Privacy Policy

Donor Privacy Notice
We thank you for your intention to donate to the cause of Ahmed Hassan stödgrupp. Before you donate we want to inform you according to Art. 13 General Data Protection Regulation (GDPR) and the applicable data protection rules about how we process your personal data.

Contact Details – Data Controller
Ahmed Hassan stödgrupp is committed to ensuring the privacy and data protection rights of all our donors. You can contact us under the following address:

Ahmed Hassan stödgrupp

Iiris Palvelukeskus( 4.krs),
Marjaniementie 74
00930 Helsinki

Tel. +358 44 327 9652

Personal Data or categories of personal data that we process:

We provide our donor community with a number of options to get involved and support the work of Ahmed Hassan stödgrupp: through online donations, performed through our website or facebook, through a personal relationship between you and us, contacts established on events and other occasions as well as your donations that reach us by bank transfer or bank cheques.

Depending on how you have chosen to communicate with us and to ensure we can provide you with information that is relevant and of interest to you we generally process the following categories of personal data:

Name (first name and family name)
E-mail Address
Job title for employees of institutional donors
data regarding the donation: amount of donation, purpose of donation, date of donation
history of previous donations
history of donor and interests regarding our organization and its purposes
members of your household, if they are giving to our organization or have shown interest in our organization
Language preference
In case we have direct personal contact with you throughout our donor relationship, we might process further data, as it is shared by you or gained from publicly available resources:

phone number
date of birth
job title, profession
place of work
information about the content and channel of communication, date, reason and result of our interactions with you
your personal preferences and areas of interest with regards to our organization and its purposes
TI events that you and your family have attended
general publicly available information
Within our research we also gain publicly available information through various publicly non-intrusive accessible sources and may process personal data in line with the purpose of the source.

Purposes of processing your personal data and lawful bases
Through your gift(s) you have expressed support and interest in our work. Our work would not be possible without the voluntary contributions we receive such as the one you are making. In the following we are providing you with the purposes and lawful bases of our processing activities, which are among others

Our purpose: 
What we do: 
On what lawful basis 
Processing of administrative purposes in relation to the donor relationship
Issuing tax receipts
Processing the donation details (such as name, address, email address)
Contract: Art. 6.1b) GDPR
To fulfill legal and administrative obligations:

producing proof of transactions
fraud prevention and money laundering prevention
to fulfill tax control and reporting obligations
to fulfill instructions of the administration as well as court orders
to judge and monitor risks of money from illegal sources within Transparency International
We process names and bank details of institutional and private donors.
Legal obligations: Art. 6.1 c) GDPR
Transparency on financial sources, adhering to TI-donations policy. Acting in accordance with our purposes.
We publish the names of donors that donated above EUR 1000 in our financial statements
Legitimate Interest: Art. 6.1 f) GDPR
Preventing fraud, money laundering and other criminal activities, preserving the reputation of Transparency International
We process bank details, names

We do a due diligence check on potential donors through publicly available sources
Legitimate interest: Art. 6.1 f) GDPR

Legal obligation: Art. 6.1 c) GDPR, Sec. 261 (5) of the German Criminal Code
Direct marketing: keep the relationship with existing donors alive through communication, inviting their interest and donations for our ongoing and coming activities and projects, understanding our donor’s interests
Consent: Art. 6.1a) GDPR (please see Section 8.)
Emails regarding concrete projects and activities that donor has demonstrated interest in
Invitations to events
Taking notes of personal interactions with donors regarding their interests
Legitimate interest: Art. 6.1 f) GDPR
Thank you note to the donor
Legitimate interest: Art. 6.1.f) GDPR
Direct marketing: engaging with our donors based on their interests and giving capacity, target our communication based on relevance of interest. Increase our connectivity with donors
Forming categories of donors based on their giving levels, geographic interest, topic interest.
Members of staff then decide what marketing measures are appropriate for each segment.
Legitimate interest: Art. 6.1.f) GDPR
Prospecting: Finding new donors or inviting existing donors to increase their engagement
Searching our internal data base based on activity patterns and giving history
Researching and contacting individuals and institutions with an expressed interest in our work
Inviting prospects to events
Communicate with prospects about our work, specific areas that they have demonstrated interest in, share annual publications.
Legitimate interest: Art. 6.1.f) GDPR
Recipients or categories of recipients of your personal data
We do not share your data with any third parties for promotional purposes.

Within Ahmed Hassan stödgrupp access to your personal data is only given to individual members of staff or teams in order to fulfill our legal and contractual obligations as well as for the above-described purposes.

Your personal data may be shared with service providers that we engage as processors If we do so, we will always enter into data processing agreements including all the legal obligations of Art. 28 GDPR. Such processors can be the following (this list is not exhaustive, and we reserve the right to change service providers):

service providers that we use for our collection and processing of data in our database, our communication with you, online or in print
public institutions and authorities regarding our legal reporting obligations (such as tax authorities, federal bank)
service providers whom we use to process your donation, such as Stripe Inc. (510 Townsend Street, San Francisco, CA 94103, USA)
other service providers you may choose for processing your donation, such as:
Facebook Pay: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
service providers we use for the maintenance and support of our IT systems
service providers we use for our internal financial accounting systems, compliance systems, data screening within legal obligations and audits.
Time of storage of your personal data
We delete your personal data when the under Section 3. mentioned purposes have expired and the processing and storage of your personal data is no longer necessary, this is usually the case after we had no giving or no contact from your side for more than 2 years, unless we are bound to extend the storage for the following reasons:

statutory storage duties according to section 147 of the Fiscal Code of Germany or section 257 of the Commercial Code regarding data that is relevant for our financial statements (up to 10 years)
retention of evidence necessary to defend our rights according to statute of limitations e.g. section 195 German Civil Code (general statute of limitation 3 years to the Civil Code)
Your data protection rights
You have the following rights based on the GDPR:

Access Right (Art. 15 GDPR)
You have the right to request access to the personal data that we process about you.

Right to rectification (Art. 16 GDPR)
In case we process inaccurate personal data about you, you have the right to rectification.

Right of erasure, restriction and objection (Art. 17, 18 and 21 GDPR)
If the legal requirements of Art. 17, 18 or 21 GDPR are given, you have the right to erasure of your personal data, the right to restriction of processing and the right to object the processing of your personal data.

Right to data portability (Art. 20 GDPR)
If you have given your consent to the processing of your personal data or we are processing on the basis of a contract and the processing is carried out by automated means, you have the right to transmit those data to another controller.

Right to complain
You have the right to lodge a complaint with the data protection authority Finland (see details below) if you believe that the processing is unlawful or that any of your data protection rights are being violated.

Postadress: PB 800, 00531 Helsingfors

E-post: tietosuoja(at)

Telefonväxel: 029 566 6700

Registratorskontor: 029 566 6768


Your right to withdraw your consent
You have the right to withdraw your consent at any time for the future by email or mail to the addresses, mentioned under Section 1. This withdrawal does not affect the lawfulness of processing of your personal data that has taken place prior to your withdrawal.

Transfer of data in third countries or international organizations
We only transfer personal data in countries outside of the EU and the EEA (European Economic Area), so called “third countries” in the following cases: necessity for the performance of your orders, legal requirement (duty to report to tax authorities), based on your consent or necessity within a processing agreement that we have with a service provider. When using service providers in third countries we apply Standard Contractual Clauses provided by the EU to ensure the European level of data protection.

Obligation to provide personal data when required for a contract
We need certain personal data from you to be able to perform the donor relationship and to fulfill our contractual and statutory legal obligations. Without this personal data we cannot conclude the donor contract with you or cannot continue an existing contractual donor relationship.