Back to registration
NGO Link Data Policy

Where Compassion Meets Action, While Protecting Your Privacy

Introduction

NGO Link (EU-based) connects volunteers with organizations. We are deeply committed to protecting personal data under GDPR, ensuring transparency and trust. We only collect necessary data, store it securely in the EU with strict access controls, communicate clearly about its use, adhere to defined retention periods, and never share data with third parties.

This policy applies to individuals ("volunteers") and organizations offering opportunities.

Internal Data Processing

We collect essential HR and contact data for our internal team for operational and legal needs. This data is retained for the duration of involvement and legally mandated periods, with non-essential data deleted promptly post-departure (30-90 days).

External Communications

We communicate via platform notifications, email, and social media.

  • Email: We collect email addresses for newsletters upon consent. Data is deleted upon unsubscribe (30 days).
  • Platform Messaging: Direct messages are stored to facilitate connections, retained for account activity plus a short period post-closure (6-12 months).

Website Data

Our website gathers data via google forms and analytics.

  • Form Submissions: We collect names, emails, skills, interests (volunteers) and organization details, project specifics (organizations) solely for matching purposes.
  • Analytics: We use privacy-protective analytics (e.g., Matomo, EU-hosted, IP anonymized) for aggregate website traffic insights, specifically avoiding surveillance-based tools.
  • Storage: Form data (Google Sheets, then Google Drive) and analytics data are stored securely in EU locations with access controls.
  • Retention: Form data for active matches is kept for engagement duration plus a specific post-completion period (1-2 years); unmatched data is deleted after review (6-12 months). Raw analytics logs are purged regularly (30-90 days).

Social Media

We monitor aggregate engagement metrics on our pages for marketing. We do not collect individual user data or use tracking pixels.

Third-Party Services

We currently use no third parties for data processing beyond essential EU-based cloud infrastructure (Google suites). Any future third-party tools will be rigorously vetted for GDPR compliance, security, and require Data Processing Agreements (DPAs).

Data Storage & Retention (General)

Personal data is stored in secure, access-controlled EU-based Google Drive environments and our EU-hosted analytics platform. Access is restricted to authorized personnel on a "need-to-know" basis, protected by strong passwords and 2FA. Data is retained only as long as necessary for its purpose or legal obligations.

Your Rights

Under GDPR, you have rights including access, rectification, erasure, restriction, data portability, and objection to processing. We do not use automated decision-making or profiling. To exercise your rights, contact our Data Representative.

How to Contact Us

For privacy inquiries, please contact:

[NGO Link]

Revisions

This policy was created on 22.10.2025 and last updated on 22.10.2025, and will evolve to maintain GDPR compliance.