Privacy Policy

Effective Date: 15th of November 2025

Organization: Ababeel (the “Organization”, “we”, “us”, “our”)

1. Introduction

This Privacy Policy explains how Ababeel collects, uses, stores, discloses, and protects personal data when individuals interact with our organization, website, services, communications, or activities.

We are committed to protecting your privacy in accordance with:

Applicable Data Protection Laws

  • General Data Protection Regulation (EU) 2016/679 (“GDPR”) – Applies to users in the EU/EEA

  • UK Data Protection Act 2018 and UK GDPR – For users in the United Kingdom

  • California Consumer Privacy Act (CCPA) 2018, as amended by CPRA 2023 – For California residents

  • U.S. Children’s Online Privacy Protection Act (COPPA)

  • U.S. Health Insurance Portability and Accountability Act (HIPAA) (if applicable to medical data)

  • Canada Personal Information Protection and Electronic Documents Act (PIPEDA) (if applicable)

  • OECD Privacy Guidelines

  • Other local laws of countries where we operate, to the extent they apply.

If any national law provides stronger protection than this Policy, that law will apply.

2. Definitions (as per GDPR and global standards)

  • Personal Data: Any information related to an identifiable individual.

  • Processing: Any operation performed on personal data (collecting, storing, using, etc.).

  • Data Controller: Ababeel, responsible for deciding why and how data is processed.

  • Data Processor: Any third party that processes data on our behalf.

  • Data Subject: Any individual whose personal data we collect.

3. What Data We Collect

We may collect the following categories of data depending on your interaction with us:

3.1 Personal Identification Data

  • Full name

  • Contact information (email, phone number, address)

  • Identification documents (only when legally required)

  • Nationality (only when required for humanitarian or compliance purposes)

3.2 Sensitive Personal Data (Special Categories under GDPR Art. 9)

  • Collected only when necessary and with explicit consent:

  • Political opinions (e.g., reporting human rights violations)

  • Health data

  • Religious or ethnic background

  • Biometric or humanitarian assessment data

Legal Basis: GDPR Art. 6(1)(a), Art. 9(2)(a), Art. 9(2)(g) (public interest), or local humanitarian exemptions.

3.3 Technical & Usage Data

  • IP address

  • Browser type

  • Device identifiers

  • Cookies and analytics data

  • Log files

3.4 Communication Data

  • Emails

  • Social media interactions

  • Contact form messages

3.5 Donation & Financial Data

  • Payment information (processed via secure third-party providers)

  • Donation history

  • Billing details

We do not store complete credit card numbers.

4. Legal Basis for Processing (GDPR Art. 6)

We process data under the following lawful bases:

  • Consent – GDPR Art. 6(1)(a)

  • Contractual necessity – GDPR Art. 6(1)(b)

  • Legal obligation – GDPR Art. 6(1)(c)

  • Vital interests (protection of life) – GDPR Art. 6(1)(d)

  • Public interest – GDPR Art. 6(1)(e)

  • Legitimate interests – GDPR Art. 6(1)(f)

5. How We Use Your Data

We use personal data strictly for purposes such as:

  • Providing humanitarian, advocacy, and NGO services

  • Investigating and documenting human rights violations

  • Communication with supporters and beneficiaries

  • Improving and securing our website

  • Legal compliance, auditing, and fraud prevention

  • Processing donations and issuing receipts

  • Conducting research and producing reports (anonymized)

6. Cookies & Tracking Technologies

We use cookies in accordance with:

  • EU ePrivacy Directive 2002/58/EC

  • GDPR Recital 30

  • California CPRA/CCPA cookie rules

Types used:

  • Essential cookies

  • Analytics cookies

  • Preference cookies

  • Security cookies

Users may decline non-essential cookies.

7. Sharing of Personal Data

We may share your data only with:

Authorized Third Parties

  • Payment processors (PCI-DSS compliant)

  • Cloud service providers

  • Analytics platforms

  • Legal authorities (when required by law)

  • Partner NGOs

  • Human rights monitoring bodies

International Data Transfers

If data is transferred outside the EU/EEA, we use:

  • GDPR Standard Contractual Clauses (SCCs)

  • Adequacy decisions (GDPR Art. 45)

  • Binding Corporate Rules (BCRs)

8. Data Protection Measures

We apply industry-standard security including:

  • Encryption (in transit & at rest)

  • Access controls and authentication

  • Regular security audits

  • Data minimization (Art. 5 GDPR)

  • Pseudonymization and anonymization techniques

  • Secure servers within compliant jurisdictions (EU/EEA preferred)

9. Data Retention

We retain data only for as long as legally required or operationally necessary:

  • Account data: until user requests deletion

  • Donation records: up to 10 years (legal accounting requirement)

  • Communication data: 1–3 years

  • Sensitive data: shortest possible duration

  • Website logs: typically 30–180 days

Retention follows GDPR Art. 5(1)(e) and local compliance laws.

10. Your Rights (GDPR, CCPA, Global Laws)

EU/EEA Rights under GDPR

  • Right to access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure — “Right to be forgotten” (Art. 17)

  • Right to restrict processing (Art. 18)

  • Right to data portability (Art. 20)

  • Right to object (Art. 21)

  • Right to withdraw consent at any time (Art. 7)

  • Right not to be subject to automated decision-making (Art. 22)

U.S. Rights (CCPA/CPRA)

California residents have:

  • Right to know what data is collected

  • Right to deletion

  • Right to opt-out of sale or sharing

  • Right to non-discrimination

  • Right to correct inaccurate data

We do not sell personal data.

Global Rights

  • We respect rights consistent with:

  • OECD Privacy Principles

  • UN Human Rights Data Protection Guidelines

11. Data of Minors

We comply with:

  • GDPR Art. 8

  • COPPA (U.S.) age 13 rule

We do not knowingly collect data from children under 13 without verified parental consent.

12. Third-Party Links

Our website may link to third-party sites.

We are not responsible for their privacy practices.

13. Data Breaches

In case of a breach, we will:

  • Notify the supervisory authority within 72 hours (GDPR Art. 33)

  • Notify affected individuals when risk is high (Art. 34)

  • Follow applicable global breach-notification laws (e.g., U.S. state laws)

14. Contact Information

For requests, complaints, or rights exercises:

Data Protection Officer (DPO)

Ababeel

Email: support@ababeel.org

If you are in the EU/EEA, you may also lodge a complaint with your national supervisory authority.

15. Changes to This Policy

We may update this Privacy Policy to reflect legal or operational changes.

Updates will be posted with a revised “Effective Date.

ABABEEL

Email: support@ababeel.org

Phone: 123-456-7890

© 2025 ABABEEL

GET INVOLVED

POLICIES

Contact Us

How We’re Run

Join

Take Action

News

Campaigns

Privacy Policy

Accessibility

Cookie Statement

Permissions

Refunds of Donations

Terms