WePlanet is committed to safeguarding the privacy of all individuals who interact with our organisation. This policy explains how we collect, use, and protect your personal data—and your rights in relation to this information.

​

Last updated: 29 September 2025

This Privacy Policy describes our policies and procedures on the collection, use and disclosure of your Personal Data when you use our website (www.weplanet.org) or otherwise engage with us. It also tells you about your privacy rights and how the law protects you. We are WePlanet International vzw, a non-profit association registered in Belgium, with address WePlanet, Square De Meeûs 35, BE 1000 Brussels

​

Scope of this Privacy Policy

​

This Privacy Policy applies to all activities undertaken by WePlanet, including:

• our website (www.weplanet.org),

• petitions and campaigns,

• donation processing,

• social media channels and advertising, and

• recruitment activities.

ata, or sexual orientation). This will only occur where:

1. you have explicitly provided such information (for example, in a job application or petition comment), or

2. processing is necessary for reasons of substantial public interest or as otherwise permitted by law.

Where we process special category data, we apply additional safeguards, including limiting access, encrypting records, and ensuring explicit consent where required.

 

 

Categories of Personal Information Collected (US & California Residents)

In the last twelve (12) months, WePlanet has collected the following categories of personal information as defined by the California Consumer Privacy Act (CCPA/CPRA):

CCPA Category

Examples

Collected?

Purpose of Use

Disclosed to

Identifiers

Name, email address, postal address, phone number, IP address

Yes

To provide services, manage donations, contact you, send updates

Service providers (IT, email, donation processors)

Customer Records Information

Donation history, billing address, payment details (processed securely by third-party providers)

Yes

To process donations, issue receipts, comply with finance/tax law

Payment processors, accounting providers

Protected Classification Characteristics

Special category data (e.g. health, political views) if voluntarily provided (e.g. in job applications)

Yes (limited)

Recruitment, diversity monitoring (where lawful)

HR service providers

Commercial Information

Donation amounts, merchandise purchases (if applicable)

Yes

To manage supporter relationships and accounts

Service providers

Internet or Network Activity

Browsing history, pages visited, device/browser data

Yes

To analyse website use, improve services, run remarketing

Analytics providers, advertising platforms

Geolocation Data

Approximate location from IP address

Yes

To understand geographic distribution of supporters

Analytics providers

Employment-Related Information

CVs, cover letters, professional history (job applicants only)

Yes

Recruitment and hiring

HR service providers

Education Information

Information in CVs (if supplied)

Yes

Recruitment and hiring

HR service providers

Inferences

Segments/profiles created from supporter interactions (e.g. campaign interest, donation likelihood)

Yes

To tailor communications and fundraising

Not sold; used internally and by contracted service providers

We do not sell personal information for money. Some of our advertising and analytics activities may constitute “sharing” under California law. You may opt out at any time using the “Do Not Sell or Share My Personal Information” link on our website.

 

 

 

Legal Basis for Processing (GDPR)

We process Personal Data under the following legal bases:

• Consent (Art. 6(1)(a) GDPR): for newsletters, campaign updates, petitions, and cookies/analytics.

• Contract (Art. 6(1)(b) GDPR): for processing donations, managing memberships, responding to job applications.

• Legal obligation (Art. 6(1)(c) GDPR): for retention of donation and tax records.

• Legitimate interests (Art. 6(1)(f) GDPR): for safeguarding our IT systems, preventing fraud, or promoting our mission where consent is not legally required.

 

 

Retention of Your Personal Data

WePlanet retains Personal Data in accordance with our records retention policy and applicable law. Unless a longer period is required by law, we retain Personal Data for ten (10) years from the last contact with you. This includes donation and financial records retained to comply with commercial and tax obligations.

There may be circumstances where we need to retain your Personal Data for longer, for example to:

• Comply with legal obligations,

• Resolve disputes, or

• Enforce our agreements and policies.

Usage Data is generally retained for shorter periods, unless it is required for security, functionality, or compliance with legal obligations.

 

 

Transfer of Your Personal Data

Your Personal Data may be processed in countries outside your country of residence, including outside the European Economic Area (EEA) and the United Kingdom.

Where we use service providers based in the United States or other countries (for example, Google, Meta/Facebook, email platforms, analytics, and other US-based tools), your Personal Data may be transferred to and processed in those countries.

When such transfers occur, we implement appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs) and, where necessary, supplementary technical and organisational measures. Copies of these safeguards can be requested by contacting us.

Please note that when data is transferred outside the EEA/UK, local laws may not offer the same level of protection. By using our services, you acknowledge that such transfers may be necessary for the provision of our services.

 

 

Disclosure of Your Personal Data

Business Transactions
If WePlanet is involved in a merger, acquisition or sale of assets, your Personal Data may be transferred. We will provide notice before any such transfer becomes subject to a different Privacy Policy.

Law enforcement
We may be required to disclose your Personal Data if required by law or in response to valid requests by public authorities (e.g. courts, regulators, government agencies).

Other legal requirements
We may disclose Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation;

• Protect and defend the rights or property of WePlanet;

• Prevent or investigate possible wrongdoing in connection with our services;

• Protect the personal safety of our users or the public;

• Protect against legal liability.

 

 

Detailed Information on Processing

Service Providers
WePlanet uses third-party Service Providers (Processors) who have access to Personal Data only to perform tasks on our behalf. They are contractually obliged not to disclose or use data for other purposes.

 

 

Processors & Service Providers (Article 28 GDPR)

Overview

We use third-party processors under Article 28 GDPR based on our written instructions, confidentiality, and DPAs. Some platforms (especially social networks) act as independent controllers or joint controllers for specific features; this is noted below.

International transfers use EU-U.S. Data Privacy Framework (DPF) where available and/or Standard Contractual Clauses (SCCs) with supplementary measures.
 

Who we share data with and why

We use a few trusted services to run our campaigns, process donations, and send updates. Here’s what each does and what data they see:

• Movement (our campaigning platform)

  • Helps us run petitions, manage supporter lists, send emails, and process donations.

  • Handles things like your name, email, petition signatures, and donation details.

  • Some data may be stored in the US, but with legal safeguards.
     

• Stripe (payments)

  • Processes card donations securely and helps prevent fraud.

  • Handles your name, email, billing info, and transaction details.

  • Uses servers worldwide (including the US).
     

• PayPal (payments)

  • Lets you donate using your PayPal account.

  • Handles your PayPal ID and payment details.

  • Operates worldwide (including the US).
     

• Email service (via Movement)

  • Sends bulk supporter emails, tracks deliverability, and manages unsubscribes.

  • Handles your email, name, and engagement (like opens and clicks).
     

• Google Analytics

  • Shows us how people use our website so we can improve it.

  • Collects things like device info and general browsing behaviour (IP addresses are shortened).
     

• Meta (Facebook/Instagram)

  • Provides page statistics and helps us show ads.

  • Collects things like cookies and device data for aggregated insights.
     

• LinkedIn

  • Provides page statistics and helps us run ads.

  • Collects similar cookie/device data for aggregated insights.
     

• X (Twitter)

  • Lets us run ads and measure their impact.

  • Collects cookie/device data.

Analytics

We may use third-party analytics services to monitor and analyse use of our website.

Google Analytics
WePlanet uses Google Analytics to track and report website traffic. Google may use collected data to contextualise and personalise advertising within its own network.

• You can opt out of Google Analytics by installing the opt-out browser add-on: https://tools.google.com/dlpage/gaoptout

• For more information on Google’s practices: https://policies.google.com/privacy

 

 

Email Marketing

We may use your Personal Data to contact you with newsletters, updates, and information relevant to our campaigns and activities. Where required by law, we obtain your consent before sending such communications. You may unsubscribe at any time by using the link in our emails or contacting us.

We use reputable email service providers to manage and send communications on our behalf.

 

 

Behavioural Remarketing

WePlanet uses remarketing services to advertise on third-party websites after you have visited our website. Cookies and similar technologies are used to inform, optimise, and serve ads based on your past visits.

Google Ads (AdWords)
You can opt out of Google Ads personalisation via: http://www.google.com/settings/ads

Meta (Facebook/Instagram)
You can learn about interest-based advertising on Facebook and manage preferences here: https://www.facebook.com/help/164968693837950

Other Providers
We may also use other advertising platforms. For users in the EU/EEA, such cookies will only be set with your explicit consent through our Consent Management Platform.

 

 

WePlanet Facebook Page

Joint Controllers for the WePlanet Facebook Page

WePlanet operates an official Facebook Page: https://www.facebook.com/weplanetinternational/. 

When you visit our Page, certain Personal Data is processed by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta”), and by WePlanet.

For this processing, WePlanet and Meta are joint controllers within the meaning of Art. 26 GDPR. Meta provides the Page Insights service and primarily determines how the data is processed. You can view the Page Insights Controller Addendum here:
https://www.facebook.com/legal/terms/page_controller_addendum.

Meta’s privacy policy explains how it processes Personal Data:
https://www.facebook.com/policy.php.

You can also contact Meta directly:
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Dublin 2, Ireland

 

 

Facebook Insights

When you visit our Facebook Page, Meta sets cookies on your device that enable the Page Insights function. These cookies store information about your usage and remain active for up to two years unless deleted earlier.

WePlanet only receives anonymous, aggregated statistics about visitors to our Page (e.g. number of likes, page views, demographics). We cannot identify individual visitors from these statistics.

 

 

Legal Basis

The processing of your Personal Data when visiting our Facebook Page is based on our legitimate interests (Art. 6(1)(f) GDPR) in public communication, raising awareness, and improving our information offering.

 

 

 

 

Your Rights

As joint controllers, WePlanet and Meta have agreed that Meta is primarily responsible for providing information about the processing of Page Insights data and for enabling you to exercise your rights under GDPR. Nevertheless, you may also contact us directly and we will forward your request to Meta where necessary.

 

 

Your Rights under GDPR (UK and EU)

WePlanet undertakes to respect the confidentiality of your Personal Data and to guarantee that you can exercise your rights.

If you are located within the European Union or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access (Art. 15 GDPR): You may request confirmation as to whether we process your Personal Data and, where this is the case, access to that data and related information.

• Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate or incomplete Personal Data we hold about you.

• Right to erasure (Art. 17 GDPR, “right to be forgotten”): You may request the deletion of your Personal Data where there is no legal ground for its continued processing.

• Right to restriction of processing (Art. 18 GDPR): You may request that we restrict the processing of your Personal Data in certain circumstances.

• Right to object (Art. 21 GDPR): You may object at any time to processing based on our legitimate interests. If you object to processing for direct marketing purposes, we will stop such processing immediately.

• Right to data portability (Art. 20 GDPR): You may request to receive your Personal Data in a structured, commonly used and machine-readable format and to transmit that data to another controller, where processing is based on consent or contract and carried out by automated means.

• Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

 

 

Exercising Your Rights

To exercise these rights, you can contact our Data Protection Officer (see “Contact Us”). Please note that we may ask you to verify your identity before responding. We will handle your request without undue delay and within the statutory time limits (generally one month).

 

 

Right to Lodge a Complaint

You also have the right to lodge a complaint with a supervisory authority in the EU or UK, in particular in the country of your habitual residence, your workplace, or the place of the alleged infringement.

 

 

Links to Other Websites

Our website may contain links to other websites not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We recommend that you review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites.

 

 

Children’s Privacy

1. Our services are not directed to children under the age of 16.

2. We do not knowingly collect Personal Data from anyone under this age.

3. We do not knowingly collect Personal Data from children under the age of 13 in line with US COPPA requirements.

4. If you are under 13, please do not provide any information through our website or services.

5. If we become aware that we have inadvertently collected Personal Data from a child under 16 (or under 13 in the United States) without appropriate consent, we will delete it as soon as possible.

6. Parents or legal guardians who believe that their child has provided Personal Data to WePlanet without consent may contact us (see “Contact Us” below) to request deletion.

 

 

Security of Your Personal Data

WePlanet implements appropriate technical and organisational measures to protect Personal Data against unauthorised access, accidental loss, destruction or alteration. These measures include, but are not limited to:

• Encrypted transmission of data (SSL/TLS)

• Access controls and authentication procedures

• Regular security monitoring and audits of our systems

• Contractual obligations with our service providers to apply adequate safeguards

 

However:

1. No method of transmission over the internet or method of electronic storage is completely secure.

2. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

 

 

Automated Decision-Making and Profiling

WePlanet uses automated processing in certain contexts, including:

• Segmentation of supporters to determine which campaigns, petitions, or fundraising messages you are most likely to be interested in.

• Targeting in online advertising (e.g. using lookalike audiences or interest-based groups).

These activities are based on our legitimate interests (Art. 6(1)(f) GDPR) in promoting our mission effectively. They do not produce legal effects or similarly significant impacts for you. You have the right to object to such processing at any time by contacting us (see “Contact Us”).

 

 

Additional Information for US & California Residents (CCPA/CPRA)

If you are in the United States, WePlanet adheres to the California Consumer Privacy Act (as amended by the CPRA) grants you specific rights:

• Right to Know the categories and specific pieces of personal information we collect, use, disclose, or “sell/share”.

• Right to Delete personal information we have collected about you, subject to legal exceptions.

• Right to Correct inaccurate personal information.

• Right to Opt Out of Sale/Sharing of your personal information. Some of our remarketing/advertising activities may constitute “sharing” under California law. You can exercise this right using the “Do Not Sell or Share My Personal Information” link on our website.

• Right to Limit Use of Sensitive Personal Information where applicable.

• Right to Non-Discrimination for exercising any of these rights.

We provide at least two methods for submitting requests:

• By email: info@weplanet.org 

• Through our online request form (link provided on our website).

We will verify your identity before responding to a request.
 

 

 

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, WePlanet will:

1. Notify the competent supervisory authority without undue delay, and where feasible within 72 hours of becoming aware of the breach, as required by GDPR.

2. Inform affected individuals without undue delay, unless an exemption applies (e.g. where technical measures such as encryption make the data unintelligible).

 

 

Contact Us

EU law specifies we have a named person in the EU to act as a point of contact for data protection issues. If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact our EU data protection officer.

Martin Caldwell
Wilhelmstraße 123
10963 Berlin, Germany
martin.caldwell@weplanet.org
+49 (0) 17684843493

In certain cases, issues relating to GDPR compliance or broader data protection matters may be escalated to the WePlanet International Board for oversight.

​