Privacy Policy

Last updated: May 20, 2026

Sirina’s Kids (“Sirina’s Kids,” “we,” “us,” or “our”) is committed to protecting the privacy and personal data of every donor, volunteer, partner, and visitor who interacts with our mission. This Privacy Policy explains what information we collect, how we use it, the legal grounds on which we process it, and the rights you have over it.

This Policy is written to comply with the European Union General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the United Kingdom GDPR, the Beninese Personal Data Protection Act (loi n° 2017-20 of 20 April 2018), and applicable United States federal and Tennessee state privacy laws.

1. Who we are

Sirina’s Kids is a charitable nonprofit organization headquartered at 2502 Mount Moriah, Suite H231, Memphis, TN 38115, United States, with field operations in Cotonou, Bénin. For the purposes of the GDPR, Sirina’s Kids is the data controller of the personal data described in this Policy.

You can reach us at any time at contact@sirinaskids.org for any question related to this Policy or your personal data.

2. Information we collect

We collect personal data only when you choose to interact with us. The categories below describe the data we collect and the situation in which we collect it.

2.1 When you make a donation

  • Identity data: first name, last name, salutation (optional).
  • Contact data: email address, billing address, country, phone number (optional).
  • Payment data: card number, expiration date, security code, billing details. Payment information is collected and processed directly by our payment processors (Stripe, PayPal, and FedaPay). We never see, store, or transmit your full card details on our own servers.
  • Donation history: amount, date, frequency (one-time or recurring), campaign, and any message you choose to attach.
  • Communication preferences: whether you opt in to receive newsletters or campaign updates.

2.2 When you submit our contact form

  • Name, email address, subject, and the content of your message.
  • Any additional information you choose to include.

2.3 When you subscribe to our newsletter

  • Your email address.
  • The date and source of your subscription, and a record of your consent.

2.4 Automatically collected information

When you visit our website, we automatically collect a limited amount of technical information through strictly necessary cookies and server logs:

  • IP address, browser type and version, operating system.
  • Pages visited, time spent, navigation paths, referring URL.
  • Device identifiers and screen resolution.

We do not currently deploy third-party analytics or advertising trackers on our site. If we introduce them in the future, we will update this Policy and request your consent where required.

3. Legal bases for processing (GDPR Article 6)

We never process your personal data without a valid legal basis. The basis depends on the activity:

  • Performance of a contract (Art. 6(1)(b)): when we process your donation, issue a receipt, or follow up on a transaction.
  • Compliance with a legal obligation (Art. 6(1)(c)): when we retain donation records to meet our accounting, tax, and reporting obligations.
  • Consent (Art. 6(1)(a)): when you opt in to our newsletter or share additional optional information.
  • Legitimate interests (Art. 6(1)(f)): when we keep our site secure, prevent fraud, conduct aggregated and anonymized usage analysis, and update existing donors on similar campaigns. You can object at any time.

4. How we use your information

  • Process your donation and deliver a receipt or acknowledgment.
  • Respond to your messages, requests, or applications.
  • Send newsletters, campaign updates, and impact reports when you have consented.
  • Comply with our accounting, tax, and reporting obligations in the United States and abroad.
  • Detect and prevent fraud, abuse, or security incidents.
  • Improve our website, content, and donor experience based on aggregated, anonymized data.

We never sell your personal data. We never share it with third parties for advertising or marketing purposes unrelated to our mission.

5. Sharing of personal data

We share personal data only with a limited number of trusted recipients, and only as necessary:

  • Payment processors: Stripe, Inc. (United States), PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg), and FedaPay (Bénin) process donations on our behalf. Each is independently responsible for the security of the payment data it handles. Their privacy policies are available on their respective websites.
  • Email delivery provider: we use a transactional email provider to deliver donation receipts and newsletters. The provider acts as a data processor bound by a Data Processing Agreement.
  • Web hosting and infrastructure: our website is hosted by a third-party hosting provider that processes data on our behalf under contractual confidentiality and security obligations.
  • Auditors, accountants, and legal advisors: bound by professional confidentiality.
  • Authorities: where required by law, court order, or to protect our rights and the safety of others.

6. International data transfers

Because we operate in the United States and Bénin and use service providers located in different jurisdictions, your personal data may be transferred outside your country of residence, including to countries that may not provide the same level of data protection as your own.

When we transfer personal data outside the European Economic Area or the United Kingdom, we rely on:

  • The European Commission’s Standard Contractual Clauses (SCCs); or
  • Adequacy decisions, where applicable; or
  • Your explicit consent, where appropriate.

You can request a copy of the safeguards we apply by contacting us at contact@sirinaskids.org.

7. Data retention

  • Donation records: retained for the duration required by tax and accounting law (typically seven (7) years in the United States; ten (10) years in Bénin and the European Union).
  • Newsletter subscriptions: retained until you unsubscribe, plus a short archival period for evidence of consent.
  • Contact form submissions: retained for up to three (3) years after the last interaction, unless a longer period is justified.
  • Technical / server logs: retained for up to fourteen (14) months in identifiable form, then anonymized or deleted.

8. Your rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Right of access: obtain a copy of the personal data we hold about you.
  • Right to rectification: have inaccurate or incomplete data corrected.
  • Right to erasure (“right to be forgotten”): ask us to delete your data, subject to our legal retention duties.
  • Right to restriction: ask us to limit the processing of your data in certain circumstances.
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format.
  • Right to object: object to processing based on our legitimate interests, including direct marketing.
  • Right to withdraw consent: at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint: with the data protection authority of your country of residence (see Section 13).

To exercise any of these rights, please email contact@sirinaskids.org. We respond within thirty (30) days, except in complex cases where we may extend the deadline once, with notice.

9. Cookies and tracking technologies

Cookies are small text files stored on your device when you browse our website. We currently use only the following categories:

  • Strictly necessary cookies: required for the site to function (session, language preference, security, donation flow). They do not require your consent.
  • Functional cookies: remember your language and cookie banner choice.

You can withdraw or change your cookie preferences at any time through your browser settings.

10. Children’s privacy

Although our mission supports children, our website is intended for an adult audience (donors, volunteers, partners). We do not knowingly collect personal data from children under the age of sixteen (16) without verified parental consent. If you believe a child has provided us with personal data, please contact us so we can take prompt action.

Information about the children we serve in our programs is processed under separate, strict protocols and is never published on this website without the consent of a parent or legal guardian.

11. Security

We apply reasonable technical and organizational measures to protect your personal data, including:

  • HTTPS encryption for all traffic to and from our site.
  • Restricted access to personal data on a need-to-know basis, with role-based authentication.
  • Use of PCI-DSS compliant payment processors so that card data never reaches our servers.
  • Regular backups, logging, and security updates.

No security measure is perfect. If we ever become aware of a personal data breach likely to result in a risk to your rights, we will notify the competent supervisory authority and, where required, the affected individuals without undue delay.

12. Changes to this Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, our services, or the law. The “Last updated” date at the top of this page indicates when the most recent revision took effect. Material changes will be communicated by email to subscribers or by a prominent notice on the site.

13. How to contact us & right to lodge a complaint

For any question, request, or complaint regarding this Privacy Policy or our processing of your personal data, please contact us:

  • Email: contact@sirinaskids.org
  • Postal mail (United States): Sirina’s Kids, 2502 Mount Moriah, Suite H231, Memphis, TN 38115, USA
  • Field operations (Bénin): Cotonou, Bénin

If you believe your data protection rights have been violated, you may also lodge a complaint with the data protection authority of your country of residence — for example, the CNIL in France (cnil.fr), the APDP in Bénin, or another national supervisory authority in the EEA / United Kingdom.