Privacy Policy

Stichting Support a Bit processes personal data in accordance with the EU General Data Protection Regulation (GDPR). This privacy policy describes which data are processed, for which purpose, on which legal basis and for how long.

Data controller

The data controller within the meaning of the GDPR is:

Stichting Support a Bit Registered seat: municipality of Rotterdam, the Netherlands Email: contact@supportabit.nl Chamber of Commerce number: [KvK number to be added after registration]

There is no legal obligation to appoint a data protection officer; questions concerning privacy are answered by the secretary at the email address above.

What data we process

The foundation processes personal data of the following groups:

• Donors: name, email address, payment data via Stripe, donation history.
• Volunteers: name, contact details, any relevant background, and data needed to process expense claims.
• Visitors using the contact form: name, email address and the content of the message.
• Newsletter subscribers: email address and language preference.
• Programme participants: name, contact details, and only those data strictly necessary for the programme. Special categories of personal data are processed only with explicit consent and only where strictly necessary.

Purposes and legal bases

Data are processed for the following purposes, on the corresponding legal basis:

• Execution of a donation, volunteer engagement or programme — on the basis of consent or performance of an agreement.
• Communication with the data subject — legitimate interest of the foundation in the proper performance of its work.
• Sending the newsletter — consent, with the option to unsubscribe at any time.
• Compliance with legal obligations, such as the tax retention obligation for donations — legal obligation.

Retention periods

• Donation data: seven years, in connection with the tax retention obligation.
• Contact form data: six months, unless further contact follows.
• Newsletter subscribers: until unsubscription, plus thirty days for processing the request.
• Volunteer data: up to three years after the end of the engagement.
• Programme data: until the end of the running programme, and thereafter in anonymised form for reporting purposes.

Processors

The foundation uses the following processors, with whom data processing agreements have been or will be concluded:

• Supabase — database and application hosting, hosted in the European Union.
• Stripe — donation processing; transfer of data to the United States under the EU-US Data Privacy Framework.
• Resend — sending of transactional and newsletter emails.
• Vercel — website hosting, with edge infrastructure in the European Union.
• Fonts are served via next/font and loaded locally; no requests are made to external font servers.

Cookies

The website places only functional cookies, including a language cookie from next-intl for the choice between Dutch and English, and privacy-friendly analytics cookies via Vercel Analytics. No tracking cookies are placed and no profiling takes place. See the Cookie Policy for more information.

Rights of data subjects

Every data subject has the right to:

• access to their own data
• rectification of inaccurate data
• erasure of data, where no legal retention obligation applies
• restriction of processing
• objection to processing on the basis of legitimate interest
• data portability for data provided on the basis of consent or contract

Requests may be sent to contact@supportabit.nl. The foundation will respond within four weeks.

Complaint to the supervisory authority

Anyone who believes that the foundation does not handle personal data with due care has the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), Postbus 93374, 2509 AJ The Hague, the Netherlands.

Changes

This privacy policy may be amended. The most recent version is always published on this page, with the date of the most recent change.