1. General provisions
1.1. This privacy policy regulates the principles regarding the collection, processing and storage of personal data. International Children’s Warm Heart Foundation, a non-profit organization, is committed to protecting the privacy of its customers and the organization’s Members. We respect your trust.
Personal data is collected, processed and stored by the responsible personal data processor, International Children’s Warm Heart, a non-profit organization

Address: Kiriku tee 13, Harkujärve village Harku vald Harjumaa 76912
Reg. code: 80639584
(hereinafter data processor)

1.2. A data subject in the sense of the privacy policy is a customer or other natural person whose personal data is processed by the data processor.

1.3. A customer in the sense of the privacy policy is anyone who registers the non-profit organization International Children’s Warm Heart Foundation as a member/donor, volunteer, consumer of trainings/services or buys goods or services from the website of the data processor.

1.4. The data processor complies with the principles of data processing stipulated in legislation, among other things, the data processor processes personal data legally, fairly and securely. The data processor is able to confirm that personal data has been processed in accordance with the provisions of legislation.

2. Collection, processing and storage of personal data
2.1. The personal data that the data processor collects, processes and stores is collected electronically, mainly via the website and e-mail. We process the personal data of the volunteers, members, donors, clients, partners and participants of the trainings of the non-profit organization International Children’s Warm Heart Foundation.

2.2. By sharing his personal data, the data subject grants the data processor the right to collect, organize, use and manage personal data for the purpose defined in the privacy policy, which the data subject directly or indirectly shares with the data processor.

2.3. We use personal data for communication, customer service and service delivery, as well as for authorized marketing and targeted marketing.

2.4. The data subject is responsible for ensuring that the data provided by him is accurate, correct and complete. Knowingly providing false information is considered a violation of the Privacy Policy. The data subject is obliged to immediately notify the data processor of changes in the provided data.

2.5. The data processor is not responsible for damage to the data subject or third parties caused by the data subject providing false information.

2.6. It is our policy that personal data is not disclosed to a party outside the organization. If necessary, data may be disclosed only between the non-profit organization International Children’s Warm Heart Foundation, branches, departments and institutions, and with data processors authorized under the data processing agreement.

3. Processing of personal data of customers
3.1. The data processor may process the following personal data of the data subject:
3.1.1. First and last name;
3.1.2. Date of birth;
3.1.3. Phone number;
3.1.4. E-mail address;
3.1.5. Contact address;
3.1.6. Current account number;
3.1.7. Payment card details;

3.2. In addition to the above, the data processor has the right to collect data about the customer that are available in public registers.

3.3. The legal basis for the processing of personal data is Article 6(1)(a), (b), (c) and (f) of the General Regulation on the Protection of Personal Data:
a) the data subject has given his consent to process his personal data in one or more specific ways
for the purpose of;
b) the processing of personal data is necessary for the performance of a contract concluded with the participation of the data subject or a contract
to take pre-contractual measures in accordance with the data subject’s request;
c) the processing of personal data is necessary to fulfill the legal obligation of the data controller;
f) the processing of personal data is necessary in the case of a legitimate interest of the data controller or a third party, unless such interest is outweighed by the interests of the data subject or the fundamental rights and freedoms for which personal data must be protected, especially if the data subject is a minor.

3.4. Processing of personal data according to the purpose of processing:
3.4.1. Purpose of processing – security and safety
The maximum period of storage of personal data – according to the deadlines specified in the law
3.4.2. Purpose of processing – order processing (training)
The maximum period of storage of personal data – 7 years
3.4.4. Purpose of processing – customer management
The maximum period of personal data storage – 7 years
3.4.5. Purpose of processing – financial activity, accounting
The maximum period of storage of personal data – according to the deadlines specified in the law
3.4.6. Purpose of processing – marketing
The maximum period of storage of personal data – 2 years

3.5. The data processor has the right to share customers’ personal data with third parties, such as authorized data processors, accountants, transport and courier companies, companies providing transfer services. The data processor is the controller of personal data. The data processor transmits the personal data necessary for making payments, for example, to the authorized processor Maksekeskus AS, Smart ID, a company performing regular health checks, etc.

3.6. When processing and storing the personal data of the data subject, the data processor implements organizational and technical measures that ensure the protection of personal data against accidental or illegal destruction, modification, disclosure and any other illegal processing.

3.7. The data processor stores the data of the data subjects depending on the purpose of the processing, but not longer than 10 years.

3.8. We only collect and process necessary data and delete outdated data as soon as possible.

4. Cookies

4.1. The non-profit International Children’s Warm Heart Foundation website may use cookies, mobile device identifiers and web beacons, among other things, without compromising privacy. Cookies and other similar technologies are used to collect data about how and when the services are used: from which website the user has entered the service, which websites the user has browsed, what content the user has seen and clicked on, and the user’s screen resolution, which device version.

4.2. Cookies can be used to improve products and services and display content of interest to the user. The most important aspect is to ensure the safety of services. Our services make the most use of cookies, web beacons, local data storage techniques, mobile device identifiers and server logs. An individual user cannot be identified by cookies alone, and the Service cannot find things like a user’s name or email address unless the user has provided them. When a user is logged into a digital service, such as their app, we can combine the data we have observed about the user with the data the user has provided that identifies them.

5. Privacy on the Website

5.1. Before using our website, we recommend that you read the following terms of use. The website of the non-profit International Childrens’s Warm Heart Foundation and its agencies requires the user to agree to its terms of use. The content of the website, such as text, graphics, names, images, graphics, drawings, logos, icons, audio recordings and software, is owned by the International Children’s Warm Heart Foundation, a non-profit organization of the Red Cross. All rights to this material are reserved. Copying, transmission, modification, storage, publication and distribution of the material is prohibited without the written permission of the International Children’s Warm Heart Foundation, a non-profit organization. Viewing the website on a computer or similar device and printing prints for personal use is permitted. The use of public documents in public communication is permitted, but the source of the information must always be mentioned.

5.2. The material published on the website cannot be considered a legally binding offer or obligation of the non-profit International Children’s Warm Heart Foundation. International Children’s Warm Heart Foundation, a non-profit organization, reserves the right to make changes to the material and terms of use of the website, access to it or other features of the site, and does not guarantee that you will be able to access the website without errors or interruptions.

5.3. International Children’s Warm Heart Foundation, a non-profit organization, shall not be liable for any direct or indirect costs or damages arising from the use or discontinuance of the use of the website or its content. In addition, we are not responsible for information system or telecommunications interruptions or errors, or for any loss or damage caused by malicious software.

5.4. We are not responsible for any third party website or any material to which the website links or refers.

6. Rights of the data subject

6.1. The data subject has the right to get access to his personal data and to consult them.

6.2. The data subject has the right to receive information about the processing of his personal data.

6.3. The data subject has the right to supplement or correct inaccurate data.

6.4. If the data processor processes the data subject’s personal data on the basis of the data subject’s consent, the data subject has the right to withdraw the consent at any time.

6.5. In order to exercise the rights, the data subject can contact the person responsible for the processing of personal data of the non-profit organization International Children’s Warm Heart Foundation at info@childrenheart.org

6.6. The data subject can file a complaint with the Data Protection Inspectorate to protect his rights.

7. Final Provisions

7.1. These data protection conditions have been drawn up in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons in the processing of personal data and the free movement of such data and on the repeal of Directive 95/46 / EC / EC (General Regulation on the Protection of Personal Data), Personal Data Protection of the Republic of Estonia law and legislation of the Republic of Estonia and the European Union.

7.2. The data processor has the right to partially or completely change the data protection conditions by notifying the data subjects of the changes via the website https://childrenheart.org.