Privacy Policy

Last updated: February 13, 2026

This Privacy Policy explains how Boiling Harmonies processes personal data in line with the EU General Data Protection Regulation (GDPR) and applicable EU Member State privacy laws.

1. Data Controller

Boiling Harmonies is the data controller for the personal data described on this page. For privacy requests, contact us at info@boiling-head.com.

2. What Data We Collect

  • Donation data: name, email, donation amount, chosen payment provider, donation status, and payment reference IDs.
  • Newsletter data: email, consent status, consent timestamp, consent IP, and user agent.
  • Technical/security data: IP address, browser/device data, and security logs when needed to protect the service.
  • Site storage data: essential cookies and form draft data stored in your browser (localStorage) for form recovery.

3. Why We Process Your Data (Purposes and Legal Bases)

  • To process donations and payment confirmation: GDPR Art. 6(1)(b) (contract / pre-contract steps).
  • To meet accounting, fraud prevention, and legal obligations: GDPR Art. 6(1)(c).
  • To run and secure the website: GDPR Art. 6(1)(f) (legitimate interests).
  • To send newsletters: GDPR Art. 6(1)(a) (consent, withdrawable at any time).

4. Sharing Data With Third Parties

We do not sell your personal data and we do not share it for advertising purposes. We share personal data only when needed to provide core services, including payment processing.

  • Payment processors (for example, Stripe and PayPal) to complete and verify payments.
  • Service providers such as hosting, email delivery, and infrastructure providers, only where necessary.
  • Authorities or legal recipients where disclosure is required by law.

5. International Transfers

Some service providers may process data outside the EEA. Where this occurs, we rely on lawful transfer mechanisms required by GDPR Chapter V (for example, adequacy decisions or Standard Contractual Clauses).

6. Data Retention

  • Donation records are retained for legal/accounting and audit requirements.
  • Newsletter data is kept while subscribed and can be removed upon request, subject to legal constraints.
  • Local form-draft storage remains on your device until it expires or you clear it.

7. Your GDPR Rights

You may request, where applicable:

  • Access to your data.
  • Rectification of inaccurate data.
  • Erasure.
  • Restriction of processing.
  • Objection to processing based on legitimate interests.
  • Data portability.
  • Withdrawal of consent at any time (for consent-based processing).
  • Lodging a complaint with your local supervisory authority.

8. Cookies and Similar Technologies

We use essential cookies and browser storage needed for security and core functionality. For details, see our Cookie Policy.

9. Public Supporter Display

On fundraiser pages, donor display names may be shown publicly unless the anonymous option is selected during donation.