Privacy Policy

Last updated: January 2025

We take your privacy seriously and comply with GDPR and Estonian Personal Data Protection Act.

Data Controller

Klikihind OÜ (registry code 12607977), registered in Estonia. Contact: see contact page.

Data We Collect

We collect the following data: IP address (for fraud detection), donation amount, optional name and email, cookies (for session management), technical information (browser, device).

Legal Basis

Data processing is based on: legitimate interest (fraud prevention), contract performance (donation processing), your consent (optional information).

IP Address Processing

We process IP addresses locally to prevent abuse. We use MaxMind GeoIP2 database (updated monthly). No real-time sharing of raw IP intelligence with third parties. IP logs are retained for up to 30 days in aggregate form.

Cookies

We use only essential cookies: session cookie (CSRF protection, language preference), security cookie (rate limiting). No third-party tracking cookies are used.

Your Rights (GDPR)

You have the right to: access your data, request data correction, request data deletion, restrict processing, data portability, file a complaint with the Data Protection Inspectorate.

Security Measures

We use: HTTPS encryption, CSRF protection, SQL injection protection, XSS protection, secure sessions, regular security updates.

Third Parties

For payment processing, we use licensed payment processors (PCI DSS certified). IP database (MaxMind) is processed locally. Data is not sold or shared for marketing purposes.

Data Retention

IP logs: 30 days. Donation data: 7 years (accounting requirement). Session data: until session ends. Cookies: until expiration or deletion.

Privacy Contact

For privacy-related questions, please contact us via the contact page.

Policy Updates

We may update this policy from time to time. The last update date is displayed at the top of this page.