Privacy Policy
Effective date: 5th of December, 2025
1. Who we are (Data Controller)
This Privacy Policy explains how we collect and use your personal data when you visit our website and support our activities, including by making donations.
The data controller is:
VšĮ RŪTOS IR DANO GAŠKAUSKŲ PARAMOS FONDAS
Company code: 307502574
Registered address: Taikos g. 1-72, LT-18113 Švenčionys Lithuania
Email: support@vsigaskauskufondas.lt
Website: https://vsigaskauskufondas.lt
For the purposes of the EU General Data Protection Regulation (GDPR), we act as the data controller of your personal data. GDPR+1
2. Scope of this Privacy Policy
This Privacy Policy applies when you:
visit or browse our website https://vsigaskauskufondas.lt;
make a donation through our online donation forms (e.g. via GiveWP);
contact us by email or via contact forms;
subscribe to receive updates or other communications from us;
interact with us through social media where we link to this policy.
It does not apply to websites or services we do not control. When you follow a link to another website, their own privacy policy will apply.
3. Personal data we collect
We collect and process different categories of personal data depending on how you interact with us.
3.1. Data you provide directly
Donors
When you make a donation through our website, we may collect:
Name and surname
Email address
Postal address (for receipts, if required)
Country of residence
Donation amount, currency, date and time
Selected payment method
Message or dedication included with your donation (if you choose to write one)
Communication preferences (e.g. whether you want to receive updates from us)
We do not receive or store your full credit card number or security code. These are processed directly by our payment service providers.
Contact form / email inquiries
If you contact us by email or via a contact form, we collect:
Name
Email address
Subject and content of your message
Any other information you choose to include (for example, if you share details about your situation or about other persons)
Newsletter / updates
If we offer a newsletter or email updates and you subscribe, we collect:
Name
Email address
Language preference (if applicable)
Your consent and the time/date of subscription
3.2. Data we collect automatically when you use our website
When you browse our website, our systems and service providers may automatically collect:
IP address
Browser type and version
Device information (operating system, screen resolution, etc.)
Pages visited, time and date of visit
Referring URL (the page you came from)
Cookie and tracking data (see “Cookies and similar technologies” below)
This data is used mainly for security, technical operation, and statistics.
4. Purposes and legal bases for processing
Under the GDPR, every processing activity must have a legal basis. GDPR+1
We process your personal data for the following purposes:
4.1. To process your donations and manage our relationship with you
What we do: process your donation, send you confirmation and receipts, keep records for accounting and auditing, respond to your questions about donations.
Legal bases:
Performance of a contract – to process your donation and provide you with confirmations (GDPR Art. 6(1)(b)); GDPR+1
Legal obligation – to comply with accounting, tax, and other legal requirements in Lithuania (Art. 6(1)(c)). Leinonen Global+2Company in Lithuania UAB+2
4.2. To communicate with you
What we do: respond to your messages, handle inquiries, and provide you with information you request.
Legal basis:
Legitimate interest – to communicate with supporters, donors and website visitors who contact us (Art. 6(1)(f)). GDPR+1
4.3. To send you updates, newsletters and fundraising information
What we do: if you subscribe or explicitly ask for it, we may send you updates about our fund, fundraising campaigns, and related information.
Legal basis:
Consent – when you sign up or tick a box to receive such communications (Art. 6(1)(a)).
You can withdraw your consent at any time by clicking “unsubscribe” in our emails or by contacting us.
4.4. To operate, secure and improve our website
What we do: use technical logs and analytics to maintain security, detect abuse, measure website traffic, and improve our content.
Legal bases:
Legitimate interest – to run a secure, reliable website and understand how visitors use it (Art. 6(1)(f)); Homepage | Data Protection Commission+1
Consent – for non-essential cookies and similar technologies (analytics, marketing) where required by ePrivacy rules (Art. 6(1)(a)). NOMB Changes – Non-Profit Association+2GiveWP+2
4.5. To comply with laws and defend our rights
What we do: retain and, where necessary, disclose data to authorities or courts when required by law or to protect our legal rights and those of others.
Legal bases:
Legal obligation (Art. 6(1)(c));
Legitimate interest in establishing, exercising or defending legal claims (Art. 6(1)(f)). GDPR+1
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects for you (Art. 22 GDPR). GDPR
5. Recipients of your personal data
We share your personal data only where necessary and on a need-to-know basis.
5.1. Service providers (processors)
We may share your data with trusted third-party service providers who process data on our behalf, such as:
Website hosting and technical providers (e.g. WordPress hosting, security and backup services);
Donation platform (e.g. GiveWP and related WordPress plugins, which help us process and administer donations and donor records); NOMB Changes – Non-Profit Association+3GiveWP+3GiveWP+3
Payment service providers (such as Stripe, PayPal, banks or other processors listed on the donation form);
Email delivery and newsletter services (if used);
Analytics providers (if used, e.g. privacy-friendly analytics tools);
IT support and maintenance providers.
These providers are bound by contracts and may only process your data according to our instructions and for the specified purposes.
5.2. Professional and public bodies
Where necessary, we may share data with:
Accountants and auditors (for financial and compliance purposes);
Public authorities, regulators, law enforcement, courts or similar bodies, when required by law or to protect our rights.
We do not sell or rent your personal data to third parties.
6. International transfers
Some of our service providers may be located outside the European Economic Area (EEA), for example in the United States. This may involve transferring your personal data to countries that do not provide the same level of data protection as the EU/EEA.
In such cases, we ensure that appropriate safeguards are in place, such as:
Standard Contractual Clauses (SCCs) approved by the European Commission; or
Other mechanisms permitted by GDPR for international transfers. GDPR+2European Commission+2
You can contact us if you would like more information about these safeguards.
7. Data retention – how long we keep your data
We do not keep your data longer than necessary for the purposes described above or as required by law. In particular:
Donation and accounting records: retained for 10 years from the end of the financial year, to comply with Lithuanian accounting and tax laws. commenda.io+4Leinonen Global+4Company in Lithuania UAB+4
Newsletter / communications: retained until you withdraw your consent (unsubscribe) or after a reasonable period of inactivity (for example, if you never open our emails for a certain time).
Contact form / email inquiries: retained for as long as needed to handle your inquiry and for a limited period afterwards (e.g. up to 2 years) in case of follow-up questions or legal claims.
Technical logs and security data: retained for a short, defined period (typically up to 6–12 months), unless needed longer for security investigations.
When the applicable retention period expires, we either delete your personal data or anonymise it so that it can no longer be linked to you.
8. Cookies and similar technologies
8.1. What are cookies?
Cookies are small text files stored on your device when you visit a website. They can be used to make websites work, to remember your preferences, and to help us understand how the site is used. NOMB Changes – Non-Profit Association+2YouTube+2
8.2. Types of cookies we use
On our website we may use:
Strictly necessary cookies – required for the operation of the website and donation forms (e.g. to remember your donation session, security and anti-fraud).
Preference cookies – to remember your language or other settings (if used).
Analytics cookies – to understand how visitors use our website (e.g. page views, traffic sources).
Functionality cookies – used by plugins such as GiveWP to show your donation history or receipts. primarytraumacare.org+1
We will not use non-essential cookies (such as analytics or marketing cookies) without your consent, in line with EU ePrivacy rules. NOMB Changes – Non-Profit Association+2GiveWP+2
8.3. Cookie consent
When you first visit our website, you will be presented with a cookie banner. You can:
Accept all cookies;
Reject non-essential cookies; or
Choose settings for different categories.
You can change or withdraw your consent at any time by using the cookie settings link in the website footer (or browser settings).
For more details, please see our separate Cookie Policy [link to cookie policy page].
9. Security of your personal data
We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. GDPR+1
These measures include:
Using secure hosting and regularly updated software (e.g., WordPress, security plugins);
Limiting access to personal data to staff and trusted partners who need it for their tasks;
Using encryption and secure connections (HTTPS/TLS) when transferring data;
Entering into data processing agreements with our service providers.
Payments and card data
Online payments are processed directly by our payment providers (e.g. Stripe, PayPal or banks). We do not store your full credit card number or security code on our servers.
However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
10. Your rights under data protection law
As an individual in the EU/EEA, you have the following rights under the GDPR: GDPR+2European Commission+2
Right of access – to obtain confirmation whether we process your personal data and, if so, to receive a copy.
Right to rectification – to request correction of inaccurate or incomplete data.
Right to erasure (“right to be forgotten”) – to request deletion of your data in certain circumstances.
Right to restriction of processing – to request restriction of processing in specific cases.
Right to object – to object to processing based on legitimate interests, including profiling on that basis. You also have an absolute right to object to direct marketing.
Right to data portability – to receive certain data in a structured, commonly used and machine-readable format and to transmit it to another controller.
Right to withdraw consent – where processing is based on your consent, you can withdraw it at any time; this will not affect the lawfulness of processing before withdrawal.
Right not to be subject to automated decision-making – we do not use such processes for decisions that significantly affect you.
How to exercise your rights
To exercise any of these rights, please contact us at:
Email: support@vsigaskauskufondas.lt
We may ask you to provide information to verify your identity before acting on your request. We aim to respond within one month of receiving your request, as required by GDPR, and may extend this period by up to two further months in complex cases (we will inform you if that happens). GDPR+2Homepage | Data Protection Commission+2
11. Complaints to the supervisory authority
If you believe that we are processing your personal data in violation of data protection laws, you also have the right to lodge a complaint with the competent supervisory authority.
In Lithuania, this is the:
State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija)
L. Sapiegos str. 17, LT-10312 Vilnius, Lithuania
Phone: +370 5 271 2804 / +370 5 279 1445
Email: ada@ada.lt
Website: https://vdai.lrv.lt datarequests.org+3vdai.lrv.lt+3URM | Užsienio reikalų ministerija+3
You may also lodge a complaint with the data protection authority of your habitual residence or place of work within the EU/EEA.
12. Children’s data
Our website and fundraising activities are not directed to children under the age of 18, and we do not knowingly collect personal data from children under 18.
If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us immediately. We will take steps to delete such data without undue delay.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time, for example when we introduce new services or when laws change. If we make material changes, we will publish the updated version on our website and update the “Effective date” at the top.
We encourage you to review this Privacy Policy periodically.
14. Contact us
If you have any questions, requests, or concerns about this Privacy Policy or our processing of your personal data, you can contact us at:
VšĮ RŪTOS IR DANO GAŠKAUSKŲ PARAMOS FONDAS
Email: support@vsigaskauskufondas.lt