Effective Date: December 2024
The Pena Foundation (“we,” “us,” or “our”) values your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, and safeguard information in compliance with the General Data Protection Regulation (GDPR).
1. Who We Are
The Pena Foundation is a charitable organization focused on providing financial assistance to those in need. For any questions regarding this Privacy Policy, you may contact us at:
Email: [email protected]
2. Data We Collect
We may collect the following types of personal data:
- Contact Information: Name, email address, phone number, mailing address.
- Website Usage Data: IP address, browser type, and interaction history through cookies or analytics tools.
3. How We Use Your Data
We use your personal data for the following purposes:
- To process donations and issue receipts.
- To communicate about our initiatives, events, and updates.
- To review and process scholarship applications.
- To ensure the security of our website and improve user experience.
- To comply with legal and regulatory obligations.
4. Legal Basis for Processing
We process your data under one or more of the following lawful bases:
- Consent: When you have explicitly agreed to receive communications or provide personal data for specific purposes.
- Contractual Necessity: To fulfill agreements such as processing donations or scholarship applications.
- Legal Obligation: To comply with applicable laws.
- Legitimate Interest: To support and enhance our charitable initiatives while ensuring minimal impact on your privacy.
5. Data Sharing
We do not sell, trade, or rent your personal data to third parties. We may share your data with:
- Service Providers: Third parties that assist with payment processing, IT support, or communications.
- Legal Authorities: When required by law or to protect the rights and safety of the Pena Foundation.
6. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, or resolve disputes.
7. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right to Access: Request access to the data we hold about you.
- Right to Rectification: Correct any inaccuracies in your personal data.
- Right to Erasure: Request the deletion of your data (“right to be forgotten”).
- Right to Restriction: Restrict how we process your data in certain circumstances.
- Right to Data Portability: Receive a copy of your data in a structured, commonly used format.
- Right to Object: Object to the processing of your data based on legitimate interests or direct marketing.
- Right to Withdraw Consent: Withdraw consent at any time when processing is based on your consent.
To exercise your rights, please get in touch with us at [email protected].
8. Data Security
We implement appropriate technical and organizational measures to safeguard your personal data against unauthorized access, disclosure, alteration, or destruction.
9. International Data Transfers
If your data is transferred outside the European Economic Area (EEA), we will ensure it is protected through appropriate safeguards in accordance with GDPR requirements.
10. Cookies and Website Tracking
Our website uses cookies to improve user experience and analyze site traffic.
11. Updates to this Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on our website, and where appropriate, notified to you via email.
12. Contact Us
If you have any questions, concerns, or complaints regarding this Privacy Policy or the handling of your personal data, please contact us at:
Email: [email protected]
You also have the right to lodge a complaint with a supervisory authority if you believe we have not adequately addressed your concerns. You contact https://ico.org.uk/