Last updated: Wednesday, December 17th, 2025
1. Scope
This notice covers people who donate, fundraise, volunteer, attend events, sign petitions, or opt in to our newsletters/updates (together, “supporters”).
2. Controller & contacts
Controller: Child Rescue Coalition, Inc.
Email: [email protected]
3. Data we collect
- Identity & contact: name, email, phone, postal address, country, language.
- Donation details: amount, date, currency, method, Gift Aid declarations (UK), donation history, dedications.
- Payment processing: tokenized payment details and fraud signals (card/bank details handled by our payment processor; CRC does not store full card numbers).
- Engagement: event attendance, newsletter preferences, email open/clicks (if you consent to marketing), optout/suppression records.
- Compliance & safety: sanctions screening matches (if required), logs necessary to prevent fraud or misuse.
4. Sources
You (direct input), fundraising/event platforms, payment processors, optin tools, and occasionally public sources (e.g., corporate registries for major gifts, when required by law).
5. Why we use your data & legal bases
|
Purpose |
Examples |
Legal basis (EU/UK GDPR) |
|
Process donations and issue receipts |
Taking/recording donations, sending receipts, addressing payment issues |
Contract (Art. 6(1)(b)) |
|
Meet legal obligations |
Tax/charity law recordkeeping (e.g., Gift Aid), sanctions checks where mandated |
Legal obligation (Art. 6(1)(c)) |
|
Thank you and operational updates |
Acknowledgements, eventspecific communications, impact reporting related to your gift |
Legitimate interests (Art. 6(1)(f))—we balance your interests and provide an easy optout |
|
Email/SMS marketing and newsletters |
Campaign updates, appeals, event invites |
Consent (Art. 6(1)(a)) and local ePrivacy/PECR rules; you can withdraw any time |
|
Supporter insights (nonintrusive) |
Highlevel segmentation (e.g., frequency/recency of donations) to plan campaigns |
Legitimate interests (Art. 6(1)(f))—no solely automated decisions with legal/similar effects |
6. Sharing
We share limited data with:
- Processors acting on our instructions (e.g., payment processor, CRM/email platform, event platform, hosting/security providers).
- Authorities where required by law (e.g., tax/charity regulators).
We do not sell your personal data.
7. International transfers
Where personal data are accessed from or transferred to countries without an adequacy decision, we use recognized safeguards (e.g., EU Standard Contractual Clauses, UK IDTA/UK Addendum) and, where available, rely on Data Privacy Framework certifications for U.S. recipients.
8. Retention
- Donation and Gift Aid records: 3 years.
- Marketing preferences: until you withdraw consent; optout/suppression records kept to honor the optout.
- Event and volunteer records: 3 years or as required by law.
We delete or irreversibly anonymize data when no longer needed.
9. Your rights
You have rights to access, rectify, erase, restrict, object (including to legitimate interests), and data portability, plus the right to withdraw consent at any time. See Your EU/UK Privacy Rights for how to exercise them and how to contact regulators.
10. Children’s data
Donations should be made by adults or with parental authorization. If we learn we collected children’s data in this context without proper authority, we will delete it.
11. Updates
We’ll post any changes here with a new “Last updated” date.
