‍
For some functions, we use Google Cloud services where the code for payment processing and other basic functions is stored. This is a paid hosting service essential for the operation of our website.
‍
We use CloudFront for some functions, where the code for payment processing and other basic functions is stored. This is a paid hosting service essential for the operation of our website. No personal data is processed on this storage.
‍
Minor functions (unrelated to your personal data) use JavaScript. JQuery is a service where these functions are stored, and our website occasionally needs to download a piece of code.
Minor functions (unrelated to your personal data) use JavaScript. JSDelivr is a service where these functions are stored, and our website occasionally needs to download a piece of code.
‍
For the design of our pages, we need to use a font library provided by Google. This tool temporarily downloads the font used by our site to your browser, ensuring a visually appealing website.
‍
Yes, it's true that with our own servers, we wouldn't need to use cloud platform services. However, the costs associated with operating and maintaining our own servers would be significantly higher, and we didn't find this responsible given the minimal budget we allocate for operations.
‍
Yes, of all the tools we use, Google Fonts are purely for aesthetics, and it is very easy for us to give our campaigns a slightly different look each time. From a GDPR perspective, Google Fonts have access to the IP address, which is considered personal data. An alternative would be to install the fonts locally on our websites. We have decided that this solution is better from a privacy standpoint, and we will be transitioning to it.
‍
Use dedicated tools for this purpose. For analysis and settings, you can use the Ghostery service. Instead of unsecured browsers, you can use browsers like Firefox, Safari, or Brave, which allow you to better manage your privacy settings. The downside might be that some websites or their functions may not work properly. Our website will function without any issues.
We collect personal data on our websites exclusively when you request it, and we adhere to principles that guarantee maximum privacy and anonymity when processing this data.
‍
When making a payment, personal data is processed—not on our website, but within the bank that processes the payment. The banks and banking services involved are:
‍
When paying by card through the ÄŚSOB payment gateway, the bank does not share any personal data with us except for the last four digits of your payment card (for payment identification). We do not know anything about you, including your name. In relation to our service, the transaction is entirely anonymous. Your bank and the card provider (VISA, Mastercard, etc.) know about the transaction and your details but are subject to strict regulations and cannot handle or share your data unless ordered by a court.
‍
When paying by bank transfer, we can see your account number on the statement and, if set up in your banking details, your name. This information is accessible to foundation staff and, in some cases, technicians. We do not share this data with anyone, it is not stored in third-party services, and it is not required for the operation of the website.
Personal Data Processing Policy
‍
For international payments, we use Stripe, which offers a variety of payment methods from different providers. With Stripe, it is necessary to provide your email address, which we can see in the payment statement. We do not process or share your email address with anyone. This address is not used for sending any marketing emails, but we may contact you through it if it is something operational and important for you.
Personal Data Processing Policy
‍
In some older fundraisers, we use PayPal, which allows us to see your name and email address. We will no longer be using this service for new fundraisers.
Personal Data Processing Policy
‍
Paying by card through the ÄŚSOB gateway, ideally in combination with ApplePay, is the most anonymous method. ApplePay alters even the last four digits of your card number, ensuring we know absolutely nothing about you. However, remember that your bank can provide the transaction details to authorities based on a court order.
Our project is very sensitive, and given the nature of our activities, we cannot ensure that money from cryptocurrencies does not originate from criminal activities. This is entirely unacceptable given what we do.
‍
 If you use Apple products, you can use the "Hide My Email" feature in combination with ApplePay. If you don't use Apple, you can use a disposable public email service like Mailinator, which is free and allows you to create a temporary email address that is automatically deleted afterward.
If you request a donation receipt from us, it naturally involves sharing personal data. We do not share this data with anyone, but it is necessary to process it through several essential services.
‍
When you fill out the receipt form on our website, the entered data is sent via a secure protocol to our server, which stores it in the Airtable service along with payment information. Your data remains readable in the record for the time necessary to process the receipt. Once the receipt is sent, all data is automatically deleted from the database.
‍
To deliver the email with the receipt, we use the Sendgrid email distribution service. It handles your email address, and other personal data is included in the form of a PDF. On Sendgrid, the record of your address and delivery status is available for three days; older history is not visible to us.
‍
For older receipts, which you might still find in the footer of our websites, you fill in your details in a Google Form, which then sends the information to an internal system responsible for storage and distribution. Each receipt must be manually created by a foundation employee who has access to the request database.