Privacy Policy
We collect
what we need.
Nothing more.
Transparency is not just a word we use on the Sponsor page. It applies here too. This policy explains, in plain language, exactly what data Artemis collects, why we collect it, what we do with it, and what rights you have over it.
We are a Swiss association. Our data practices comply with the Swiss Federal Act on Data Protection (nLPD, in force since September 2023) and, where applicable, the European General Data Protection Regulation (GDPR).
📄 Last updated: February 2026 · Version 1.0Contents
Artemis Association for Animals is a Swiss non-profit association constituted under Article 60 et seq. of the Swiss Civil Code. We are the data controller for all personal data collected through this website and through our sponsorship, NGO partnership, and professional services operations.
Registered address: Switzerland
Website: www.assoartemis.org
Data protection contact: protocol@assoartemis.org
For any question relating to this privacy policy, to the data we hold about you, or to exercise any of the rights described in Section 07, write to us at protocol@assoartemis.org. Your message will be read personally by one of the two founders. We respond within five business days.
We collect only the data that is strictly necessary to operate our platform and fulfil our commitments to you. We do not build profiles, we do not sell data, and we do not collect data speculatively.
| Data collected | Why we collect it | Source |
|---|---|---|
| Name & email address | To process your sterilization sponsorship, send your certificate, and deliver follow-up documentation (vet photo at 60 days, colony update at 6 months) | You, via the sponsorship payment process |
| Payment data | To process your €49 sponsorship payment. We do not store card numbers — payments are handled entirely by Stripe, our payment processor | You, via Stripe checkout |
| Contact form data (name, email, topic, message) |
To respond to your enquiry. Messages are sent directly to our inbox and not stored in any database beyond our email system | You, via the contact form |
| NGO application data (organisation name, country, contact name, programme description) |
To assess NGO partnership applications and, if approved, to onboard and manage the partnership | You, via the NGO application form |
| Professional enquiry data (name, company, role, email, message) |
To respond to hotel, municipality, and company enquiries and progress professional partnerships | You, via the professional enquiry forms |
| Technical data (IP address, browser type, pages visited, visit duration) |
Website security, spam prevention, and aggregate analytics to understand how our content performs. This data is not linked to any individual identity | Automatically, via WordPress and our hosting provider |
| Cookies | Essential site functionality and, where consent is given, anonymous traffic analytics. See Section 06 for full details | Automatically, via your browser |
We do not collect sensitive personal data (health information, political opinions, religious beliefs, racial or ethnic origin, or biometric data) at any point. We do not collect data from or about children under the age of 16.
Under both the Swiss nLPD and the EU GDPR, we are required to identify a legal basis for each category of data processing. Our processing rests on the following grounds:
| Processing activity | Legal basis |
|---|---|
| Sending your sponsorship certificate and follow-up documentation | Contract performance — necessary to fulfil the sponsorship you purchased |
| Processing your payment via Stripe | Contract performance — necessary to complete your transaction |
| Responding to contact and enquiry forms | Legitimate interest — you initiated the contact; we have a legitimate interest in responding |
| Managing NGO and professional partnerships | Contract performance — necessary to operate the partnership agreement |
| Essential website cookies | Legitimate interest — necessary for the basic functioning of the site |
| Analytics cookies (where used) | Consent — only placed after you accept via our cookie consent tool |
We do not rely on consent as a legal basis for processing that is necessary to deliver a service you have purchased. We will never make a service conditional on consent to optional data processing.
We keep your data for as long as is necessary to fulfil the purpose for which it was collected, and no longer. Where Swiss or applicable EU law imposes minimum retention periods, we comply with those obligations.
| Data type | Retention period | Reason |
|---|---|---|
| Sponsorship records (name, email, payment reference, documentation sent) | 10 years from the date of sponsorship | Swiss accounting and legal obligations for financial records |
| Contact form messages | 2 years from the date of contact, unless an ongoing relationship develops | Sufficient to resolve any follow-up questions; deleted thereafter |
| NGO application data (approved partners) | Duration of the partnership + 3 years after termination | Contractual and operational necessity |
| NGO application data (declined applications) | 6 months from our decision | Sufficient to respond to any query about the decision; deleted thereafter |
| Professional enquiry data (active partnerships) | Duration of the partnership + 3 years after termination | Contractual and legal necessity |
| Professional enquiry data (no partnership concluded) | 1 year from the last contact | Deleted once no longer relevant |
| Technical / server log data | 90 days | Security monitoring; automatically deleted |
| Analytics data (anonymised) | 26 months (standard analytics cycle) | Anonymised data cannot identify you; retained for traffic analysis |
When data reaches the end of its retention period, it is deleted from our email systems and any associated records. We do not archive data “just in case.”
We do not sell your data. We do not share your personal data with advertisers, marketing platforms, or data brokers. We share data only with the third-party service providers who help us operate the platform, and only to the extent necessary for that purpose.
| Third party | Purpose | Data shared | Location |
|---|---|---|---|
| Stripe | Payment processing for sponsorships | Name, email, billing information. Stripe does not share payment card data with us | USA / EU (Stripe is GDPR-compliant and nLPD-adequate) |
| Web3Forms (if used) | Contact form routing to our inbox | Name, email, message content — forwarded to our email and not stored beyond transit | EU-region servers |
| WordPress / hosting provider | Website hosting and CMS | Technical data (IP, browser) processed in server logs | Dependent on hosting provider — see your hosting provider’s privacy policy |
| Analytics provider (if activated) | Anonymous website traffic analysis | Anonymised, aggregated browsing data. No personal identifiers shared | EU-region servers where possible |
We do not share your personal data with our NGO partners or professional partners unless you have specifically authorised us to do so (for example, if you contact an NGO directly through our platform). Sponsorship documentation sent to you is produced and sent by Artemis, not by the NGO directly.
Cookies are small text files placed on your device by your browser. We use them sparingly and only for the purposes described below.
| Cookie type | Purpose | Consent required | Duration |
|---|---|---|---|
| Essential / functional | WordPress site functionality — session management, security tokens, consent preference memory | No — strictly necessary | Session or up to 1 year |
| Payment (Stripe) | Stripe sets cookies during the payment process to prevent fraud and ensure transaction integrity | No — necessary for the service you requested | Session |
| Analytics | Anonymous traffic analysis — which pages are visited, how long, which links are clicked. No personal identification | Yes — only placed after consent via the cookie banner | Up to 26 months |
| Marketing / tracking | We do not use marketing or advertising cookies. We do not run ad campaigns or retargeting. | N/A — not used | N/A |
You can manage or withdraw your cookie consent at any time via the consent tool that appears at the bottom of the page. You can also configure your browser to refuse all cookies or to alert you when cookies are being placed — though doing so may affect some site functionality.
Under the Swiss nLPD and — where it applies to you — the EU GDPR, you have the following rights in relation to your personal data. We take these rights seriously and respond to all valid requests within 30 days.
Right of access
You can ask us what personal data we hold about you, how we use it, and with whom we share it. We will provide a copy free of charge.
Right to rectification
If the data we hold about you is inaccurate or incomplete, you can ask us to correct it. We will do so promptly.
Right to erasure
You can ask us to delete your personal data. We will comply unless we are required to retain it for legal or contractual reasons (for example, financial records required by Swiss accounting law).
Right to restriction of processing
You can ask us to limit how we process your data — for example, while a dispute about its accuracy is being resolved.
Right to data portability
Where processing is based on consent or contract and carried out automatically, you can ask us to provide your data in a structured, machine-readable format.
Right to object
Where we process your data on the basis of legitimate interest, you can object. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to withdraw consent
Where processing is based on your consent (such as analytics cookies), you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Right to lodge a complaint
If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch, or with the supervisory authority in your country of residence if you are based in the EU.
To exercise any of these rights, write to us at protocol@assoartemis.org. We may ask you to verify your identity before processing a request — to protect your data from unauthorised requests. We will never charge a fee for standard requests.
✉️ Exercise a right — protocol@assoartemis.orgWe take reasonable and appropriate technical and organisational measures to protect your personal data against accidental loss, destruction, alteration, unauthorised disclosure, or access.
Specifically: our website uses HTTPS encryption for all data in transit. Payment data is handled entirely by Stripe, who operate under PCI DSS Level 1 compliance — the highest level of payment security certification. We do not store payment card numbers. Access to our internal systems is restricted to the two founders and protected by strong authentication.
We are a small organisation. We do not operate data centres, maintain large databases, or process data at scale. The simplicity of our operations is itself a form of data minimisation — fewer systems means a smaller attack surface and fewer places where data can be lost or misused.
We may update this privacy policy from time to time — to reflect changes in our operations, changes in the law, or feedback from users. When we do, we will update the version number and the “last updated” date at the top of the page.
If the changes are material — meaning they significantly affect your rights or how we process your data — we will notify active sponsors and partners directly by email before the changes take effect, giving you the opportunity to review them and, if necessary, to exercise your rights.
We will not retroactively apply a new policy to data that was collected under a previous version without your explicit consent. The version of this policy in effect at the time your data was collected is the one that governs how we use it.
The current version of this policy is Version 1.0, published in February 2026. All previous versions are available on request by writing to protocol@assoartemis.org.
Questions?
Two people. One inbox.
This policy was written by us, for you — not by a legal team for a regulator. If something is unclear, if you want to exercise a right, or if you simply want to know what we hold about you, write to us. We read everything and we answer everything.