Privacy Policy

Last updated: February 2025

The protection of your personal data is of utmost importance to us. We process your data exclusively in accordance with the European General Data Protection Regulation (GDPR) and the Liechtenstein Data Protection Act (DSG), as well as other applicable data protection laws. This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website, interact with us via social media, mobile applications, or other web-based services.

This Privacy Policy applies to the Jonaron Charities Foundation websites (www.jonaroncharities.org), affiliated platforms (jonaronfoundation.submittable.com), and all related services, events, and functionalities (collectively, our “Services”).
We reserve the right to update this Privacy Policy to comply with legal requirements or reflect changes in our data processing practices. Any updates take effect upon publication on our website.

1.0 OVERVIEW

This section provides a summary of what happens to your personal data when you decide to contact us or apply for a charity funding request.

1.1 Controller and Data Protection Officer

Allgemeines Treuunternehmen, Aeulestrasse 5, 9490 Vaduz as representative of the Jonaron Charity Foundation is the data controller.
The contact for the Data Protection Officer of the Jonaron Charity Foundation is: datenschutzbeauftragter @ atu.li.

1.2 Data Collection on Our Website

1.2.1 How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

• Directly from you: When you provide it through contact forms, registrations, or other interactions (last and first name, Email)
• Automatically: Certain technical data (e.g., IP address, browser type, operating system) is collected when you visit our website.

1.2.2 Why do we collect your data?

• To provide and secure our website.
• To analyze and improve the performance of our services.
• To process applications and respond to inquiries.
• To comply with legal obligations under Liechtenstein’s DSG and the GDPR.

1.2.3 What rights do you have regarding your data?

Under the GDPR and the Liechtenstein DSG, you have the following rights:

• Right of access (Art. 15 GDPR & Art. 25 DSG) – Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16 GDPR & Art. 26 DSG) – Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR & Art. 27 DSG) – Request deletion of your data under certain conditions (“right to be forgotten”).
• Right to restriction of processing (Art. 18 GDPR & Art. 28 DSG) – Request limitation of how we process your data.
• Right to object (Art. 21 GDPR & Art. 29 DSG) – Object to processing, especially for direct marketing purposes.
• Right to data portability (Art. 20 GDPR & Art. 30 DSG) – Request transfer of your data to yourself or another provider in a machine-readable format.

2.0 GENERAL INFORMATION AND LEGAL BASIS

2.1 Data Security

We implement technical and organizational security measures to protect your data against loss, manipulation, and unauthorized access. Our website uses SSL/TLS encryption, identifiable by the “https://” prefix in the URL and a padlock icon in your browser’s address bar.

2.2 Legal Basis for Data Processing

We process your data based on the following legal grounds:

• Consent (Art. 6(1)(a) GDPR & Art. 14(1)(a) DSG) – When you have given explicit consent.
• Contractual necessity (Art. 6(1)(b) GDPR & Art. 14(1)(b) DSG) – When processing is necessary for contract performance.
• Legal obligation (Art. 6(1)(c) GDPR & Art. 14(1)(c) DSG) – When processing is required by law.
• Legitimate interest (Art. 6(1)(f) GDPR & Art. 14(1)(f) DSG) – When processing is necessary for fulfillment of the foundation’s purposes, provided your rights do not override these interests.

2.3 Processing of Personal Data by the Foundation Staff

To implement the foundation’s statutory purposes, the members of the Foundation Staff process personal data. This data processing is carried out for the purpose of reviewing and deciding on funding allocations.

The Foundation Staff processes personal data under its own responsibility and in compliance with applicable data protection regulations.

The legal basis for this processing is Article 6 (1) (f) GDPR (legitimate interest of the foundation in proper governance) and Article 6 (1) (c) GDPR (legal obligations of the foundation).

2.4 Withdrawal of Consent

If we process your data based on consent, you can withdraw it at any time with future effect by contacting us. Processing carried out before withdrawal remains lawful.

3.0 DATA COLLECTION ON OUR WEBSITE

3.1 Cookies

Our website uses cookies to enhance your experience. You can configure your browser settings to block or delete cookies at any time.

• Essential cookies: Required for website functionality.
• Analytical and tracking cookies: Used for performance analysis and traffic measurement.

You can withdraw consent for non-essential cookies at any time.

3.2 Server Log Files

When you visit our website, we automatically store certain technical information:

• Browser type and version
• Operating system
• Referrer URL
• Date and time of access
• IP address (anonymized)

This data is used for security purposes and website maintenance and is not combined with other data sources.

3.3 Contact Form

When you contact us via contact form, the data you provide will be processed solely to respond to your request. Processing is based on your consent (Art. 6(1)(a) GDPR & Art. 14(1)(a) DSG). You can withdraw your consent at any time.

3.4 User Registration

For certain services (e.g., grant applications), user registration is required. The necessary personal data is collected and used exclusively for the stated purpose.

4.0 Data Sharing & Third-Party Processing

4.1 Third-Party Data Processing

We only share your data with third parties when:

• It is required to fulfill a contract (Art. 6(1)(b) GDPR & Art. 14(1)(b) DSG).
• There is a legal obligation (Art. 6(1)(c) GDPR & Art. 14(1)(c) DSG).
• You have given consent (Art. 6(1)(a) GDPR & Art. 14(1)(a) DSG).
• It is in our legitimate interest (Art. 6(1)(f) GDPR & Art. 14(1)(f) DSG), such as ensuring website security.

4.1.1 Processing of Personal Data by External Service Providers

Specifically, we use a 3rd party service at jonaron.submittable.com operated by Submittable Holdings, Inc. (“Submittable”) to process Grant Applications for funding by us. By choosing to register and use their website to be considered for funding by the Jonaron Charities Foundation, you understand and agree to their separate Privacy Policy and Terms of Service which are accessible here: https://www.submittable.com/privacy/

We also use cloud-based services for the storage and processing of personal data, specifically Microsoft 365 (OneDrive, Outlook, Sharepoint, etc.) and GoDaddy Managed WordPress Website. These systems are used for internal communication, document management, and email correspondence.

The processing is based on Article 6 (1) (f) GDPR (legitimate interest in efficient and secure administration) or Article 6 (1) (b) GDPR (performance of a contract, if necessary).

The providers, Microsoft Corporation and GoDaddy Operating Company, LLC, are located in the USA. Data transfers are carried out based on the Standard Contractual Clauses (SCC) pursuant to Article 46 GDPR to ensure an adequate level of data protection.
For more information on the data protection policies of these providers, please visit:

• Microsoft: https://privacy.microsoft.com
• GoDaddy: https://www.godaddy.com/legal/agreements/privacy-policy

4.1.2 International Data Transfers

If personal data is transferred outside the EU/EEA or Liechtenstein, we ensure compliance with Articles 44–50 GDPR & Articles 33–36 DSG through safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.

5.0 Your Rights Under GDPR & DSG

If you would like to assert the above rights, please contact: web @ jonaroncharities.org

If you believe your data protection rights have been violated, you have the right to file a complaint with our data protection officer: datenschutzbeauftragter @ atu.li. You furthermore have the right to lodge a complaint directly with the Liechtenstein Data Protection Office: https://www.datenschutzstelle.li.

6.0 Policy Updates

We reserve the right to modify this Privacy Policy in compliance with the GDPR and Liechtenstein DSG. Changes take effect upon publication.