PRIVACY

This Privacy Policy explains how United People’s Improvement Association (“UPIA”, “we”, “us”) processes personal data when you visit our website, contact us, donate, become a member or subscribe to our newsletter.

We process personal data in accordance with the EU General Data Protection Regulation (GDPR).


1. Data controller

United People’s Improvement Association (UPIA)
Reitmayrgäßchen 5a
86152 Augsburg
Germany

Chairperson: Sascha Gaupties

Phone: +49 (0)821 48659327
Email: info@upia-projects.com


2. What data we process when you visit our website

2.1 Server log files

When you access our website, your browser automatically sends information to our server. This information is stored temporarily in log files. The following data may be collected:

  • IP address of the requesting device

  • date and time of access

  • URL of the page accessed

  • referrer URL (previously visited page)

  • browser type and version

  • operating system

We process this data to ensure the technical operation, security and optimisation of the website. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR).


2.2 Cookies and consent (CookieYes)

We use cookies to operate our website and – where necessary – to obtain your consent for certain types of processing.

We use the “CookieYes | GDPR Cookie Consent” plugin to display a cookie banner and store your consent choices. This plugin sets a cookie in your browser that remembers whether you agreed, rejected or customised cookies. This cookie is not used for advertising purposes.

The legal basis for using cookies that are technically necessary is our legitimate interest (Art. 6(1)(f) GDPR). For all other cookies, the legal basis is your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time via the cookie settings.


2.3 Privacy-friendly analytics (Independent Analytics)

We use the WordPress plugin “Independent Analytics” to understand how our website is used. The plugin runs entirely on our own server, does not set cookies and does not store personal data such as full IP addresses or exact identifiers. Instead, anonymised information (for example page views, country, device type) is stored in our WordPress database.

The legal basis is our legitimate interest in analysing and improving our website (Art. 6(1)(f) GDPR).


2.4 Language switching (GTranslate)

To offer our content in different languages we use the plugin “GTranslate”. When you activate a translation, technical data (for example your IP address and the content of the page) may be transmitted to GTranslate and to translation providers that GTranslate uses. These providers may be located outside the EU.

The legal basis is our legitimate interest in providing a multilingual website (Art. 6(1)(f) GDPR). If and where we ask for your consent (for example via the cookie banner), the legal basis is Art. 6(1)(a) GDPR.

For more information please see the GTranslate privacy policy on their website.


3. Donations, payments and membership

3.1 Bank transfers and other payment methods

If you donate to UPIA or pay membership fees via bank transfer, we process the personal data that appears in the payment process, for example:

  • name and, if applicable, address

  • bank details (IBAN, BIC)

  • amount, date and time of the payment

  • purpose (for example project or membership)

We use this data only to receive and manage your donation or membership fee, to allocate it to the correct project or membership and to comply with accounting and tax obligations. We do not use this data for any other purposes unless you have explicitly agreed (for example for receiving our newsletter).

If you use external payment services such as PayPal (or, in the future, Western Union or similar services), the respective payment provider processes your data under its own responsibility and in accordance with its own privacy policy. We receive only the information needed to confirm and allocate the payment.

The legal basis is Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures) and Art. 6(1)(c) GDPR (legal obligations, for example tax law).


3.2 Membership

If you become a member of UPIA, we process the data you provide in the membership application, for example:

  • name, contact details and address

  • bank details (if you authorise us to collect fees)

  • type and start of membership

We use this data to manage your membership and to communicate with you. If we detect misuse or serious violations of our statutes, we reserve the right to cancel a membership in accordance with our internal rules.

The legal basis is Art. 6(1)(b) GDPR (performance of the membership contract) and, where applicable, Art. 6(1)(f) GDPR (legitimate interest in protecting the association).


4. Contacting us

If you contact us by email, phone or via a contact form on the website, we process the data you provide (for example name, email address, phone number and your message) in order to respond to your enquiry.

The legal basis is Art. 6(1)(b) GDPR if the request is related to a (potential) contract, and otherwise our legitimate interest in answering enquiries (Art. 6(1)(f) GDPR).


5. Newsletter

If you choose to subscribe to our email newsletter, we process your email address and, if provided, your name. We use this information only to send you news about our projects, activities and opportunities to support UPIA.

You can unsubscribe at any time via the unsubscribe link in every newsletter or by contacting us directly. In this case, we will stop sending newsletters to you and delete your data, unless legal retention obligations require longer storage.

The legal basis is your consent (Art. 6(1)(a) GDPR).


6. External links

Our website contains links to websites of friends, partner organisations and other third parties all over the world. We have no influence on the content of these external websites. The respective provider or website operator is always responsible for the content and data processing on those pages.

When the links were created, no legal violations were apparent. Continuous monitoring of the linked pages is not reasonable without concrete evidence of a violation. If we become aware of any legal infringements, we will remove such links immediately.

When you follow a link, the privacy policies of the respective third-party websites apply.


7. How long we store your data

We store personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law (for example tax retention periods).

In detail:

  • server log files are usually stored for a short period for security reasons and then deleted or anonymised;

  • donation and membership data are stored for the duration of the relationship and for the legally required retention period (usually 6–10 years);

  • newsletter data is stored until you unsubscribe or withdraw your consent;

  • contact enquiries are stored as long as necessary to process your request and for possible follow-up questions.


8. Legal bases (overview)

We process personal data on the following legal bases under the GDPR:

  • Art. 6(1)(a) GDPR – consent (for example newsletter, non-essential cookies);

  • Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures (for example membership, donations you initiate);

  • Art. 6(1)(c) GDPR – legal obligations (for example accounting and tax law);

  • Art. 6(1)(f) GDPR – legitimate interests (for example secure operation of the website, internal administration, prevention of misuse).


9. Data sharing and transfers to third countries

We only share personal data with third parties if this is necessary for the purposes described above, if we are legally obliged to do so or if we have your consent.

This includes, in particular:

  • banks and payment service providers (for processing donations and membership fees);

  • IT and hosting service providers;

  • newsletter and communication service providers (if used);

  • tax advisers or auditors, where required by law.

Some of these providers may be located outside the European Union. In such cases we ensure that an adequate level of data protection is in place, for example through EU standard contractual clauses or an adequacy decision by the European Commission.


10. Security

We take appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access. However, no internet transmission or storage system can be guaranteed to be 100% secure.


11. Your rights under the GDPR

As a data subject you have the following rights, subject to the legal requirements:

  • Right of access (Art. 15 GDPR) – to obtain information about your personal data;

  • Right to rectification (Art. 16 GDPR) – to have inaccurate data corrected;

  • Right to erasure (Art. 17 GDPR) – to request deletion of your data, where possible;

  • Right to restriction of processing (Art. 18 GDPR);

  • Right to data portability (Art. 20 GDPR);

  • Right to object (Art. 21 GDPR) – in particular to processing based on legitimate interests;

  • Right to withdraw consent (Art. 7(3) GDPR) – with effect for the future.

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.


12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example when our website, services or applicable laws change. The current version will always be published on this page.


13. Contact

If you have any questions about this Privacy Policy or about how we process personal data, please contact us:

United People’s Improvement Association (UPIA)
Reitmayrgäßchen 5a
86152 Augsburg
Germany

Email: info@upia-projects.com
Phone: +49 (0)821 48659327