Privacy policy

Water Drop Culture Project (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website waterdropcultureproject.com and use our services.

1. Data Controller

Water Drop Culture Project is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us using the details provided in Section 14.

2. What Data We Collect

We may collect and process the following personal data:

2.1 Information You Provide Directly

• Contact Information: Name, email address, and message content when you use our contact form
• Young Curator Applications: Name, age, location, and interests when applying for programs
• Newsletter Subscriptions: Email address if you subscribe to our updates

2.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
• Usage Data: Information about how you use our website, products and services
• Cookies and Tracking Technologies: Data collected through cookies and similar technologies (see Section 8)

3. Legal Basis for Processing

We process your personal data under the following legal bases as defined by GDPR:

• Consent: When you have given explicit consent for specific purposes (e.g., newsletter subscription, cookies)
• Legitimate Interests: To operate and improve our website and services, analyze usage patterns, and protect against fraud
• Legal Obligation: To comply with applicable laws and regulations
• Performance of Contract: To provide services you have requested (e.g., responding to inquiries, program participation)

4. How We Use Your Data

We use your personal data for the following purposes:

• To respond to your inquiries and communicate with you
• To process applications for our Young Curators program and other educational initiatives
• To send newsletters and updates about our projects (with your consent)
• To improve our website functionality and user experience
• To analyze website usage and conduct research on children’s literature and cultural education
• To ensure the security and integrity of our services
• To comply with legal obligations

5. Data Sharing and Recipients

We may share your personal data with the following categories of recipients:

• Service Providers: Third-party companies that provide hosting, email services, analytics, and technical support (processing data on our behalf)
• Partner Organizations: Educational and cultural institutions collaborating on our projects (only when necessary and with appropriate safeguards)
• Legal Authorities: When required by law or to protect our rights

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions confirming the destination country provides adequate protection
• Other legally approved transfer mechanisms

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Contact Form Inquiries: Up to 2 years after last communication
• Newsletter Subscriptions: Until you unsubscribe or request deletion
• Program Participation Records: Up to 3 years after program completion for educational documentation
• Technical and Usage Data: Up to 26 months

After the retention period expires, we will securely delete or anonymize your personal data.

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files placed on your device to collect standard internet log information and visitor behavior information. This information helps us improve your browsing experience.

8.2 Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly (e.g., security, navigation)
• Performance Cookies: Collect anonymous information about how visitors use our website
• Functionality Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand user engagement and improve our content

8.3 Managing Your Cookie Preferences

You can also control cookies through your browser settings. However, disabling certain cookies may affect website functionality.

9. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access: You can request copies of your personal data
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data under certain circumstances
• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Data Portability: You can request transfer of your data to another organization or directly to you
• Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes
• Right to Withdraw Consent: You can withdraw consent at any time where we rely on consent to process your data
• Right to Lodge a Complaint: You can file a complaint with your local data protection authority

To exercise any of these rights, please contact us using the details in Section 14.

10. Children’s Privacy

Our projects involve children and young people. We take special care to protect children’s privacy:

• We require parental or guardian consent for children under 16 years old before collecting their personal data
• We collect only the minimum necessary information for program participation
• We implement appropriate security measures to protect children’s data
• Parents/guardians have the right to review, modify, or delete their child’s personal data at any time

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Secure server infrastructure and encryption
• Regular security assessments and updates
• Limited access to personal data on a need-to-know basis
• Staff training on data protection practices

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

12. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We encourage you to review this Privacy Policy periodically.