Legal

Privacy Policy

Last updated: June 2025

1. Our Commitment

Hummingbird Sanctuaries ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website at hummingbirdsanctuaries.org or interact with our services.

We operate in compliance with the General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data protection laws.

Data Controller: Hummingbird Sanctuaries · office@hummingbirdsanctuaries.org

2. Information We Collect

Information you provide directly:

  • Name and email address (via contact form or donation)
  • Message content submitted through our contact form
  • Donation amount and payment details (processed securely — we do not store card data)
  • Any information you voluntarily share when reaching out for support

Information collected automatically:

  • IP address and browser type
  • Pages visited and time spent on site
  • Referring website or search engine
  • Cookie data (see Section 7)

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

  • Consent — when you submit a form or accept cookies
  • Legitimate interests — to operate and improve our website and services
  • Legal obligation — when required by law (e.g. financial reporting as a nonprofit)
  • Contract performance — to process your donation or respond to your inquiry

4. How We Use Your Information

  • To respond to your inquiries and provide support
  • To process donations securely
  • To send updates about our work (only with your consent)
  • To improve our website and user experience
  • To comply with legal and financial obligations
  • To protect the safety and integrity of our services

We will never sell, rent, or trade your personal data to third parties for marketing purposes.

5. Data Retention

We retain your personal data only for as long as necessary:

  • Contact form submissions: up to 2 years
  • Donation records: 7 years (legal/financial obligation)
  • Newsletter subscribers: until you unsubscribe
  • Website analytics data: up to 14 months
  • Cookie consent records: up to 12 months

After these periods, your data is securely deleted or anonymized.

6. Third Parties

We may share your data with trusted third-party services strictly necessary to operate our website:

  • Webflow — website hosting and form processing (USA, GDPR compliant)
  • Formspree — contact form email delivery (USA, GDPR compliant)
  • Google Analytics — website analytics (only with your cookie consent)
  • Payment processors — for secure donation processing

All third-party providers are required to handle your data in accordance with GDPR and applicable privacy laws. We do not share your data with any other third parties without your explicit consent.

International Data Transfers

Some of our service providers are based outside the EU/EEA (primarily in the USA). Where this is the case, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Cookies

Our website uses cookies — small text files stored on your device. We use the following categories:

  • Essential cookies — necessary for the website to function. Cannot be disabled.
  • Analytics cookies — help us understand how visitors use our site (e.g. Google Analytics). Only used with your consent.
  • Marketing cookies — used to measure the effectiveness of our outreach. Only used with your consent.

When you first visit our site, you will be asked for your cookie preferences. You can change your preferences at any time by clearing your browser cookies and revisiting the site.

To learn more about managing cookies, visit allaboutcookies.org.

8. Payment Security

All donations are processed through secure, encrypted payment systems. We do not store your credit card or banking information on our servers. Payment data is handled entirely by our payment processors, who are PCI DSS compliant.

9. Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Object

Object to processing based on legitimate interests or direct marketing.

Right to Restriction

Ask us to limit how we use your data in certain circumstances.

Right to Portability

Receive your data in a structured, machine-readable format.

To exercise any of these rights, contact us at office@hummingbirdsanctuaries.org. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data correctly.

10. Children's Privacy

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

12. Contact Us

Privacy Inquiries

For any questions, requests, or concerns regarding this Privacy Policy or your personal data:

Email: office@hummingbirdsanctuaries.org

Organization: Hummingbird Sanctuaries — Nonprofit Organization

Website: hummingbirdsanctuaries.org

We aim to respond to all privacy requests within 30 days.

Accessibility

Larger Text
High Contrast
Highlight Links
Stop Animations
Readable Font