Right out the front door, we prioritize your privacy and data security. As you navigate through our website, we want to ensure you feel confident and informed about how we handle your personal information. Our GDPR Privacy Policy is a comprehensive guide that explains, in simple terms, the steps we take to comply with the General Data Protection Regulation (GDPR). This policy reflects our commitment to creating a safe and secure digital space for everyone who engages with our site, including website visitors, donors, and stakeholders.

GDPR Privacy Policy of the Soina Foundation

We believe that understanding how your data is handled is crucial, and our straightforward policy is designed to make this information accessible to you. Join us on this journey of transparency, where we strive to build trust by prioritizing your privacy and upholding the principles of openness, accountability, and respect for your rights.

Characteristics of Best GDPR Privacy Policy Examples

  1. Clear Communication: The best GDPR policies use straightforward language to explain how personal data is collected, used, and protected.
  2. User Empowerment: They give users control, allowing them to easily access, modify, or delete their personal information.
  3. Transparency: These policies disclose the purpose of data processing, ensuring users understand why their information is being collected.
  4. Security Measures: They outline robust security measures to safeguard data, providing reassurance about its protection.
  5. Consent Clarity: Obtaining user consent is emphasized, and the policies specify the exact purposes for which consent is sought.
  6. Data Minimization: They stress the principle of collecting only the necessary data, minimizing the intrusion into users’ privacy.
  7. Cross-Border Data Transfer: If applicable, there’s a clear explanation of how international data transfers comply with GDPR regulations.
  8. Incident Response: The policies detail steps taken in the event of a data breach, showcasing a commitment to timely and effective response.
  9. Periodic Review: Regular updates and reviews of the policy demonstrate a commitment to staying current with evolving privacy standards.
  10. Educational Elements: They include user-friendly explanations to enhance understanding, fostering a sense of awareness regarding privacy rights and obligations.

General Date Protection Regulation

Welcome to Soina Foundation, where we prioritize the privacy and security of the personal information entrusted to us by our esteemed website visitors, donors, and stakeholders. Our commitment to data protection is exemplified in this GDPR Privacy Policy, designed to provide a comprehensive overview of the measures we undertake to ensure compliance with the General Data Protection Regulation (GDPR) and to reinforce the trust you place in us.


The GDPR privacy policy for the Soina Foundation prioritizes clarity and user empowerment. In simple terms, it communicates how personal data is handled, ensuring transparency about the foundation’s data practices. Users are empowered with control over their information, allowing them to easily access, modify, or delete it as needed.

The policy emphasizes the importance of obtaining clear consent, specifying the purposes for which data is collected. Security measures are outlined, showcasing a robust commitment to protecting user data. The foundation adheres to the principle of data minimization, collecting only essential information. In the event of a data breach, a well-defined incident response plan is in place.

The policy undergoes regular reviews to stay current with GDPR regulations, and educational elements are integrated to enhance user awareness of privacy rights and responsibilities.

This policy governs the processing of all personal data by Soina Foundation, encompassing information collected through our website, social media platforms, email communications, and various other channels.

Data Collection and Use

Our data collection is purpose-driven, focusing on information essential to realizing our charitable objectives and facilitating communication with our valued supporters. This may include, but is not limited to, names, email addresses, postal addresses, phone numbers, and payment details. Importantly, Soina Foundation commits to never selling or sharing personal data with third parties for marketing purposes.

Lawful Basis for Data Processing

We engage in data processing only when a lawful basis exists. This includes obtaining explicit consent from data subjects, processing for the performance of contractual obligations, compliance with legal requirements, or pursuit of our legitimate interests.

Data Security

To thwart unauthorized access, disclosure, alteration, or destruction of personal data, we have implemented and regularly review robust technical and organizational measures. This ongoing commitment to security ensures the effectiveness of our protective protocols.

Data Retention

Personal data is retained only for as long as necessary, aligning with the purposes for which it was collected or as mandated by legal obligations. Our organization continually reviews and updates retention policies to remain in accordance with these principles.

Data Subject Rights

Under GDPR, data subjects are entitled to several rights, including being informed about data collection, accessing their data, correcting or updating information, requesting data deletion, objecting to processing, restricting processing, and exercising data portability.

Data Protection Officer (DPO)

Soina Foundation has appointed a Data Protection Officer (DPO), Anita Soina, who oversees GDPR compliance and ensures all data processing aligns with GDPR standards while respecting the rights of data subjects.

Roles and Responsibilities of the DPO

The DPO’s responsibilities extend to providing guidance on GDPR and data protection, monitoring compliance, cooperating with supervisory authorities, advising and training employees, conducting data protection impact assessments, and serving as a point of contact for data subjects.

Appointment and Contact Information

DPO Anita Soina, is accessible and can be contacted at info at the Soina Foundation dot org, providing an avenue for both employees and data subjects to seek information or address concerns.

Training and Resources

The DPO ensures employees handling personal data receive comprehensive training on GDPR and data protection regulations, supplemented with relevant resources to enhance understanding.

Monitoring and Reporting

Continuous monitoring of GDPR compliance and reporting any violations to senior management is a responsibility of the DPO. Additionally, the DPO ensures timely reporting of any data breaches to supervisory authorities.

Lawful Basis for Processing Special Categories of Personal Data

When processing special categories of personal data is necessary, the Soina Foundation adheres to lawful bases such as explicit consent, legal obligations, vital interests, not-for-profit activities, public interest, and legal claims.

Data Minimization and Retention of Special Categories

Soina Foundation commits to processing only relevant special categories of personal data and limiting processing to what is strictly necessary. Retention periods for such data are determined by the purposes of collection and legal requirements.

Rights of Data Subjects

Individuals possess rights to access, rectify, erase, or restrict processing of their special categories of personal data. Furthermore, they have the right to object and request data portability. Soina Foundation endeavors to respond to such requests within one month, providing reasons if compliance is not possible.

Children and Minors

We place great emphasis on safeguarding the privacy of children, ensuring that we do not knowingly collect personal identifiable information from those aged 13 years and under. Parents or guardians can contact us to remove information and unsubscribe children from electronic marketing lists.

For further insights into GDPR, please refer to African Impact’s GDPR privacy policy example for World Volunteering LLC. General tips for protecting the online privacy of children can be found on soleforafricanchild.org blog posts.

We affirm that we do not collect data or registration information from children on this site.

For additional information, please read our Terms of Service.


What policies do nonprofit/not-for-profit really need for GDPR?