Privaatsuspoliitika

Viimati uuendatud: 24 April 2025  |  Jõustumise kuupäev: 24 April 2025

1. Introduction

TOGETHER TO GOALS MTÜ ("TTG", "we", "us", or "our"), a non-profit association registered in the Republic of Estonia (registration number 80614673), is committed to protecting the privacy and personal data of all individuals who interact with our website togethertogoals.com (the "Website").

This Privacy Policy explains how we collect, use, store, disclose, and protect personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR"), the Estonian Personal Data Protection Act (isikuandmete kaitse seadus), and other applicable privacy legislation.

Please read this policy carefully. By using the Website you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, you should discontinue your use of the Website.

2. Data Controller

The data controller responsible for your personal data is:

All data protection inquiries, requests to exercise your rights, and complaints should be directed to the above contact.

3. Personal Data We Collect

We collect only the minimum personal data necessary for the purposes described in this policy.

3.1 Contact Form

When you submit our contact form we collect:

  • Full name
  • Email address
  • Phone number (if provided voluntarily)
  • Message content

3.2 Donations and Court Bookings

When you make a donation or purchase a court slot, we collect:

  • Full name
  • Email address

We do not collect, store, or process any payment card details. All card and bank payment processing is handled exclusively by our third-party payment processors (see Section 6). TTG never has access to your full card number, CVV, or bank account credentials.

3.3 Automatically Collected Technical Data

When you visit the Website our web server may automatically log your IP address, browser type, referring URL, and pages visited for the purpose of security monitoring and maintaining service integrity. This data is processed on the basis of our legitimate interests (GDPR Art. 6(1)(f)) and is not used to profile individual users.

3.4 Cookies

The Website uses cookies as described in our Cookie Policy.

4. Legal Basis for Processing

We process personal data on the following legal bases under GDPR Article 6:

  • Performance of a contract (Art. 6(1)(b)): Processing your name and email is necessary to fulfil a donation acknowledgement, issue a receipt, or confirm a court booking.
  • Legitimate interests (Art. 6(1)(f)): We process server-side technical logs to ensure network and information security. We have assessed that our legitimate interests are not overridden by your fundamental rights.
  • Consent (Art. 6(1)(a)): Where we send optional marketing communications or use non-essential cookies, we rely on your freely given, specific, and informed consent, which you may withdraw at any time without detriment.
  • Compliance with a legal obligation (Art. 6(1)(c)): We may process data as required by Estonian tax, accounting, or other applicable law.

5. How We Use Personal Data

  • To respond to your contact enquiry or support request.
  • To process your donation or court booking and send a confirmation.
  • To comply with our legal and accounting obligations under Estonian law.
  • To maintain the security and proper operation of the Website.
  • To send transactional communications directly related to your interaction with TTG.

We do not use your personal data for automated decision-making or profiling within the meaning of GDPR Article 22.

6. Data Processors and Third-Party Service Providers

We engage the following categories of third-party data processors, each bound by a data processing agreement or equivalent contractual protections, and each operating under their own privacy policy:

6.1 Stripe, Inc.

Card payments are processed by Stripe, Inc. (a PCI-DSS Level 1 certified payment service provider). When you complete a card payment, your payment data is transmitted directly to Stripe's servers. TTG does not receive, transmit, or store card data. Stripe's privacy policy is available at stripe.com/privacy.

6.2 EveryPay AS

Bank-link (internet-bank) payments in Estonia are processed by EveryPay AS, a licensed payment institution supervised by the Estonian Financial Supervision Authority (Finantsinspektsioon). TTG does not store bank account or bank-link credentials. EveryPay's privacy policy is available at every-pay.com.

6.3 Hosting Provider

The Website is hosted on third-party infrastructure. The hosting provider processes server logs and may have access to data stored on the server as necessary to deliver hosting services. The provider is contractually obligated to maintain confidentiality and comply with GDPR.

We do not sell, rent, trade, or otherwise disclose your personal data to any third party for commercial or marketing purposes.

7. International Data Transfers

Stripe, Inc. is headquartered in the United States. Transfers of personal data to Stripe are carried out under the EU–U.S. Data Privacy Framework and/or Standard Contractual Clauses approved by the European Commission, providing an adequate level of protection under GDPR Chapter V.

We do not otherwise transfer personal data to countries outside the European Economic Area (EEA) unless adequate safeguards are in place.

8. Data Retention

  • Contact form enquiries: retained for up to 2 years from the date of receipt, or until the enquiry is resolved, whichever is later.
  • Donation and booking records: retained for 7 years in accordance with Estonian accounting legislation (raamatupidamise seadus).
  • Server logs: retained for a maximum of 90 days for security and diagnostic purposes.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.

9. Your Rights Under GDPR

Subject to applicable law and certain exemptions, you have the following rights:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request that inaccurate or incomplete data be corrected.
  • Right to erasure (Art. 17): You may request deletion of your personal data where there is no overriding legitimate ground for its continued processing.
  • Right to restriction (Art. 18): You may request that we restrict the processing of your data in certain circumstances.
  • Right to data portability (Art. 20): Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): You may object at any time to processing based on legitimate interests, including profiling.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at info@togethertogoals.com. We will respond within 30 days of receiving your request. We may ask you to verify your identity before fulfilling a request.

10. Right to Lodge a Complaint

If you believe that we have processed your personal data in violation of applicable law, you have the right to lodge a complaint with the competent supervisory authority:

  • Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
    Address: Tatari 39, 10134 Tallinn, Estonia
    Website: www.aki.ee
    Email: info@aki.ee

You may also lodge a complaint with the supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include the use of encrypted HTTPS connections, access controls, and regular security reviews.

To the fullest extent permitted by applicable law, TTG accepts no liability for any breach of security attributable to the acts or omissions of third-party payment processors (including Stripe and EveryPay), hosting providers, or other sub-processors. Each such third party is independently responsible for the security of data within their own systems and infrastructure.

12. Limitation of Liability

To the fullest extent permitted by applicable law:

  • The Website and all information, content, and services provided thereon are offered "as is" and "as available", without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.
  • TTG accepts no liability for any direct, indirect, incidental, consequential, or punitive damages arising out of or in connection with your use of the Website or any linked third-party services.
  • TTG is not responsible for the privacy practices, terms, or security of any third-party websites or services to which the Website may link. You access such services entirely at your own risk.

13. Force Majeure

TTG shall not be liable for any failure or delay in the performance of its obligations under this Privacy Policy where such failure or delay is caused by circumstances beyond TTG's reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, civil unrest, pandemic, governmental actions, telecommunications or internet infrastructure failures, or any event constituting force majeure under Estonian law.

14. Children's Privacy

The Website is not directed to children under 16 years of age, and we do not knowingly collect personal data from children without verifiable parental consent. If you believe we have inadvertently collected data from a minor, please contact us immediately at info@togethertogoals.com and we will take prompt steps to delete such data.

15. Changes to This Privacy Policy

We reserve the right to modify, amend, or replace this Privacy Policy at any time without prior notice. The revised policy will be posted on this page with an updated "Last updated" date. Your continued use of the Website following the posting of changes constitutes your acceptance of those changes. We encourage you to review this policy periodically.

16. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Estonia and applicable European Union law. Any disputes arising in connection with this policy shall be subject to the jurisdiction of the Estonian courts, without prejudice to your rights as a consumer under any applicable mandatory national law.

Questions about this policy? Contact us at info@togethertogoals.com.

IT-partner

Veebiarendus igal keerukorral · Toetab spordi arengut ja osaleb TTG projektides