Privacy and personal data
We are proud that our collection is free of online tracking and marketing tools intruding on your privacy. Therefore, on this page we will explain in detail how we handle your personal data, who sees it and how we process it.
COOKIES
Cookies are auxiliary files that are stored in the memory of your browser so that the website can function properly. Some types of cookies are very aggressive and are able to track you across different websites. Others are harmless and only ensure that the web loads correctly or has some function that requires the server to work with the browser. We only use cookies on our websites for the basic functioning of the website. These tools do not require consent under the GDPR. Specifically, this is a category of so-called Strictly Necessary Cookies.
These cookies are essential for browsing the website and using its features, for example to access secure areas of the website. An example of strictly necessary cookies are cookies that allow webshops to store your items in your shopping cart while shopping online. These cookies will generally be first-party session cookies. Although it is not necessary to obtain consent for these cookies, it should be explained to the user what they are for and why they are necessary.
Source: https://gdpr.eu/cookies/
Plausible
We use Plausible to track our traffic. Unlike Google Analytics, Plausible does not use invasive tracking methods, the company is from Europe, and of all the traffic measurement tools available, Plausible is the best combination of privacy, accuracy and technical execution. We pay for this service from the fund budget.
Google APIs
For some features, we use Google Cloud, where the code is stored, to process payments and other basic functions. This is a paid hosting service that is essential for the functioning of our website.
Amazon Cloud
FrontFor some features, we use CloudFront, where the code for payment processing and other basic functions is stored. This is a paid hosting service that is essential for the functioning of our website. No personal data is processed in this repository.
jQuery
Minor features (not linked to your personal data) use JavaScript. jQuery is a service where these functions are stored, and our site sometimes needs to download a piece of code.
jsDelivr
Minor features (not linked to your personal data) use JavaScript. JSDelivr is a service where these functions are stored and our site sometimes needs to download a piece of code.
Google Static (Google Fonts)
For the graphics of our site, we need to use the font library provided by Google. This is a tool that downloads to your browser for a while the font that our site uses to give you a visually beautiful website.
Why don't you use your own servers?
Yes, it is true that with our own servers we would not have to use the services of cloud platforms, but the costs associated with their operation and maintenance would be considerably higher and in this way it seems to us more responsible given the minimum budget we allocate for operation.
Wouldn't it be better not to use Google Fonts?
Yes, of all the tools we use - Google Fonts are a purely aesthetic matter, but at the same time it is very easy for us this way to always give our campaigns a slightly different look. From the point of view of the GDPR, Google Fonts has access to the IP address and this is considered personal data. An alternative would be to install fonts locally on our sites, but we decided that this solution is better from a privacy point of view and we will move on to it gradually.
How do I protect myself from being tracked on the Internet?
Use the tools designed for this. For analysis and settings you can use the Ghostery service, instead of insecure browsers you can use Firefox, Safari or Brave browsers, which will allow you to set your privacy much better. The downside may be that some websites or their features may not work properly for you. Our website will work without problems.
Personal data
We collect personal data on our websites only if you ask us to do so and when processing them we adhere to principles that guarantee maximum privacy and anonymity.
Payment
When paying, personal data is processed - not on our website, but within the bank that processes the payment.
These are the following banks and banking services:
ČSOB (Czechoslovak Commercial Bank, a.s.)
When paying by card through the ČSOB payment gateway, the bank does not share any personal data with us except the last four digits of your payment card (to identify the payment). We don't know anything about you, we don't know your name or anything else. Thus, in relation to our service, this is a completely anonymous transaction. Your bank, card provider (VISA, Mastercard...) know about the transaction and your details, but they are subject to extreme regulation and cannot handle your data and share it with anyone unless ordered by court order.
When paying by bank transfer, we can see in the statement your account number and, if you have it set up in banking, also your name. Employees of the endowment fund and, in some cases, technicians have access to this data. In principle, we do not share this data with anyone, it is not stored in third-party services and is not necessary for the operation of the website.
Stripe (Stripe, Inc.)
For foreign payments, we use Stripe, which offers a full range of payment methods from different providers. With Stripe, it is essential to enter your email address and we can see it in your payment statement. We do not process or share your address with anyone else. This address is not intended for the delivery of any marketing emails, but we may contact you through it in case it is operational and important to you.
PayPal (PayPal Holdings, Inc.)
On some older collections, we use PayPal, which allows us to see your name and email address. We will no longer use this service separately for new collections.
Which payment method is non-anonymous?
Jednoznakně payment by card at ČSOB bráně, ideally in combination with ApplePay - které pozmění i ní čtyřčíslí vas a we nevíme absolutně nic. Do not forget, however, that your bank transaction may be provided by the authorities on the basis of the transaction.
Why don't you charge payments via crypto?
Náš projekt je velmi sensilivý a vzhledem k předmětu nosí bychom u kryptoměn namohli it, že peníze nepocházejí z criminné. It seems to me that what we are doing is completely unacceptable.
What to do, where do I have to send an email address (e.g. with Stripe), but don't want to?
If you use Apple products, you can use the Hide my address function in combination with ApplePay. If you do not use Apple, you can use a one-time email - for example, the Mailinator service, which is free and allows you to create a one-time email address, which is automatically fried.
Gift certificate
If you request a donation receipt from us, then of course, personal data is transferred. We do not provide this data to anyone either, but it is necessary for us to process it through a number of essential services.
Airtable (Formagrid, Inc.)
When you fill out the confirmation form on our site, the completed data is sent by a secure protocol to our server, which stores it in AirTable along with the payment information. In the record, your data will remain readable for the time necessary to process the confirmation. As soon as the receipt is sent, all data from the database is automatically deleted.
Sendgrid (Twilio Inc.)
In order for the confirmation email to be delivered to you, we use the Sendgrid email service. It works with your email address and downloads other personal data in PDF format. On Sendgrid, a record of your address and delivery status is available for three days, older history is not visible to us.
Gift Certificate (earlier version)
For old confirmations, which you can still find in the footer of our websites, you fill in your data in the Google Form, which then sends them to the internal system, which takes care of the storage and distribution. Each receipt must be manually created by an employee of the fund, who has access to the database of applications.