This privacy notice explains how Stichting The Black Sea (“The Black Sea”, “we”, “us” or “our”) processes personal data when you visit theblacksea.eu, subscribe to our newsletter, make a donation or support payment, or contact us.
The controller responsible for the processing described in this notice is:
Stichting The Black Sea
Papaverweg 34, Unit B100
1032 KJ Amsterdam
The Netherlands
Email: [email protected]
This notice concerns personal data collected through our website, newsletter, support payments and related communications.
It does not describe all processing undertaken solely for journalistic activities, including material held for reporting, research and source protection. Where personal data are processed solely for journalistic purposes, legal exemptions may apply.
When you visit our website, we and our technical providers may process:
We use this information to operate, secure and improve the website, investigate technical problems, prevent abuse and protect our infrastructure.
Our legal basis is our legitimate interest in operating a secure, reliable and effective website.
We use a self-hosted installation of Matomo to understand how visitors use our website and to improve its structure, content and performance.
Matomo records pseudonymous information about individual visits. This may include:
We do not use Matomo to identify visitors by name, recognise them persistently across separate visits, link analytics records to newsletter, supporter, payment or contact records, track people across other websites, target advertising, or make automated decisions about individuals.
Matomo is configured without analytics cookies. We may retain aggregated statistical reports for longer where they no longer identify or relate to an individual visitor.
Our legal basis is our legitimate interest in understanding how the website is used and improving its content and operation.
You may object to this processing at any time by using the Matomo opt-out tool on this page. The opt-out tool may use a cookie or similar storage solely to remember your choice not to be tracked.
We may use strictly necessary cookies or similar technologies required for website security, fraud prevention, load balancing, saving privacy choices and the technical operation of the website.
We do not use advertising cookies or sell personal data for advertising, or any other, purposes
Where we introduce non-essential cookies or similar technologies in the future, we will request consent where required by law.
When you subscribe to our newsletter, we process:
We use this information to send the newsletter, understand its performance and maintain our subscriber list.
Our legal basis is your consent. You can withdraw consent at any time by clicking the unsubscribe link in any newsletter or by contacting us at [email protected].
Providing your email address is voluntary, but we cannot send you the newsletter without it.
We retain your subscription information until you unsubscribe or withdraw consent. After that, we may retain a minimal record of your email address and unsubscribe request for as long as necessary to ensure that we do not send you further newsletters.
When you make a donation or other support payment, payments are processed by Stripe. We do not receive or store your full payment-card number or security code.
Depending on the payment method and information you provide, we may receive and process:
We use this information to process and administer your payment, issue receipts or confirmations, respond to payment-related queries, prevent fraud, maintain financial records and comply with accounting, tax and legal obligations.
Stripe processes payment information under its own privacy and data-protection terms. Depending on the activity, Stripe may act as a processor and, for certain payment, compliance, fraud-prevention and regulatory purposes, as an independent controller.
We retain transaction and financial records for the period required by applicable accounting, tax and legal obligations.
We use carefully selected service providers that process personal data on our behalf or provide infrastructure essential to our operations. These include:
We may disclose limited personal data to professional advisers who are subject to duties of confidentiality where necessary for legal, accounting, security or regulatory advice.
We do not sell, rent, or voluntarily disclose personal data to advertisers, data brokers or other third parties.
We do not voluntarily provide website analytics, mailing list information, supporter records, or other personal data to law enforcement authorities, regulators, courts, private claimants, or other third parties.
Except where binding law requires otherwise, we will require a written, legally valid and enforceable demand from a competent authority or court before considering any disclosure.
Where disclosure is legally unavoidable, we will disclose only the minimum information required by law.
The Black Sea is an independent journalism organisation.
Information processed solely for journalistic purposes, including source communications, reporting materials, research, notes, unpublished editorial work and information capable of identifying confidential sources, is subject to additional protections relating to freedom of expression, press freedom and source confidentiality.
We do not disclose journalistic material or information capable of identifying a confidential source. We treat source confidentiality as a core condition of our work.
Nothing in this privacy notice should be interpreted as a waiver of journalistic-source protections or other protections available under applicable law.
Requests concerning personal data processed solely for journalistic purposes will be assessed in light of applicable exemptions and protections for journalism, freedom of expression, and source confidentiality.
Some service providers, including Cloudflare, Mailchimp and Stripe, may process personal data outside the European Economic Area.
Where this occurs, we rely on an adequacy decision, the European Commission’s Standard Contractual Clauses or another lawful transfer mechanism required by applicable data-protection law.
You may contact us at [email protected] for further information about the safeguards applicable to a particular transfer.
We retain personal data only for as long as necessary for the purposes described in this notice.
In particular:
We may keep information longer where required by law or reasonably necessary for legal claims, financial records, security investigations or regulatory obligations.
Subject to applicable law, you have the right to:
To exercise your rights, contact us at [email protected]. We may ask for information necessary to verify your identity before responding.
We normally respond within one month.
You may lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens.
We do not use your personal data to make decisions based solely on automated processing that produce legal or similarly significant effects on you.
Our website may link to external websites or services. Their privacy practices are governed by their own privacy notices. We are not responsible for the privacy practices of third parties.
We may update this privacy notice when our practices, technology or legal obligations change. The latest version will always be published on this page, with the revision date shown above.