Policy

United Patrons Privacy Policy

Effective date: January 1, 2025

1. Introductory Provisions: Our Commitment to Protecting Your Privacy

Welcome to the United Patrons community. Protecting your personal information and being transparent about how we process it are fundamental pillars of our trust. This Privacy Policy (the “Policy”) explains in detail what information we collect, why we collect it, how we use and protect it, and what rights you have to control your information.

1.1 Who we are and the scope of this policy

The controller of your personal data is a Canadian non-profit organizationUNITED PATRONS, The Ontario Corporation Number (OCN): 1001025182, with its registered office at Woodbine Steeles Corporate Centre, 7030 Woodbine Avenue, Markham ON, Canada (hereinafter referred to as the “Organization" or "we").

This Policy applies to all personal information we collect from anyUsers(i.e. from Patrons, Creators, Fundraisers and unregistered visitors) through ourPlatforms. Platform means the United Patrons ecosystem, including the website at www.unitedpatrons.org, related mobile applications, and all services and technologies provided by the Organization.

1.2 Relationship to other documents

These Principles are an integral and legally binding part of our core business.Terms of UseBy accepting the Terms of Use when registering for an account or using our Platform, you acknowledge that you have read these Policies and agree to the practices described herein.

This document is part of a broader legal framework that further includesCommunity Code of Ethics a An independent cooperation agreement with a fundraiserBy legally incorporating all of these documents into the Terms of Use, we create a single, unified and transparent set of rules that govern your relationship with the Platform. This approach ensures that your consent given upon registration covers all aspects of the operation of our community and provides clear legal certainty for all parties involved.

1.3 Official language and translations

The official and legally binding version of all of our legal documents, including this Policy, is the English language version. Translations into other languages ​​are provided solely for your convenience and have no legal effect. In the event of any conflict between the English version and a translation thereof, the English version will always prevail. This measure is to prevent confusion and disputes that could arise from inaccuracies in translation.

2. What personal data do we collect, for what purpose and on what legal basis?

Our guiding principle is to collect only the data that is necessary to provide, secure and improve our services. In accordance with the General Data Protection Regulation (GDPR), we have prepared a detailed overview of our processing activities to make it clear what data we process, why and on what basis.

2.1 Overview of our processing activities (Register of Processing Activities)

The following table serves as a central register of our processing activities. It provides a transparent and comprehensive view of the lifecycle of your data on our Platform. This format not only meets the strict requirements of the GDPR, but also gives you a clear tool for understanding how we handle your data.

Data categories

Examples

Purpose of processing

Legal basis (according to Art. 6 GDPR)

Retention period

Identification data

Name, email address, password (securely encrypted), profile picture, country of residence.

Creation and management of a user account; basic communication regarding services; identification of the User on the Platform.

Performance of the contract (Terms of Use).

For the duration of the active account + 3 years for resolving any disputes.

Project and content information

Project descriptions, set goals, images, videos, progress updates, public comments, feedback.

Displaying and promoting Projects on the Platform; enabling transparent communication and community interaction.

Contract fulfillment (Grant and project implementation contract with the Creator).

Permanently (as part of the public record of the funded Project), unless it is contrary to law or the Code of Ethics.

Financial and transactional data

Records of Donations provided, transaction history, payment details (processed exclusively by a third party).

Processing Donations from Patrons; disbursement of grants to Creators; disbursement of rewards to Fundraisers.

Contract fulfillment (Donation contract, Grant contract, Fundraiser contract).

7 years from the transaction to fulfill legal financial and tax obligations.

Identity verification data (KYC)

Copy of official ID, biometric data for facial verification (processed by Stripe Identity).

Verifying the identity of Creators and Fundraisers for the purpose of disbursing funds in accordance with anti-money laundering (AML) regulations.

Explicit consent (for processing biometric data) AND Fulfillment of legal obligation (for identity verification itself according to AML).

Processed and stored by our partner (Stripe); we only receive the verification result (pass/fail).

Usage data and technical data

IP address, browser type and version, operating system, referring URL, access timestamp.

Platform security; prevention of fraud and cyberattacks; analysis and improvement of functionality and user experience.

Legitimate interest (ensuring the security, stability and functionality of our Platform).

12 months.

Referral data

Unique codes in URL addresses; records of referrals of new Users or Donations.

Awarding Bonus Credits (XP) to Fundraisers for their promotional activities under the Bonus Credits Program.

Contract fulfillment (Contract on independent cooperation with the fundraiser).

For the duration of the Bonus Credit + 1 year for audit and dispute resolution purposes.

2.2 A more detailed explanation of data categories

Identification data:This is basic information that you provide to us when you create an account. It is necessary for us to uniquely identify you, communicate with you, and manage your account.

Project and content information:All content that you upload to the Platform as a Creator (text, images, videos) or that you create as a User (comments) is primarily intended for publication. This information forms the core of our community platform.

Financial and transactional data:To ensure maximum security, we never collect or store sensitive payment information such as credit card numbers. All financial transactions are processed through reputable and certified payment gateways such asStripe a PayPalWe only keep records of transactions (amount, date, purpose) for accounting and tax purposes.

Identity verification data (KYC - Know Your Customer):In order to pay out funds to Creators and Fundraisers while complying with international anti-money laundering (AML) regulations, we need to verify their identity. We use a dedicated service for this purpose.Stripe Identity. This process may involve uploading a copy of your ID and taking a biometric facial scan for comparison. The processing of this sensitive data is based on a dual legal basis. First, we require your explicit consent for the biometric verification itself. Second, the identity verification requirement itself arises from our legal obligation to comply with AML regulations. This two-step approach ensures maximum legal protection and robustness of the process. We never have access to your biometric data; we only receive confirmation that the verification was successful.

Usage and technical data:We automatically collect technical information about your device and how you use our Platform. This data is essential for protecting the Platform from attacks, detecting fraudulent behavior, and for analytics that help us improve our services.

3. Your rights: Tools to control your data

In accordance with the GDPR, we guarantee you full control over your personal data. Below you will find an overview of your rights and clear instructions on how to exercise them. We see these rights not only as a legal obligation, but as a fundamental element of a transparent and fair relationship with our community.

3.1 Overview of your rights

As a data subject, you have the following rights:

  • The right to be informed:The right to clear, transparent and understandable information about how we use your personal data. This is what this Policy is for.

  • Right of access:The right to obtain a copy of the personal data we process about you.

  • Right to rectification:The right to request correction of inaccurate or incomplete data we hold about you.

  • Right to erasure ("right to be forgotten"):The right to request the erasure of your personal data if it is no longer necessary for the purposes for which it was collected or if you withdraw your consent.

  • Right to restriction of processing:The right to request a temporary restriction of the processing of your data (e.g. while its accuracy is being verified).

  • Right to data portability:The right to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller.

  • Right to object:The right to object to the processing of your data which is based on our legitimate interest.

  • Rights related to automated decision-making and profiling:The right not to be subject to a decision based solely on automated processing which produces legal or similarly significant effects for you.

3.2 Detailed explanation and how to apply it

You can manage most of your data directly by logging into your user account in the "Settings" section. Here you can update your identification information, manage notifications, and privacy settings.

To exercise any of the above rights that cannot be exercised directly in your account settings, or if you have any questions, please contact us at our central data protection email address:info@unitedpatrons.orgWe will respond to your request within the statutory deadline.

3.3 Limitations on the right to erasure

We respect your right to erasure, but we also have to fulfill our legal and contractual obligations. Even after deleting your account, we must therefore retain some data for the necessary period. These include:

  • Transaction records:We must retain information about Donations and Grants for the period required by tax and accounting laws (usually 7 years).

  • Public records about Projects:Information about successfully funded Projects, including their descriptions and updates (without the Creator's personal data beyond their public profile), remains part of the Platform's public archive to maintain transparency and integrity of funding.

  • Data necessary for legal disputes:We may retain information relevant to potential legal claims for the duration of statutes of limitations.

We will transparently inform you about these restrictions when processing your deletion request.

4. Data Sharing and International Transfers: How Data Flows in Our Global Community

United Patrons is a global platform that aims to connect Creators and Patrons around the world. In order to fulfill this mission, it is sometimes necessary to share data with third parties and transfer it across borders. This process is always carried out with the utmost emphasis on security and in accordance with the strictest legal standards.

4.1 Who we share your data with

We share your personal data only to the extent strictly necessary and with carefully selected partners:

  • Project Creators and Recipients:If you make a Donation to a Project that offers Rewards, we may share your name and contact information with the Project Creator solely for the purpose of delivering the promised Reward.

  • Payment processors:As already mentioned, we use external partners to process payments such asStripe a PayPalWe only share with them the information necessary to complete the transaction.

  • Service providers:We work with vendors who provide us with technical infrastructure, such as hosting, security, analytics tools, or customer support. These partners are contractually bound to protect your data and may only use it to perform their tasks for us.

  • Local partner organizations:To facilitate the implementation of local Projects and support local communities, we may share relevant data with our official partner organizations in the country.

  • Legal authorities:In the event of a legal obligation, such as a court order or a request from law enforcement authorities, we may be forced to provide the requested information.

4.2 International data transfer strategy

Our global footprint requires a thoughtful strategy for international data flows that ensures a consistent level of protection for your data, regardless of where it is processed.

  • Primary storage in Canada:The main data controller is our Canadian organization and data is primarily stored on servers in Canada.

  • Transfers from the European Economic Area (EEA) to Canada:For EEA Users, it is crucial that the European Commission has issued a so-calleddecision on the appropriate level of protection(for commercial activities falling under PIPEDA). This means that the transfer of personal data from the EEA to our Canadian organization is considered secure and does not require any additional measures, as Canada guarantees a level of protection comparable to the GDPR.

  • Subsequent transfers and the "adequacy trap":We understand that the adequacy decision only applies to Canada. However, our mission to support local projects may require sharing data with partner organizations in countries that do not have such a decision (such as Brazil or India). To ensure that your data remains protected during these so-called "onward transfers," we use a legal safeguardStandard Contractual Clauses (SCCs)approved by the European Commission. These clauses contractually bind our partners worldwide to data protection standards comparable to the GDPR. In this way, we proactively manage risk and ensure that your data is protected at every step of its journey through our global network.

5. Data security and retention

The security of your data is our highest priority. We implement robust technical and organizational measures to prevent unauthorized access, loss, destruction or damage to your personal data.

5.1 Our security measures

Our key security measures include:

  • Encryption:All communication between your browser and our servers is encrypted using the TLS (Transport Layer Security) protocol. Sensitive data, such as passwords, is stored in encrypted (hashed) form in our databases.

  • Access control:Only authorized employees and partners who absolutely need it to perform their work have access to personal data and are bound by strict confidentiality.

  • Regular audits and testing:We regularly monitor and test our infrastructure for vulnerabilities.

  • Responsible disclosure:We support responsible reporting of security bugs and are committed to resolving them quickly.

Despite our best efforts, no data transmission over the internet is 100% secure. Therefore, it is important that you protect your account with a strong and unique password and consider enabling two-factor authentication.

5.2 Data retention period

We only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected. The specific retention periods for each category of data are transparently set out in the table below."Register of processing activities" in Section 2of this Policy. This approach ensures that we do not retain any data longer than necessary and provides you with maximum transparency.

6. Protecting children's privacy

Our Platform is not intended for children. We actively seek to protect the privacy of minors and have strict age restrictions in place.

  • To create a user account on the United Patrons Platform, a person must be over the age of16 let.

  • To establish a Project asCreatoror to act as a collaborator on the Project, the person must be older18 let.

We do not knowingly collect personal information from anyone under the age of 16. If you believe that such information has been provided to us without parental or guardian consent, or that the Project Creator is a person under the age of 18, please contact us immediately by email atinfo@unitedpatrons.orgWe will take immediate steps to delete such account and related data.

7. Cookie Policy

This section explains in detail how our Platform uses cookies and similar technologies. Our goal is to give you full control over your online privacy and enable you to make informed decisions about what information you share with us.

7.1 What are cookies and why do we use them?

A cookie is a small text file that a website stores on your computer or mobile device when you visit it. Cookies help us ensure the functionality of the Platform, improve your user experience, analyze traffic and personalize content.

7.2 Types of cookies on our Platform

We divide the cookies we use into the following categories:

  • Strictly necessary cookies:These cookies are essential for the basic functioning of the Platform. They allow you to log in, make transactions (give Donations) and use security features. Without these cookies, the Platform would not be able to function properly and therefore do not require your consent.

  • Functional cookies:These cookies remember your choices and preferences (such as preferred language or region) and allow us to tailor the Platform to your needs. Their purpose is to make your visit more enjoyable and efficient.

  • Analytical cookies:These cookies help us understand how Users use our Platform. They collect anonymized information about the number of visitors, pages visited, and traffic sources. We use tools such as Google Analytics to use this data to improve the structure and content of the Platform.

  • Marketing and advertising cookies:These cookies are used by us and our partners to display relevant advertisements for Projects on other websites and social networks. They track your activity on our Platform in order to offer you content that may be of interest to you.

7.3 Your consent and how to manage it

We fully respect your right to privacy. When you first visit the Platform (especially if you are accessing from a jurisdiction with strict privacy laws, such as the EU), you will be presented withcookie banner.

This banner will give you clear and transparent control:

  • No pre-checked consents:With the exception of strictly necessary cookies, no other categories of cookies are activated without your explicit and active consent.

  • Granular control:You have the option to accept all cookies, reject all non-essential cookies, or set in detail which categories (functional, analytical, marketing) you allow.

  • Easy to change settings:You can change your preferences at any time via the "Cookie Settings" link, which is permanently available on our website.

This system ensures that you have full and permanent control over what cookies are used on your device.

8. Final provisions

This section contains important information about how we will update this Policy and how you can contact us if you have any questions.

8.1 Changes to this policy

The world of technology and legislation is constantly evolving, and therefore we may update this Policy from time to time to reflect changes in our services or legal requirements. We will inform you of any material changes in good time (for example, by email or by prominent notice on the Platform). The date of the last update will always be indicated at the beginning of this document. Your continued use of the Platform after the changes become effective will be deemed your acceptance of the new version of the Policy.

8.2 How to contact us

If you have any questions, comments or requests regarding the protection of your personal data, please do not hesitate to contact us. We have established a central contact point for all communication in this area:

Email: info@unitedpatrons.org

This email address serves as the official contact for all data protection matters and also as the contact for our Data Protection Officer for the European Union and the European Economic Area, as required by the GDPR.

;