Privacy Policy

This privacy policy informs you about what personal data we collect when you visit our website and how we process it. Personal data is any information relating to an identified or identifiable person, such as name, email address, or IP address.

Responsible Party

The party responsible for data processing on this website is:

Dunia ya Heri - African Family & Health Care e. V.
Judith Klier
Poignring 32
82515 Wolfratshausen
Germany

Tel.: +49 (0)8171 10000
E-Mail: judith.klier@dunia-ya-heri.org
Association Register No.: VR 205734
Court of Registration: Munich District Court

Legal Notice: https://dunia-ya-heri.org/en/legal/legalnotice.html

Overview of Data Processing

When you visit our website, personal data is collected only to the extent technically necessary. We process your data exclusively for the following purposes:

• Provision and technical operation of the website
• Ensuring IT security
• Responding to contact inquiries
• Display of embedded content (videos, maps, donation form)
• Public relations for our statutory purposes
• Fundraising and donation collection

The following types of data are processed:

• Technical data (IP address, browser type, operating system, access time)
• Contact data (name, email address, message when using the contact form)

Recipients or categories of recipients:

Your data may be shared with the following recipients or categories of recipients: hosting providers (Hostinger), email service providers (for sending and receiving emails), embedded content providers (Google, Vimeo), security services (hCaptcha), form services (web3forms), and donation platform (betterplace.org as an independent controller).

Legal Basis for Processing

We only process personal data if there is a legal basis for doing so. The legal bases are derived from the General Data Protection Regulation (GDPR):

• Consent (Art. 6 para. 1 lit. a GDPR): If you have given us your explicit consent to process certain data (e.g., for external services).
• Contract Performance (Art. 6 para. 1 lit. b GDPR): If processing is necessary to fulfill your request.
• Legitimate Interest (Art. 6 para. 1 lit. f GDPR): If processing is required to protect our legitimate interests, for example to ensure IT security or to conduct public relations for our charitable purposes.

Your Rights as a Data Subject

You have the following rights regarding your personal data:

• Right of Access: You can request information about what data we process about you.
• Right to Rectification: You can request correction of inaccurate data.
• Right to Erasure: You can request deletion of your data, provided no legal retention obligations apply.
• Right to Restrict Processing: You can request restriction of processing of your data.
• Right to Data Portability: You can request that we provide your data in a structured, commonly used format.
• Right to Withdraw Consent: If you have given us consent, you can withdraw it at any time. The lawfulness of processing prior to withdrawal remains unaffected.
• Right to Object: You can object to processing of your data for reasons arising from your particular situation, if processing is based on a legitimate interest.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority if you believe that processing of your data violates data protection regulations.

Competent Supervisory Authority: Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, https://www.lda.bayern.de/

To exercise your rights, you can contact us at the address provided above at any time. Please note that we can only delete or modify data that is actually stored with us. For data processed by external services (e.g., Vimeo, Google, hCaptcha, Betterplace, web3forms), you must contact the respective providers directly.

Security Measures

We employ technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in accordance with technological developments.

Data transmission between your browser and our server is encrypted via HTTPS (TLS/SSL encryption).

Data Transfer to Third Countries

Some of the services we use are based in the USA or process data on servers in the USA. The USA is considered a third country for which the EU Commission has not generally issued an adequacy decision.

For Google Maps, we rely on the adequacy decision for the EU-US Data Privacy Framework (Art. 45 GDPR), under which Google LLC is certified.

For Vimeo, hCaptcha, and web3forms, data transfer is based on your consent (Art. 49 para. 1 lit. a GDPR), unless another transfer mechanism applies. To the extent that providers provide appropriate safeguards (e.g., Standard Contractual Clauses), this applies additionally. We point out that in the USA there may be a level of data protection that does not correspond to European standards. In particular, there is a risk that US authorities may access your data.

You can withdraw your consent at any time by no longer using the respective services or by resetting your consent (see below).

Web Hosting and Server Logs

Our website is hosted by Hostinger (Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus). The servers are located in Germany. Hostinger processes technical data on our behalf that is generated when you visit the website.

Each time you access our website, the web server automatically records the following data in so-called server log files:

• IP address of the requesting device
• Date and time of access
• Name and URL of the requested page
• Amount of data transferred
• Browser type and version
• Operating system
• Referrer URL (previously visited page)

This data is processed exclusively for the following purposes:

• Technical provision of the website
• Ensuring system security
• Detection and prevention of attacks

Legal Basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR) in a secure and functional web presence.

Storage Duration: Server logs are automatically deleted after a maximum of 7 days.

We have concluded a data processing agreement with Hostinger that complies with the data protection requirements of the GDPR.

Consent Management and Local Storage

We do not use non-essential cookies. External content and services (videos, maps, donation form, security features) are only loaded after your consent.

On your first visit to our website, you will be asked for your consent to use external services. Your consent decision is stored locally in your browser (Local Storage) and does not leave your device. This storage serves solely to take your decision into account for future visits.

You can withdraw your consent at any time:

• Via our cookie consent reset page
• By manually deleting Local Storage in your browser settings

After withdrawal, you will be asked for your consent again on your next visit.

Legal Basis: Consent (Art. 6 para. 1 lit. a GDPR).

Contact Form

Our website offers a contact form through which you can send us messages. When you use the contact form, the following data is collected:

• Name
• Email address
• Message

The contact form is provided via the service web3forms (Web3Creative, Kerala, India; servers in the USA). When you submit the form, your data is forwarded to us via email through web3forms' servers. web3forms is an independent controller for processing; please note their privacy policy and data subject rights. A data processing agreement is not currently offered. According to web3forms, no permanent storage of form data takes place at web3forms; short-term log data for security and error purposes may occur.

The contact form also uses hCaptcha (see below) as spam protection. The form is only loaded after your consent.

Purpose: Processing your contact inquiry.

Legal Basis: Consent (Art. 6 para. 1 lit. a GDPR) by activating the form; contract performance (Art. 6 para. 1 lit. b GDPR) for specific inquiries.

Third Country Transfer: USA. Transfer is based on your consent (Art. 49 para. 1 lit. a GDPR).

web3forms Privacy Policy: https://web3forms.com/privacy

Storage Duration: Contact inquiries are stored via email with us and are generally deleted after 12 months. If the correspondence results in tax or commercial law-relevant matters, we retain it in accordance with legal retention periods (generally 6 or 10 years). You can request deletion of your contact data at any time, provided no legal obligations prevent this.

Embedded Content and External Services

We embed content and functions from external providers into our website. These services are only loaded after your consent. When loading this content, your IP address is transmitted to the respective provider. External services may set cookies and process additional data.

Vimeo (Videos)

We embed videos from the Vimeo platform (Vimeo, Inc., 555 West 18th Street, New York, NY 10011, USA).

When you play a video, your browser establishes a connection to Vimeo's servers. Data is transmitted to Vimeo, in particular your IP address, browser information, and information about your playback behavior. Vimeo may set cookies and track your usage behavior.

Purpose: Display of videos on our website.

Legal Basis: Consent (Art. 6 para. 1 lit. a GDPR).

Third Country Transfer: USA (Art. 49 para. 1 lit. a GDPR).

Privacy Policy: https://vimeo.com/privacy

Google Maps (Maps)

We embed maps from the Google Maps service (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

When the map is loaded, data is transmitted to Google, in particular your IP address. Google may set cookies and collect information about your use of the map.

Purpose: Display of interactive maps.

Legal Basis: Consent (Art. 6 para. 1 lit. a GDPR).

Data Transfer: A transfer to the USA may take place. The basis is the adequacy decision for the EU-US Data Privacy Framework (Art. 45 GDPR), under which Google LLC is certified.

Privacy Policy: https://policies.google.com/privacy

hCaptcha (Spam Protection)

We use the hCaptcha service (Intuition Machines, Inc., USA) as protection against automated access and spam in our contact form.

hCaptcha analyzes user behavior to distinguish between humans and bots. Data is transmitted to hCaptcha, in particular IP address, browser information, and mouse movements. hCaptcha may set cookies.

Purpose: Protection against spam and abuse.

Legal Basis: Consent (Art. 6 para. 1 lit. a GDPR).

Third Country Transfer: USA (Art. 49 para. 1 lit. a GDPR).

Privacy Policy: https://www.hcaptcha.com/privacy

Betterplace (Donation Form)

We embed a donation form from the betterplace.org platform (gut.org gAG, Schlesische Straße 26, 10997 Berlin, Germany) via an iframe.

The donation form is provided directly by betterplace.org. When the form is loaded, data is transmitted to betterplace, in particular your IP address. If you donate via the form, extensive personal data is transmitted directly to betterplace and processed there, including:

• Name and address
• Email address
• Payment information (bank details, credit card data, etc.)
• Donation amount and purpose

We have no access to this data. betterplace.org is independently responsible for processing your donation data. Betterplace works with payment service providers to process donations.

Purpose: Enabling online donations.

Legal Basis: Consent (Art. 6 para. 1 lit. a GDPR) for loading the iframe.

Privacy Policy: https://www.betterplace.org/c/datenschutz

Statutory Purposes

As a charitable association, we also process personal data in connection with our statutory purposes:

Public Relations

We inform about our work and projects through publications on our website. Personal data (e.g., names, photos) may be processed if the individuals concerned have consented or if the publication is part of reporting on our charitable activities.

Legal Basis: Consent (Art. 6 para. 1 lit. a GDPR) or legitimate interest (Art. 6 para. 1 lit. f GDPR) in public relations for charitable purposes.

Fundraising

We collect donations to finance our charitable projects. Processing of donation data is carried out by betterplace.org (see above). If you contact us directly (e.g., by email) to inquire about donation options, we process your contact data to respond to your inquiry.

Legal Basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR) in promoting our charitable purposes.

Storage Duration and Deletion

We store personal data only as long as necessary for the respective purpose or as required by law.

• Server Logs: 7 days, then automatic deletion
• Contact Inquiries: Generally 12 months; if tax or commercial law-relevant, 6 or 10 years; earlier deletion upon request is possible, provided no legal obligations prevent this
• Consent Data: Stored locally in your browser; can be removed at any time by deleting Local Storage or via our consent reset page

Data processed by external services (Vimeo, Google, hCaptcha, Betterplace, web3forms) is subject to the storage periods of these services. Information about this can be found in the respective privacy policies of the providers.

Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or changes to our data processing practices. The current version is always available on this page.

Last Updated: November 7, 2025