Privacy Policy

  1. Introduction
    1. We are Signpost for Africa (association registration number: MB 04843487 and OIB: 30154677521). Our registered office is at Nikole Tesle 12, 35 000 Slavonski Brod, Croatia, with an office located at Mezanovci 27, 21231 Klis, Croatia («we», «us» or «our»). We are committed to protecting and respecting your privacy.
    2. This Privacy Policy (and any other documents referred to in it) sets out the basis on which we will process and use any personal data about our supporters, potential supporters and visitors (together «supporters») to our website www.signpostforafrica.com («website») that we collect from them, that they provide to us, or that we collect from third parties. Please read this Privacy Policy carefully to understand our practices regarding these individuals’ personal data and how we will treat it.
    3. For the purpose of the General Data Protection Regulation (EU) 2016/679 («GDPR») and applicable Croatian data protection laws, we are the data controllers.
    4. We comply with GDPR in respect of the collection, holding, storage, use, and processing of personal data about our supporters (such personal data is held in both manual and electronic records).
    5. We may make changes to this Privacy Policy from time to time. If we do so, we will post the changes on this page and they will apply from the time we post them. Individuals should check back frequently to see any updates or changes to this Policy. This Privacy Policy was last updated on [insert date].
  2. Personal data that we collect
    • Personal data
      We collect and use the following types of personal data about our supporters:
      • Name
      • Postal address
      • Phone numbers (home, work, and mobile, as applicable)
      • Email address(es)
      • Contact preferences
      • Information given when registering to use or completing forms on our website
      • Information on donations made
      • Payment information (e.g., bank account details for setting up regular donations or credit card details for processing payments)
      • Employer details for payroll giving (where applicable)
      • Taxpayer status for applicable tax reliefs
      • Information about supporters’ relationship to Signpost for Africa or philanthropic interests
      • Correspondence between supporters and us (whether by telephone, email, or otherwise).
    • We also collect and use certain technical information about visits to our website, which may include, for example, internet protocol (IP) addresses, login information, browser type and version, pages accessed, files downloaded, full Uniform Resource Locators (URLs), clickstream to, through and from the website (including date and time), products viewed or searched for, page response times, download errors, length of visits to certain pages and page interaction information (such as scrolling, clicks and mouse-overs).
    • We may also collect information indirectly, such as via third-party fundraising platforms, social media, event organizers, or from publicly available information such as press and media articles, charity websites and annual reports, corporate websites, public social media accounts, and official registers.
    • Supporters do not have to disclose personal data to browse the website or use our social media sites, but certain services require the provision of personal data (e.g., processing donations).
    • The safety of children is very important to us. We do not knowingly collect personal data from individuals under 16 years of age without parental or guardian consent.
  3. Cookies
    Our website uses cookies to distinguish you from other users and to help us provide a good experience when you browse our website. Cookies also allow us to improve our website. For detailed information on the cookies we use and why we use them, please see our Cookie Policy.
  4. How we use personal data
    We obtain, collect, record, hold, store, organise, adapt, retrieve, disclose, destroy and otherwise use personal data of supporters, as set out in this Privacy Policy, for the following purposes:
    1. Providing supporters with the products, services and information that they request from us.
    2. Corresponding with supporters and recording communications.
    3. Sending updates, fundraising appeals, and marketing information to supporters.
    4. Keeping records of donations made and actions taken by supporters.
    5. Analysing data to better understand our supporters and to improve our activities.
    6. Complying with legal obligations such as tax and accounting requirements.
    7. Ensuring website functionality, security, and performance.
    8. Supporting volunteers and recording participation in campaigns or events.
    9. Conducting due diligence and fraud prevention measures.

      We will use direct marketing to inform you about our work and how your support makes a difference. We will send direct marketing by email or other electronic means only if you have consented. You may withdraw consent or update your preferences at any time.
  5. How we share personal data
    We will only share personal data:
    1. With service providers who help us operate our services (e.g., IT providers, payment processors) under strict contractual obligations to protect data.
    2. When required by law or court order.
    3. We do not sell or trade personal data.
  6. Legal basis for processing personal data
    We rely on the following legal bases:
    1. Consent, where you have explicitly provided it (e.g., newsletters or marketing).
    2. Contractual necessity, to perform agreements entered into with you (e.g., donation processing).
    3. Legitimate interests, including administrative purposes, volunteer coordination, fraud prevention, and analysis of supporter engagement.
    4. Compliance with legal obligations, including tax and financial reporting.
  7. Data transfer and storage
    Personal data is stored on secure servers within the EU/EEA. Any payment transactions are encrypted using TLS technology. While we take appropriate measures to protect your data, transmission via the internet is not entirely secure and is at your own risk.
  8. Individuals’ rights
    Supporters have the following rights under GDPR:
    1. Access: To request confirmation of whether we hold personal data and to access that data.
    2. Rectification: To request correction of inaccurate or incomplete data.
    3. Erasure: To request deletion of personal data in certain circumstances.
    4. Restriction: To request restriction of processing under certain conditions.
    5. Portability: To request data in a structured, commonly used format for transfer to another controller.
    6. Objection: To object to processing based on legitimate interests or direct marketing.
    7. Withdrawal of consent: To withdraw consent for processing based on consent.
    8. Requests should be made by contacting us using the details below.
  9. Contact and complaints
    Questions, requests or complaints regarding this Privacy Policy should be addressed to:

    Email: info@signpostforafrica.com

    Address: Signpost for Africa, Nikole Tesle 12, 35 000 Slavonski Brod, Croatia

    If you are unsatisfied, you may also contact the Croatian Personal Data Protection Agency (AZOP):

    Website: https://azop.hr