Legal
Privacy Policy
1. Introduction
Welcome to Sharing is Caring ("we," "us," or "our"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (sharingiscaring.org), make a donation, volunteer, or interact with our charity.
We process your personal data in accordance with the European Union General Data Protection Regulation (GDPR) and the applicable data protection laws of the Republic of Estonia.
2. Data Controller Information
For the purposes of the GDPR, the Data Controller responsible for your personal data is:
Organization Name: Sharing is Caring MTÜ
Registry Code: 80642014
Country of Registration: Estonia
Contact Email: office@sharingiscaring.org
Website: sharingiscaring.org
3. What Personal Data We Collect
Depending on how you interact with us, we may collect the following types of information:
Identity and Contact Data: Name, email address, phone number (e.g., when you subscribe to a newsletter, volunteer, or contact us).
Financial and Donation Data: Payment card details, billing address, and donation history. (Note: We do not store full credit card numbers on our servers; these are processed securely by our third-party payment providers like Stripe).
Technical and Usage Data: IP address, browser type, operating system, and information about how you navigate our website (collected via cookies and analytics tools).
Communication Data: Records of your correspondence with us.
4. How and Why We Use Your Data (Legal Basis)
Under the GDPR, we must have a valid legal basis to process your personal data. We use your data for the following purposes:
Purpose | Type of Data | Legal Basis for Processing |
|---|---|---|
To process and acknowledge donations | Identity, Contact, Financial | Performance of a Contract and Legal Obligation (tax and accounting rules). |
To communicate with you (answering inquiries, volunteer coordination) | Identity, Contact, Communication | Legitimate Interest (to run our charity effectively) or Performance of a Contract. |
To send newsletters and updates | Identity, Contact | Consent (you can withdraw this at any time by clicking "unsubscribe"). |
To maintain our accounting and tax records | Identity, Financial | Legal Obligation (Estonian Accounting Act). |
To improve our website and prevent fraud | Technical, Usage | Legitimate Interest (network security and optimizing user experience). |
5. How We Share Your Data
We do not sell, rent, or trade your personal data. We may share your information only with the following trusted third parties to help us operate:
Service Providers: Payment processors (e.g. Stripe), website hosting services, and email distribution platforms. These providers are bound by strict data processing agreements.
Legal and Regulatory Authorities: We may disclose data to the Estonian Tax and Customs Board (EMTA) or other government bodies if required by law.
If we transfer your data outside the European Economic Area (EEA), we ensure it is protected by appropriate safeguards, such as the European Commission's Standard Contractual Clauses.
6. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.
Accounting records: Under the Estonian Accounting Act, we are required to keep accounting source documents (such as donation receipts) for 7 years.
Mailing lists: Your contact details will be kept until you withdraw your consent (unsubscribe).
7. Your Data Protection Rights
Under the GDPR, you have the following rights regarding your personal data:
Right to Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can ask us to correct any inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): You can request that we delete your data, subject to certain legal exceptions (e.g., our obligation to keep accounting records).
Right to Restrict Processing: You can ask us to suspend the processing of your data in specific circumstances.
Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format.
Right to Object: You can object to us processing your data based on legitimate interests or for direct marketing.
Right to Withdraw Consent: If we rely on your consent to process data, you can withdraw it at any time.
To exercise any of these rights, please contact us at [Insert contact email]. We will respond to your request within one month.
8. Cookies
Our website uses cookies to distinguish you from other users, provide a better experience, and analyze site traffic. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. (Consider linking to a separate Cookie Policy if your site uses extensive tracking).
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Any updates will be posted on this page with a revised "Effective Date."
10. Complaints
If you believe that your data protection rights have been violated, we encourage you to contact us first so we can resolve the issue. You also have the right to lodge a complaint with the Estonian supervisory authority:
Estonian Data Protection Inspectorate
Website: www.aki.ee
Address: Tatari 39, 10134 Tallinn, Estonia
Email: info@aki.ee