Skip to content
Donate RO

GDPR

Privacy policy

This page explains what personal data we collect through valoridebine.ro, for what purpose, whom we share it with, and how you can exercise your rights under Regulation (EU) 2016/679 — "GDPR".

Document status

The full and final text will be drafted at public launch, after integrations (forms, newsletter, card donations, analytics) go live and after the operator's identification data (tax ID, legal representative) is confirmed. We recommend legal review before official use.

1. Data controller

Asociația Valori de Bine, registered at Intrarea Graurului no. 9, ground floor, District 3, Bucharest. Tax ID: to be published. Legal representative: to be published. GDPR contact: comunicare@valoridebine.ro.

2. Categories of data collected

  • Contact data from forms (name, email, phone, message)
  • Newsletter data (email address)
  • Donor data (name, email, amount, optionally address for fiscal receipts)
  • Technical data (IP address, user agent, visited page)
  • Payment data — NOT stored by us; processed directly by Netopia Payments

3. Purpose of processing

Responding to form requests, delivering the newsletter (with explicit consent), processing donations, fiscal reporting (legal obligation — for donations with receipt), site improvement (analytics).

4. Legal basis

Consent (newsletter, analytics cookies), contract performance / legitimate interest (donation processing, message replies), legal obligation (fiscal reports).

5. Third parties we share data with

  • Netopia Payments (payment processor, Romania) — payment data
  • Resend (form email delivery, EU/US) — contact data
  • Brevo (newsletter, EU) — email addresses
  • Google Analytics 4 (analytics, US) — anonymised technical data (with cookie consent)
  • Cloudflare (hosting, global infrastructure) — technical logs

Links to each provider's privacy policy will be added here.

6. International transfers

Some providers (Google, Resend, Cloudflare) have servers in the US. Transfers happen under Standard Contractual Clauses approved by the European Commission.

7. Retention period

Form contact data — maximum 3 years from last interaction. Newsletter data — until you unsubscribe. Donor data — the period required by law for accounting (10 years). Technical data — maximum 14 months.

8. Your rights

Access, rectification, erasure, restriction, portability, objection, consent withdrawal — all at comunicare@valoridebine.ro. We respond within 30 days at most.

Complaint to the National Supervisory Authority for Personal Data Processing (ANSPDCP): dataprotection.ro.

9. Data security

HTTPS across the site, encryption in transit, limited access to personal data via authentication. Card payments never pass through our servers — they are handled directly by Netopia, PCI-DSS certified.

10. Policy changes

If we change this policy significantly, we publish the new version at least 30 days before it applies and notify active users by email.

Last updated: 2026-05-23.