We, PublicFund LLC ("PublicFund"), act as the data controller for the personal data processing activities described in this notice. You may contact us regarding data protection matters using the contact information provided above.

Under Article 6 of the GDPR, we process your personal data only when we have a lawful basis for doing so. The specific legal basis depends on the purpose for which we collected and use your personal information.

Consent (Article 6(1)(a))

We process your personal data based on your consent when you have given us clear and unambiguous indication of your agreement to the processing of your personal data for specific purposes. This includes processing for marketing communications, newsletter subscriptions, optional features or services, and certain cookies and tracking technologies. You have the right to withdraw your consent at any time, and such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

Contract Performance (Article 6(1)(b))

We process your personal data when such processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This legal basis applies to processing activities necessary for creating and managing your account, processing transactions and payments, delivering products or services you have requested, and providing customer support.

Legitimate Interests (Article 6(1)(f))

We may process your personal data when such processing is necessary for the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. Our legitimate interests include fraud prevention and security measures, direct marketing to existing customers, website analytics and improvement, and internal business operations. We have conducted balancing tests for our legitimate interest processing activities, and these assessments are available upon request.

Legal Obligation (Article 6(1)(c))

We process your personal data when such processing is necessary for compliance with a legal obligation to which we are subject. This includes processing required for tax and accounting purposes, regulatory compliance, and in connection with legal proceedings or governmental requests.

Right of Access (Article 15)

Under Article 15 of the GDPR, you have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed. Where we do process your personal data, you have the right to access that data and to receive information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom your personal data has been or will be disclosed, the envisaged period for which your personal data will be stored, the existence of your other rights under the GDPR, the source of the data if it was not collected directly from you, and the existence of automated decision-making including profiling.

Right to Rectification (Article 16)

Article 16 of the GDPR provides you with the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement. When we have rectified your personal data, we will communicate the rectification to each recipient to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort.

Right to Erasure (Article 17)

Under Article 17 of the GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay. This right applies when the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, when you withdraw consent on which the processing is based and where there is no other legal ground for the processing, when you object to processing under Article 21 and there are no overriding legitimate grounds for the processing, when your personal data has been unlawfully processed, or when erasure is necessary for compliance with a legal obligation.

Right to Restrict Processing (Article 18)

Article 18 of the GDPR provides you with the right to obtain from us restriction of processing where you contest the accuracy of your personal data during the period enabling us to verify the accuracy, where the processing is unlawful and you oppose the erasure of your personal data and request the restriction of use instead, where we no longer need your personal data for the purposes of processing but you require it for the establishment, exercise, or defense of legal claims, or where you have objected to processing pending the verification of whether our legitimate grounds override your interests.

Right to Data Portability (Article 20)

Under Article 20 of the GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller without hindrance from us. This right applies where the processing is based on consent or contract and the processing is carried out by automated means. Where technically feasible, you have the right to have your personal data transmitted directly from us to another controller.

Right to Object (Article 21)

Article 21 of the GDPR provides you with the right to object, on grounds relating to your particular situation, to processing of your personal data which is based on legitimate interests or the performance of a task carried out in the public interest. We shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

We will respond to requests to exercise your rights under the GDPR without undue delay and in any event within one month of receipt of the request. This period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

Before responding to your request, we may need to verify your identity using reasonable measures appropriate to the circumstances and the risks involved. For certain types of requests or sensitive information, we may require additional verification to protect your privacy and security.

Information will be provided free of charge. However, where requests are manifestly unfounded or excessive, particularly because of their repetitive character, we may either charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested, or refuse to act on the request.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Account data is retained until you request deletion of your account or after 7 years of account inactivity. Transaction data is retained for 7 years to meet accounting and legal requirements. Marketing data is retained until you withdraw consent or after 7 years of inactivity. In some circumstances, we may retain your personal data for longer periods where required by law, such as financial records which are typically retained for six to seven years to meet tax and accounting obligations.

When we transfer your personal data outside the European Economic Area, we ensure that adequate safeguards are in place to protect your personal data in accordance with Chapter V of the GDPR.

We may transfer personal data to countries that have received adequacy decisions from the European Commission, confirming that these countries provide an adequate level of protection for personal data. These countries currently include the United Kingdom, Switzerland, Canada (for commercial organizations), Japan, New Zealand, and other jurisdictions as determined by the European Commission from time to time.

For transfers to countries that have not received adequacy decisions, we implement appropriate safeguards through the use of Standard Contractual Clauses approved by the European Commission. These contractual clauses provide appropriate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals and the exercise of corresponding rights. We supplement these contractual protections with additional technical and organizational measures as necessary to ensure the security of your personal data.

We use cookies and similar tracking technologies on our website and services. Essential cookies that are strictly necessary for the operation of our website do not require your consent. However, for all other cookies, including analytics, marketing, and third-party cookies, we obtain your consent in accordance with the ePrivacy Directive and applicable national implementations.

We provide granular cookie controls that allow you to choose which categories of cookies you wish to accept. Analytics cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. Marketing cookies are used to track visitors across websites to display relevant and engaging advertisements for individual users. Third-party cookies may be set by external services that appear on our pages.