Data we collect

DonorLink collects identifying information (name, email, phone, national ID, postal address) and donation records. Identity data is used to link donations to the correct person; financial records are retained for legal compliance.

How long we keep your data

Financial records are retained for the period prescribed by the law of the organisation's jurisdiction. The retention period applies from the end of the financial year containing your last transaction.

Your rights

Under GDPR you have the following rights (subject to legal obligations for financial record retention):

• Right of access (Article 15) — download all data we hold on you.
• Right to rectification (Article 16) — correct inaccurate data.
• Right to erasure (Article 17) — subject to the legal-obligation exception for financial records.
• Right to restriction (Article 18).
• Right to data portability (Article 20) — the export bundle is JSON.
• Right to object (Article 21).

Shadow accounts

An organisation may create a record from an imported donation before you sign up. If you later register with a matching email or phone, the records will be linked after you confirm the match. Unclaimed shadow records are automatically cleaned up after 90 days.

Audit logs

We keep an audit log of significant actions (logins, changes, deletions). Your email address is removed from the log when your account is fully deleted.

Contact

The data controller is the organisation you donated to. DonorLink (Allegro IT ApS, Denmark) is the data processor. The supervisory authority in Denmark is Datatilsynet.

Cookies

DonorLink uses only essential session cookies for authentication. No analytics, no third-party trackers.