Privacy Policy

This privacy notice explains how Stichting The Black Sea (“The Black Sea”, “we”, “us” or “our”) processes personal data when you visit theblacksea.eu, subscribe to our newsletter, make a donation or support payment, or contact us.

1. Who is responsible for your data?

The controller responsible for the processing described in this notice is:

Stichting The Black Sea
Papaverweg 34, Unit B100
1032 KJ Amsterdam
The Netherlands

Email: [email protected]

This notice concerns personal data collected through our website, newsletter, support payments and related communications.

It does not describe all processing undertaken solely for journalistic activities, including material held for reporting, research and source protection. Where personal data are processed solely for journalistic purposes, legal exemptions may apply.

2. Personal data we process

Website access, security and technical operation

When you visit our website, we and our technical providers may process:

  • IP address;
  • browser, device and operating-system information;
  • pages and files requested;
  • date, time and technical details of requests;
  • referrer information;
  • security and error logs;
  • information used to detect malicious traffic, fraud, bots or other misuse.

We use this information to operate, secure and improve the website, investigate technical problems, prevent abuse and protect our infrastructure.

Our legal basis is our legitimate interest in operating a secure, reliable and effective website.

Website analytics

We use a self-hosted installation of Matomo to understand how visitors use our website and to improve its structure, content and performance.

Matomo records pseudonymous information about individual visits. This may include:

  • an anonymised IP address;
  • pages visited and the time spent on them;
  • the page that referred you to our site;
  • downloads and outbound-link clicks;
  • browser type, operating system, device type or model, screen resolution and language;
  • approximate location;
  • page-performance information;
  • visit timestamps.

We do not use Matomo to identify visitors by name, recognise them persistently across separate visits, link analytics records to newsletter, supporter, payment or contact records, track people across other websites, target advertising, or make automated decisions about individuals.

Matomo is configured without analytics cookies. We may retain aggregated statistical reports for longer where they no longer identify or relate to an individual visitor.

Our legal basis is our legitimate interest in understanding how the website is used and improving its content and operation.

You may object to this processing at any time by using the Matomo opt-out tool on this page. The opt-out tool may use a cookie or similar storage solely to remember your choice not to be tracked.

Strictly necessary cookies and similar technologies

We may use strictly necessary cookies or similar technologies required for website security, fraud prevention, load balancing, saving privacy choices and the technical operation of the website.

We do not use advertising cookies or sell personal data for advertising, or any other, purposes

Where we introduce non-essential cookies or similar technologies in the future, we will request consent where required by law.

Newsletter

When you subscribe to our newsletter, we process:

  • your email address;
  • your name, where provided;
  • subscription, confirmation and unsubscribe records;
  • email-delivery information;
  • information about whether emails are opened and links clicked, where newsletter analytics are enabled.

We use this information to send the newsletter, understand its performance and maintain our subscriber list.

Our legal basis is your consent. You can withdraw consent at any time by clicking the unsubscribe link in any newsletter or by contacting us at [email protected].

Providing your email address is voluntary, but we cannot send you the newsletter without it.

We retain your subscription information until you unsubscribe or withdraw consent. After that, we may retain a minimal record of your email address and unsubscribe request for as long as necessary to ensure that we do not send you further newsletters.

Support payments and donations

When you make a donation or other support payment, payments are processed by Stripe. We do not receive or store your full payment-card number or security code.

Depending on the payment method and information you provide, we may receive and process:

  • your name and email address;
  • the amount, currency, date and status of your payment;
  • a payment or transaction reference;
  • billing country or other limited information necessary for accounting, fraud prevention or payment administration;
  • information you provide in connection with your donation or support.

We use this information to process and administer your payment, issue receipts or confirmations, respond to payment-related queries, prevent fraud, maintain financial records and comply with accounting, tax and legal obligations.

Stripe processes payment information under its own privacy and data-protection terms. Depending on the activity, Stripe may act as a processor and, for certain payment, compliance, fraud-prevention and regulatory purposes, as an independent controller.

We retain transaction and financial records for the period required by applicable accounting, tax and legal obligations.

3. Service providers and recipients

We use carefully selected service providers that process personal data on our behalf or provide infrastructure essential to our operations. These include:

  • Cloudflare, Inc., which provides website delivery, security, DDoS protection and Cloudflare Tunnel services;
  • privately managed server infrastructure in the European Economic Area, which hosts the website and Matomo analytics installation;
  • Mailchimp, for newsletter subscription management and delivery;
  • Stripe, for processing payments and related services.

We may disclose limited personal data to professional advisers who are subject to duties of confidentiality where necessary for legal, accounting, security or regulatory advice.

We do not sell, rent, or voluntarily disclose personal data to advertisers, data brokers or other third parties.

4. Requests for disclosure

We do not voluntarily provide website analytics, mailing list information, supporter records, or other personal data to law enforcement authorities, regulators, courts, private claimants, or other third parties.

Except where binding law requires otherwise, we will require a written, legally valid and enforceable demand from a competent authority or court before considering any disclosure.

Where disclosure is legally unavoidable, we will disclose only the minimum information required by law.

5. Journalistic material and source protection

The Black Sea is an independent journalism organisation.

Information processed solely for journalistic purposes, including source communications, reporting materials, research, notes, unpublished editorial work and information capable of identifying confidential sources, is subject to additional protections relating to freedom of expression, press freedom and source confidentiality.

We do not disclose journalistic material or information capable of identifying a confidential source. We treat source confidentiality as a core condition of our work.

Nothing in this privacy notice should be interpreted as a waiver of journalistic-source protections or other protections available under applicable law.

Requests concerning personal data processed solely for journalistic purposes will be assessed in light of applicable exemptions and protections for journalism, freedom of expression, and source confidentiality.

6. International transfers

Some service providers, including Cloudflare, Mailchimp and Stripe, may process personal data outside the European Economic Area.

Where this occurs, we rely on an adequacy decision, the European Commission’s Standard Contractual Clauses or another lawful transfer mechanism required by applicable data-protection law.

You may contact us at [email protected] for further information about the safeguards applicable to a particular transfer.

7. How long we keep personal data

We retain personal data only for as long as necessary for the purposes described in this notice.

In particular:

  • technical and security logs are normally retained for no more than 30 days, unless needed longer to investigate security incidents or misuse;
  • raw Matomo analytics data are retained for 365 days;
  • newsletter data are retained until you unsubscribe or withdraw consent, subject to a limited suppression record;
  • financial and payment records are retained for at least seven years where required by Dutch accounting and tax law;
  • correspondence is normally retained for up to two years after the matter is closed.

We may keep information longer where required by law or reasonably necessary for legal claims, financial records, security investigations or regulatory obligations.

8. Your rights

Subject to applicable law, you have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data;
  • request restriction of processing;
  • object to processing based on legitimate interests;
  • withdraw consent at any time, where processing is based on consent;
  • receive data you provided to us in a portable format, where applicable;
  • complain to a data-protection authority.

To exercise your rights, contact us at [email protected]. We may ask for information necessary to verify your identity before responding.

We normally respond within one month.

You may lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens.

9. Automated decision-making

We do not use your personal data to make decisions based solely on automated processing that produce legal or similarly significant effects on you.

10. Third-party websites

Our website may link to external websites or services. Their privacy practices are governed by their own privacy notices. We are not responsible for the privacy practices of third parties.

11. Changes to this notice

We may update this privacy notice when our practices, technology or legal obligations change. The latest version will always be published on this page, with the revision date shown above.

Opt-out