Personal information can be anything that can be used to identify an individual, not limited to the person’s name, address, contact information, etc.
1. What personal data we collect, and why we collect it?
We may also process your data if it is necessary to fulfill our obligations or to protect the vital interests of you or another individual.
Use, reasoning, and storage
First name, surname, delivery address, billing address, and contact information
Consent, Contract or Legal obligation
Information about your interests and opinions, place of residence, gender, and your date of birth
Consent, Contract, or Legal obligation
Payment and donation information
Contract or Legal obligation
Your communication with us
Consent, Contract, Legal obligation, Vital interests, Public task or Legitimate interests
Purchase and donation history, and a log of activities on the site
Consent, Contract, Legal obligation, Legitimate interests
Social platform account
Personal account, cookie and other preferences
Consent or Legal obligation
Consent, Contract or Legal obligation
Uploaded media files
Consent or Contract
Embedded content from other websites
3. How long we store your data?
4. What rights do you have over your data?
You can restrict the processing of your data, by contacting us through our Privacy Center. We will have one calendar month to respond to such a request, but this right can be exercised only in the following cases:
- You challenge the accuracy of personal data;
- Personal data is processed unlawfully, but you do not want it deleted;
- Personal data is no longer required for our processing, but you request it in connection with legal proceedings, enforcement or defense, or
- You do not consent to the processing being based on a legitimate interest of us or a third party until the grounds for your disagreement have been verified.
- By restricting the processing of personal data, we may continue to store your data, but will not continue to process it, except: (i) with your consent; (ii) in connection with the bringing, enforcement, and defense of legal claims; (iii) to protect the rights of other natural or legal persons; or (iv) in the overriding public interest.
We will have one calendar month to respond to such a request. You can request the deletion of your data by sending us a Forget Me application from the Privacy Center. This right can be exercised if:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- You withdraw your consent, and there is no other legal basis for processing the data;
- You do not consent to the processing of personal data for the legitimate interests of us or a third party;
- Personal data is processed for direct marketing purposes;
- Personal data have been processed unlawfully;
- Please note that in some cases you will not be able to exercise this right due to applicable exceptions. These exceptions include cases, where the personal data processed, are necessary to (i) exercise freedom of expression and information; (ii) exercise our legal obligations; or (iii) raise, enforce or defend legal claims.
You have the right to correct any inaccurate personal data and, taking into account the purposes of the processing, to supplement any incomplete personal data by sending us a Data Rectification application from the Privacy Center. We will have one calendar month to respond to such a request.
You have the right to receive confirmation from us whether we process your data or not. When we process your data, you have the right to get acquainted with the data to be processed and information about their processing, for example, the purpose of personal data processing, categories of personal data, etc. We will provide you with a copy of your data if you submit a Request Data application from the Privacy Center. You have the right to receive your data in a systematic and computer-readable format. We will have one calendar month to respond to such a request. However, you cannot exercise this right in cases where it may adversely affect the rights and freedoms of others.
You may exercise this right for any purpose related to your particular situation, but only to the extent that we use the data in connection with our or a third party’s legitimate interests. If you object, we will not continue to process personal data unless we can prove that the data is being processed for compelling legitimate reasons beyond your interests, rights, and freedoms, or to bring, pursue and protect claims and/or legal proceedings. We will have one calendar month to respond to such a request.
Allowing you to obtain and reuse your data for your own purposes across different services. The right only applies to information an individual has provided to a controller and the legal basis for the processing of personal data is Your consent or Performance of the contract or actions taken at your request before the conclusion of the contract.
In cases where the legal basis for the processing of your data is consent, you have the right to withdraw the consent at any time. Withdrawal of consent will not affect the lawfulness of the data processing during the period leading up to the withdrawal.
If you believe that we are violating personal data protection legislation by processing your data, you have the right to submit a complaint to the State Data Protection Inspectorate, located at Blaumana Street (Blaumaņa iela) 11/13-11, Riga, LV-101111, https://www.dvi.gov.lv/en/.
In all cases, please contact us before making a complaint so that we can work together to find a suitable solution.
If you want to exercise your rights, or in case of questions about the processing of personal data or the exercise of rights, contact us by using the Privacy Center.
We will notify you of any significant changes in our website or by using other appropriate means of communication, such as by e-mail, so that you may review the changes before continuing to use our website.
6. Our contact information
You can contact us by using our Privacy Center. Please, do not hesitate to contact us if:
- You want us to stop using your data;
Security through obscurity would be like burying your money under a tree. The only thing that would make such a hiding spot safe would be the fact that no one knows where the money is.
Kerckhoffs’s principle is one of the basic principles of modern cryptography. It was formulated at the end of the 19th century by Dutch cryptographer Auguste Kerckhoffs and goes as follows: A cryptographic system should be secure even if everything about it, except the key, is public knowledge. Or Claude Shannon`s maxim that “one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them”.
These concepts are widely embraced by cryptographers, in contrast to “security through obscurity”, which is not.
Based on these principles, real security would be putting the money behind a locked safe. Afterward, you could put the safe on a public street, and the money would still be safe because what makes it secure is that no one can get inside it rather than mere obscurity.
Even though we believe in Kerckhoffs`s principle and the GDPR`s “Data protection by design and default” principle, we do not wish to potentially incriminate the strength of our security by unnecessary revealing too much information about it.
Thus in this section, we will reveal only as much as s needed to demonstrate that the security of our website is a priority for us and that we actively take steps to keep it that way.
Below are some, but not all of the things that we do to improve your data`s security:
- We keep our website updated: More than 50%of websites are still running on an older version of WordPress, but not ours. We always keep our website up-to-date.
- We use secure admin login credentials: One of the most recurring mistakes in website administration is using common usernames and passwordssuch as “admin” or “administrator”, and “password” or “1234” rather than using and frequently updating hard to guess usernames and passwords.
- We backup our website frequently: Our hosting provided provides us with regular backups of our website so that in case of, for example, data loss we could restore both our website and your data.
- We remove unused themes and plugins. Plus, we do not use nulled themes or plugins: Nulled WordPress themes/plugins are pirated versions of the original premium versions. Furthermore, having outdated yet active plugins increases the risk of cyberattacks, as hackers can use them to gain access to the site.
- We use an SSL certificate to encrypt data: SSL Certificates are small data files that digitally bind a cryptographic key to an organization. When installed on a web server, it activates the padlock and the https protocol, allowing secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer, and logins, and more recently is becoming the norm when securing browsing of social media sites.
- Using Content Delivery Networks like JetPack and Cloudflare: A CDN uses a group of servers to provide fast content delivery, managing traffic by handling user requests much faster. Utilizing CDN servers can improve security, reduce bandwidth, and increase speed.
A personal data breach – is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.
In terms of specific procedures for mitigating a data breach:
- We have analytics enabled ono our website. For example, JetPack that monitors our website and notifies the website`s administrator if the website has gone offline.
- Stripe is managing our payments, and if there are any problems with this process, then we will acquire a notification and will be able to start tackling the issue.
- Our administrators keep a log of everything that happens on the website to make sure that only the authorized users access sensitive data
- We have a communication system that can quickly notify our users about data breaches.
When a personal data breach could occur, we will notify the Information Commissioner’s Office (ICO) in due time, but no later than 72 hours after becoming aware of it. If we take longer than this, we must give reasons for the delay.
Yet, but if the breach is unlikely, then we are allowed not to report it as long as we can justify this decision by documenting it.
If a breach is likely to result in a high risk to the rights and freedoms of individuals, the GDPR says we must inform those concerned directly and without undue delay.
Generally, we do not receive information about you from third parties. , Unless you have consented to such transactions.
It is also possible that third parties with whom we have had no prior contact may provide us with information about you.
If we receive information about you from a third party in error and/or we do not have a legal basis for processing that information, we will delete that data.
Automated data processing systems are systems that exclude any human influence on the outcome. We do not use such systems to manage personal data.