Privacy Policy of Eurohugs

Eurohugs is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website eurohugs.eu, engage with our activities, or communicate with us.

We are a non-governmental organization based in Lithuania, and as such, we are fully compliant with the European Union’s General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

1. Who We Are (Data Controller)

The data controller responsible for your personal data under this Privacy Policy is:

Eurohugs
Nemuno g. 10B, Miklusėnų k., LT-62472 Alytaus r.
eurohugs@gmail.com
+37066223369

2. Information We Collect

We collect various types of information to provide and improve our services to you.

• Personal Data You Provide Voluntarily:
  
  
  • Contact Information: Name, email address, phone number, postal address (e.g., when you register for an event, sign up for our newsletter, or make an inquiry).
  • Demographic Information: Age, gender (e.g., for participation in specific youth programs, where relevant and with explicit consent).
  • Application/Participation Data: Information provided when applying for projects, training, or volunteering opportunities (e.g., educational background, skills, interests, nationality for Erasmus+ programs).
  • Communication Data: Content of your communications with us, including emails, messages, and feedback.
  • Photographs/Videos: With your explicit consent, we may collect photos or videos from our events for promotional purposes.
  • Financial Data: If you make a donation or payment, we may collect necessary financial information (e.g., bank details, transaction history). Note: We typically use secure third-party payment processors who handle your full payment card details directly.
• Data Collected Automatically:
  
  
  • Usage Data: Information about how you access and use our website, such as your IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of your visits. This data is primarily collected through cookies and similar technologies (see Section 4).
  • Device Information: Information about the device you use to access our website, including device type, unique device identifiers, and mobile network information.

3. How We Use Your Information (Purposes and Legal Basis)

We use your personal data for the following purposes, based on the specified legal bases:

• To Provide and Manage Our Services and Activities (Performance of a Contract or Legitimate Interest):
  
  
  • To register you for events, training, or projects.
  • To manage your participation in our programs (e.g., Erasmus+).
  • To process donations or payments.
  • To communicate with you regarding your inquiries, applications, or participation.
  • Legal Basis: Performance of a contract with you (e.g., event registration) or our legitimate interest in managing our operations effectively.
• To Communicate with You (Legitimate Interest or Consent):
  
  
  • To send you newsletters, updates, and information about our activities, projects, and events.
  • To respond to your questions and feedback.
  • Legal Basis: Your consent (for marketing communications where required) or our legitimate interest in informing our community about our work.
• For Outreach and Promotion (Consent or Legitimate Interest):
  
  
  • To use photographs or videos from events (with your explicit consent) for our website, social media, and promotional materials to showcase our work and inspire others.
  • Legal Basis: Your explicit consent.
• To Improve Our Website and Services (Legitimate Interest):
  
  
  • To analyze website usage and trends to enhance user experience and content.
  • To troubleshoot technical issues and ensure the security of our website.
  • Legal Basis: Our legitimate interest in maintaining and improving our digital presence and services.
• For Legal Compliance and Protection (Legal Obligation or Legitimate Interest):
  
  
  • To comply with legal obligations (e.g., tax, reporting requirements).
  • To prevent fraud, enforce our terms and conditions, and protect our rights, property, or safety, and that of our users or the public.
  • Legal Basis: Compliance with a legal obligation or our legitimate interest in protecting our organization.

4. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies (like pixels and web beacons) to enhance your Browse experience, analyze website traffic, and understand where our visitors come from.

• What are cookies? Cookies are small text files placed on your device by websites that you visit. They are widely used to make websites work more efficiently, as well as to provide information to the owners of the site.
• How we use them: We use both session cookies (which are deleted when you close your browser) and persistent cookies (which remain on your device for a set period or until you delete them). We may use cookies for:
  • Essential functionality: To enable core website features.
  • Analytics: To understand how visitors interact with our website (e.g., Google Analytics). This helps us improve our content and user experience.
  • Preference storage: To remember your choices and settings.
• Your Choices: You have the right to decide whether to accept or reject cookies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

5. Sharing Your Information

We do not sell, rent, or trade your personal data to third parties. We may share your information only in the following circumstances:

• With Service Providers: We may share your data with trusted third-party service providers who perform functions on our behalf (e.g., website hosting, analytics, payment processing, email distribution, event management platforms). These providers are contractually bound to protect your data and only use it for the purposes we specify.
• For Project/Program Management: In the context of international projects like Erasmus+, we may share necessary participant data with partner organizations, funding bodies (e.g., European Commission, national agencies), and relevant institutions, strictly as required by program rules.
• Legal Requirements: If required by law, regulation, court order, or governmental request, or to protect our rights, property, or safety.
• With Your Consent: We may share your information with third parties when we have your explicit consent to do so.

6. International Data Transfers

As an organization operating within the EU, we primarily store and process your personal data within the European Economic Area (EEA).

If we transfer personal data to third parties outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Binding Corporate Rules (BCRs).
• Adequacy decisions from the European Commission.

We will inform you if your data is subject to such transfers and the safeguards applied.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The retention period will vary depending on the type of data and the purpose of processing. For example:

• Newsletter subscriptions: Until you unsubscribe.
• Event registration data: For a period required for event administration and any legal/auditing requirements (e.g., 3-5 years).
• Project participation data (e.g., Erasmus+): As required by funding bodies (often up to 5-10 years after project completion).
• Contact inquiries: For as long as necessary to resolve your request and for a reasonable period thereafter for our records.

When your personal data is no longer required, we will securely delete or anonymize it.

8. Your Data Protection Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

• The Right to Be Informed: To receive clear, transparent, and easily understandable information about how we use your personal data and your rights.
• The Right of Access: To request a copy of the personal data we hold about you.
• The Right to Rectification: To request that we correct any inaccurate or incomplete personal data we hold about you.
• The Right to Erasure (“Right to Be Forgotten”): To request the deletion of your personal data in certain circumstances (e.g., if the data is no longer necessary for the purposes for which it was collected).
• The Right to Restrict Processing: To request that we limit the way we use your personal data in certain circumstances (e.g., if you contest the accuracy of the data).
• The Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.
• The Right to Object: To object to the processing of your personal data where we are relying on a legitimate interest as the legal basis for processing, or for direct marketing purposes.
• Rights in Relation to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not engage in such automated decision-making.
• The Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the details provided in Section 1. We will respond to your request within one month, as required by GDPR.

9. Security of Your Data

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include:

• Use of secure servers.
• Encryption of data in transit (SSL/TLS).
• Access controls to limit who can access personal data.
• Regular security assessments and updates.

While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

10. Links to Other Websites

Our website may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11. Children’s Privacy

Our services are generally not directed at children under the age of 13. We do not knowingly collect personally identifiable information from children under 13 without parental consent. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we take steps to remove that information from our servers.

For specific youth programs, especially those involving participants under 18, we will implement additional safeguards and obtain explicit parental/guardian consent as required by law.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

eurohugs@gmail.com

+37066223369