Privacy & GDPR Policy
How we collect, use, and protect your personal data
Last updated: March 2026
Introduction
The Graweo Charitable Foundation is committed to protecting your personal data in full compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This policy explains what data we collect, how we use it, and what rights you have as a data subject. By using our website and services, you acknowledge that you have read this policy and consent to the processing of your personal data as described herein.
What Personal Data We Collect
We may collect the following categories of personal data: contact information (name, email address) when you submit a contact form or make a donation; payment information securely processed through our certified payment providers (Stripe); usage and analytics data collected automatically when you visit our website (IP address, browser type, pages visited, time on site); and communication data when you contact us via email or Telegram.
Legal Basis and Purpose of Processing
We process your personal data on the following legal bases: (1) Consent — for newsletter subscriptions and optional marketing communications. (2) Contractual necessity — to process donations and provide our charitable services. (3) Legitimate interests — to improve our website and services, ensure security, and prevent fraud. (4) Legal obligation — to comply with applicable laws and regulations, including financial and tax reporting requirements.
Your Rights Under GDPR
As a data subject under GDPR, you are entitled to the following rights. To exercise any of them, please contact us at [email protected].
Right of Access
You have the right to request a copy of the personal data we hold about you, along with information about how it is used.
Right to Erasure
You may request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller.
Right to Object
You may object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation.
Right to Restriction
You have the right to request that we restrict the processing of your personal data in certain circumstances.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data that we hold about you.
Technical Infrastructure & Data Security
Our website and digital infrastructure are hosted and maintained by U-Cloud24 — our technology partner specialising in secure, GDPR-compliant cloud environments. U-Cloud24 provides cloud infrastructure, DevOps support, and data security services, ensuring that all personal data is stored and processed in accordance with European data protection standards. U-Cloud24 acts as a data processor under GDPR and operates in compliance with ISO security standards.
Learn more about U-Cloud24's technical capabilities at u-cloud24.com
Cookies and Analytics
Our website uses cookies and Google Analytics (via Google Tag Manager, ID: G-9E9JFKGHKN) to understand how visitors interact with our content. This includes strictly necessary cookies for website functionality and analytics cookies that help us improve our services. Analytics data is anonymised where possible. You may disable non-essential cookies through your browser settings at any time.
Your Consent
By using this website, submitting a contact form, or making a donation, you confirm that you have read and understood this Privacy & GDPR Policy and consent to the processing of your personal data as described herein. You have the right to withdraw your consent at any time by contacting us — withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Contact Us for Data Requests
To exercise any of your GDPR rights, or if you have questions about how we handle your personal data, please contact our Data Protection Officer: