top of page

IDENDI Personal Data Protection Policy

1. Data Controller

IDENDI (“we”, “us”, “our”) oversees processing of personal data collected through our website, programs, and donation platforms. We operate globally—including the United States, France, Italy, Spain, and Sweden—and comply with applicable data protection laws.

2. Data We Collect

  • Contact and identification data: name, email, address, phone number;

  • Donation transaction data: payment details, donation amount and frequency;

  • Technical & usage data: IP address, device/browser info, cookies, site activity;

  • Program participation data: educational, employment-related, and beneficiary info.
    This aligns with comprehensive nonprofit practices for transparency and trust.

3. Purposes & Legal Bases

We process personal data for:

  • Managing donations, volunteers, beneficiaries, and services (contractual necessity)

  • Communicating news, impact reports, and marketing (consent or legitimate interest)

  • Fulfilling legal, tax, or regulatory obligations (legal obligation)

  • Enhancing services and campaigns (legitimate interest), provided interests are balanced

4. Cookies & Tracking

We deploy:

  • Essential cookies for site operation,

  • Performance/analytics cookies (e.g., Google Analytics),

  • Optional marketing cookies used only with explicit consent.
    Users can manage preferences via a cookie banner at first visit .

5. Data Sharing

We may share data with:

  • Service providers (e.g., payment processors, analytics platforms) under confidentiality agreements,

  • Authorities as required by law.
    We never sell personal data.

6. International Transfers

Cross-border data transfers (e.g., between U.S. and EU) are safeguarded using EU Standard Contractual Clauses or similar compliant tools.

7. Retention

Data is stored only as long as needed to fulfill processing goals or legal obligations (e.g., donor recordkeeping), and otherwise securely destroyed or anonymized.

8. Your Rights

Depending on your location, you may:

  • Access, correct, delete, or port your data

  • Restrict or object to processing

  • Withdraw consent anytime

  • Opt out of marketing communications

  • Under CCPA/CPRA: opt-out of personal data “sales” and avoid discrimination 
    Requests are processed promptly, and under GDPR within one month, extendable by two months if needed .

9. Security Measures

We implement technical and organizational safeguards, including encryption, secure storage, limited access, firewall protection, and backups to maintain confidentiality and data integrity .

10. Data Breach Response

In case of a breach that threatens personal data rights, we will:

  • Notify the relevant supervisory authority within 72 hours (per GDPR),

  • Inform affected individuals if there's high risk.

11. Children and Minors

We do not knowingly collect data from minors under 16 without verifiable parental consent (in line with GDPR, COPPA etc.) .

12. Roles & Responsibilities

We have appointed a Data Protection Officer (DPO) to ensure continuous compliance with applicable data protection regulations .

13. Policy Updates

This policy is reviewed at least annually or upon changes in regulations or operations. Updated versions, along with an “Effective Date,” will be published on our website footer and shared via banner where appropriate bluehillsdigital.com.

14. Contact Information

To exercise your rights or ask questions:

bottom of page