Data Processing Policy
This Data Processing Policy supplements the Privacy Policy and describes how personal data may be processed in connection with website operations, contribution handling, donor support, security, fraud prevention, and legal compliance.
1. Processing Purposes
Personal data may be processed for the following legitimate and operational purposes:
- administration of the website and its lawful contribution tools;
- processing, acknowledgement, recordkeeping, and support relating to contributions;
- responding to user, donor, compliance, and legal inquiries;
- fraud detection, anti-abuse screening, chargeback response, and security incident review;
- financial recordkeeping, accounting, tax preparation, and audit readiness;
- compliance with court orders, regulatory requests, and other legal obligations.
2. Categories of Data Processed
- identity and contact data;
- transaction and donation records;
- communication logs and support history;
- technical, usage, and device data;
- risk indicators and processor-generated fraud or verification signals.
3. Legal Bases
Where applicable, processing may be based on consent, performance of requested activities, legal obligation, fraud prevention, legitimate interests in secure and transparent website operation, and establishment, exercise, or defense of legal claims.
4. Processors and Service Providers
We may engage carefully selected service providers for hosting, data storage, payment processing, analytics, security, email delivery, compliance support, and technical maintenance. Such providers may act as processors or independent controllers depending on the service and legal context. We seek to ensure that providers are contractually or legally bound to handle data appropriately for the functions they perform.
5. Data Minimization and Purpose Limitation
We aim to limit processing to information that is relevant, proportionate, and reasonably necessary for the applicable purpose. Data collected for one purpose should not be used for materially incompatible purposes unless a new lawful basis applies or the individual provides valid consent where required.
6. Access Controls and Security Measures
Access to personal data is limited to persons or providers who need the information for operational, legal, accounting, fraud, or technical purposes. Security measures may include encrypted transmission, authentication controls, provider-level security standards, role-based access, logging, and incident response procedures appropriate to the nature of the website.
7. Data Retention and Deletion
Personal data is retained for periods appropriate to operational need, security, donor support, recordkeeping, tax and accounting obligations, dispute handling, and legal compliance. When data is no longer reasonably required, it may be deleted, anonymized, aggregated, or archived in accordance with internal controls and legal obligations.
8. Cross-Border Processing
Because service providers and infrastructure may be located in different jurisdictions, personal data may be processed across borders. When required by law, we rely on contractual safeguards or other recognized transfer mechanisms appropriate to the circumstances.
9. Data Subject Requests
Requests concerning access, correction, deletion, restriction, or objection may be sent to urgent@israelassistancefund.com. We may request identity verification and are not obligated to fulfill requests that are manifestly unfounded, excessive, unlawful, or inconsistent with binding retention duties.
10. Incident Handling
If we become aware of a data-security issue that materially affects personal information, we will evaluate the incident, take reasonable remedial action, coordinate with relevant service providers, and provide legally required notifications where applicable.
11. Policy Updates
This Policy may be updated from time to time to reflect changes in law, operations, risk environment, technology stack, or compliance procedures. Updated versions will be posted with a revised effective date.