GDPR Statement

G.O.T Woman, a program of GOT CONNECTIONS Foundation, respects the privacy rights of individuals in the European Economic Area (EEA) and the United Kingdom (UK) under the General Data Protection Regulation (GDPR). This statement explains how we comply with GDPR requirements when processing personal data of EEA/UK residents.

1. Data Controller

The data controller responsible for your personal data is:

• Organization: GOT CONNECTIONS Foundation (operating G.O.T Woman)
• Website: gotwomen.org
• Contact: gotwomen.org/#contact

2. Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you voluntarily sign up for our newsletter, create an account, or submit a contact form. You may withdraw consent at any time.
• Contractual Necessity: When processing is necessary to fulfill a membership subscription or event registration.
• Legitimate Interest: For organizational administration, improving our services, and communicating with existing supporters about relevant programs and events.
• Legal Obligation: When we are required to retain records for tax reporting and nonprofit compliance purposes.

3. Data We Collect

We collect and process the following categories of personal data:

• Identity Data: Name, email address, phone number.
• Account Data: Login credentials (password stored in hashed form only).
• Financial Data: Donation and membership transaction records. Payment card details are processed directly by Stripe and are never stored on our servers.
• Communication Data: Messages submitted through contact forms, newsletter preferences.
• Technical Data: Browser type, device information, session cookies for authentication.

4. Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data, subject to legal retention obligations.
• Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
• Right to Data Portability: Request your data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interest or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us through our contact form. We will respond to your request within 30 days.

5. International Data Transfers

Our servers and services are based in the United States. If you are located in the EEA or UK, your data will be transferred to and processed in the United States. We rely on the following safeguards for international transfers:

• Use of service providers (such as Stripe) that maintain appropriate data protection certifications and standard contractual clauses.
• Implementation of reasonable security measures to protect data during transfer and at rest.

6. Data Retention

We retain personal data as follows:

• Account Data: For as long as your account is active, plus a reasonable period afterward for record-keeping.
• Donation Records: As required by U.S. nonprofit reporting laws (typically 7 years).
• Newsletter Subscriptions: Until you unsubscribe.
• Contact Messages: For up to 2 years or until the inquiry is resolved, whichever is longer.
• Event Registrations: For up to 2 years after the event date.

7. Cookies

We use only essential cookies necessary for website functionality (session authentication). We do not use third-party tracking cookies, advertising cookies, or analytics cookies that require consent under GDPR. No cookie consent banner is required for strictly necessary cookies.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data, including TLS/HTTPS encryption for all data in transit, secure password hashing (bcrypt), role-based access controls, and regular security reviews.

9. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and notify affected individuals without undue delay, as required by GDPR.

10. Third-Party Processors

We use the following third-party data processors:

• Stripe: Payment processing for donations and memberships. Stripe is certified under the EU-US Data Privacy Framework. Stripe Privacy Policy
• Email Service Provider: For sending transactional notifications and newsletters to subscribers.

11. Supervisory Authority

If you are in the EEA or UK and believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.

12. Contact Us

For any GDPR-related inquiries or to exercise your data rights:

• Organization: G.O.T Woman, a program of GOT CONNECTIONS Foundation
• Website: gotwomen.org
• Contact Form: gotwomen.org/#contact