Privacy Policy

Last updated: 25 February 2025

1. Data Controller

The responsible party for data processing is:
Association Willow
Rue de Varembé 3, 1202 Geneva, Switzerland
Email: [email protected]

2. Scope

This Privacy Policy explains how Association Willow processes personal data in connection with this website and donations. We comply with the Swiss Federal Act on Data Protection (nFADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

3. What Data We Collect

We only collect data strictly necessary for our operations:

• Donors: When you make a donation, we may receive your name, email address, donation amount, currency, payment status, and transaction identifiers. Payment card details are processed directly by our payment provider and are not stored by Association Willow.
• Website Visitors: We may process basic technical data (e.g., IP address, device/browser information, time of access) to ensure website security, prevent abuse, and maintain service reliability. We do not use advertising or profiling cookies.

4. Purposes of Processing

We process personal data for the following purposes:

• to process and administer donations and communicate with donors (e.g., confirmations, replies to inquiries);
• to comply with applicable bookkeeping, auditing, and legal obligations;
• to protect our systems and prevent fraud, abuse, or security incidents.

5. Payment Processing (Stripe)

We use Stripe, Inc. for secure payment processing. Association Willow does not store your full credit card number. Your payment data is transmitted directly to Stripe via an encrypted connection (SSL/TLS). Stripe’s use of your data is governed by their Privacy Policy.

6. Cross-Border Data Transfers

Stripe and certain service providers may process personal data outside Switzerland (and, where applicable, outside the EEA). Where cross-border disclosure occurs, we take measures intended to ensure an adequate level of data protection in accordance with the nFADP (for example, by relying on recognised safeguards used by the relevant providers).

7. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share data with competent authorities only if required by Swiss law or a binding legal request. We may also share data with service providers (such as payment processing) strictly to operate this website and process donations.

8. Retention

We retain personal data only as long as necessary for the purposes described above. Donation and accounting-related records are generally retained for at least 10 years from the end of the relevant financial year, in line with Swiss record-retention obligations. We may retain data longer where required or permitted by applicable law.

9. Data Security

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, or misuse (e.g., access controls and encrypted transmission). No method of transmission or storage is completely secure; however, we work to maintain safeguards appropriate to the risks.

10. Your Rights

Under the nFADP (and GDPR where applicable), you may have rights such as access, rectification, deletion, and, where applicable, data portability. Please note that deletion or restriction may be limited where we must retain records to comply with legal obligations. To exercise your rights, contact us at [email protected].

11. Prevailing Language of the Statutes

In case of discrepancies regarding the Association’s Statutes, the original French version shall prevail.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date above indicates when the latest revision became effective.