Legal

Privacy policy

How we handle personal data, why we ask for it, and which rights remain with you.

Effective from June 7, 2026 · Last updated: June 7, 2026.

1. Controller

Fundatia Forever Forest, fiscal code 45726675, is the controller for personal data processed through foreverforest.org.

Data-protection contact: office@foreverforest.org. The foundation currently has no public office or postal address.

2. Data we collect

  • Contact-form data: name, email, subject, message, page language, and technical metadata needed to deliver the message.
  • Donation data: name, contact details, donated amount, payment references, and accounting data if you provide them or they are transmitted by a bank/payment platform.
  • Communication data: email address and preferences when you request replies, reports, or updates.
  • Technical data: IP address, user agent, pages visited, errors, and security information collected by hosting, forms, or analytics services where applicable.

3. Why we process data

  • To answer messages and requests.
  • To administer donations, receipts, sponsorships, and accounting obligations.
  • To send project communication only when you requested or accepted it.
  • To secure the website, prevent abuse, and operate technical services.
  • To understand aggregate website use when analytics tools are enabled under the cookie policy.

4. Legal bases

We process data on the basis of a request or contractual relationship, legal obligations, legitimate interest in administering and protecting the website, and your consent for optional communications and consent-based analytics.

5. Providers and recipients

We use technical providers for hosting, email, forms, security, payments, and traffic analytics. These may include Vercel, Resend, Google Analytics 4, or PostHog when configured.

We may share data with banks, accountants, advisers, public authorities, or partners where necessary for donations, legal obligations, defence of rights, or operation of services.

6. International transfers

Some providers may process data outside the European Economic Area. Where relevant, we use GDPR-permitted mechanisms such as adequacy decisions, standard contractual clauses, or additional safeguards offered by providers.

7. Retention

  • Contact messages are kept for as long as needed to answer and follow up, usually up to 24 months.
  • Donation and accounting documents are kept according to applicable legal periods.
  • Newsletter or report data is kept until consent is withdrawn or you unsubscribe.
  • Technical logs and analytics data are kept according to service settings and only as needed for security and reporting.

8. Your rights

You may request access, correction, deletion, restriction, portability, objection, or withdrawal of consent. Write to office@foreverforest.org.

You also have the right to complain to the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP).

9. Security

We use reasonable safeguards for personal data, including secure hosting, limited access, and specialist providers. No online system can guarantee absolute security.

10. Updates

We may update this policy when the website, providers, or legal requirements change. The latest update date appears at the top of the page.