Supported by local organisations in Nepal for over 16 years
josedltc@namasteongnepal.onmicrosoft.com ES EN
Legal information

Privacy policy

Last updated: 18 April 2026

1. Data controller

The controller of the personal data collected through www.namasteong.org is:

  • Name: Namaste ONG Voluntariado en Nepal
  • Spanish tax ID (CIF): G85561835
  • Registered address: Avenida Monasterio de Silos, 80, bloque F, 4-3, 28049 Madrid (Spain)
  • Contact email: josedltc@namasteongnepal.onmicrosoft.com
  • Registration: Spanish National Registry of Associations, Group 1, Section 1, National Number 593389

This policy governs the processing of personal data that the association collects, stores and uses when you interact with our website, fill in any of its forms, request information about volunteering, become a member, make a donation or sponsorship, or contact us by any other means.

2. Data we collect and how we obtain it

We only process the data that you provide to us. Specifically, we may collect:

  • Identification and contact data: full name, email address, phone number, postal address.
  • Interest data: the program you are enquiring about, your motivation, approximate travel dates, previous experience.
  • Financial data (only if you become a member, make a donation or sponsorship): national ID, IBAN, amount, frequency and payment method.
  • Minimum technical data: information that your browser automatically sends when accessing the site (browser type, language, approximate IP address), used exclusively for statistical and security purposes.

We do not collect special categories of data (health, ideology, religion, etc.). If you share any such information in your free-text message, we will only use it as strictly necessary to respond to your enquiry.

3. Purposes and legal basis of processing

We process your data for the following purposes, each supported by a distinct legal basis under Article 6 of Regulation (EU) 2016/679 (GDPR):

  • Responding to your enquiries about volunteering, collaboration or any other matter: legal basis = your consent given when submitting the form (Art. 6.1.a GDPR).
  • Managing your membership, issuing direct debit receipts and tax certificates: legal basis = performance of the membership contract (Art. 6.1.b GDPR) and compliance with accounting and tax obligations (Art. 6.1.c GDPR).
  • Managing one-time donations and sponsorships, issuing donation certificates and complying with related tax obligations: legal basis = performance of the requested service and legal obligation.
  • Sending periodic information about our activities, annual reports, solidarity campaigns or events: legal basis = legitimate interest of the association in keeping supporters, members and donors informed (Art. 6.1.f GDPR), with a right to object at any time.
  • Ensuring the security of the website and preventing fraudulent use of forms: legal basis = legitimate interest.

4. Retention periods

We keep your data for the time strictly necessary to fulfil the purpose for which it was collected and, in any case, for the applicable legal retention periods:

  • General contact enquiries: up to 2 years after the last interaction, unless you request earlier deletion.
  • Member data: during the term of the membership and, after termination, for the statutory tax and accounting retention periods (generally 6 years, Spanish General Tax Law).
  • Donor data: for the minimum period required by tax legislation to support the donation certificates issued (at least 4 years from the relevant tax period).
  • Technical and security logs: up to 12 months.

5. Recipients and data sharing

We do not sell or share your personal data with third parties for commercial purposes. However, to be able to provide our services we rely on technology providers who act as data processors and with whom we have signed the corresponding agreements:

  • Web3Forms — technical processing of contact forms and delivery to our mailbox. Data is transmitted encrypted over HTTPS.
  • Netlify, Inc. — website hosting. Servers may be located outside the European Economic Area; Netlify provides appropriate safeguards for international data transfers (European Commission standard contractual clauses).
  • PayPal (Europe) S.à r.l. et Cie, S.C.A. — processing of donations made via PayPal. PayPal acts as an independent controller with respect to the payment data you provide directly to it.
  • Google Fonts — typography service. When you load our site, your browser requests these fonts directly from Google.
  • Microsoft Ireland Operations Ltd. (Microsoft 365 / Exchange Online) — email provider for the association's domain namasteongnepal.onmicrosoft.com.
  • Banking entities for the management of direct debits from members and receipt of transfers.
  • Spanish Tax Agency and the Associations Protectorate, when required by applicable law.

We do not make automated decisions with legal effects nor do we carry out profiling based on your data.

6. Your rights

As the data subject, you may exercise free of charge the following rights recognised by the GDPR and Spanish Organic Law 3/2018 (LOPDGDD):

  • Access: know what data we hold about you and for what purposes.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion when your data is no longer necessary.
  • Objection: object to certain processing based on our legitimate interest.
  • Restriction: ask us to restrict processing while an issue is being resolved.
  • Portability: receive the data you provided in a structured format.
  • Withdrawal of consent at any time, without affecting the lawfulness of earlier processing.

To exercise these rights, send us a request by email to josedltc@namasteongnepal.onmicrosoft.com or by post to Avenida Monasterio de Silos, 80, bloque F, 4-3, 28049 Madrid (Spain). Indicate the right you wish to exercise and attach a copy of your ID to verify your identity. We will respond within one month.

If you believe that your data is not being processed in accordance with the law, you also have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

7. Security measures

We have adopted the technical and organisational measures reasonably necessary to protect the confidentiality, integrity and availability of your data: HTTPS encryption in transit, mailbox access control, strong passwords and regular review of our providers. Nevertheless, no transmission over the Internet is absolutely secure, so we cannot guarantee absolute security of the data transmitted.

8. Cookies

This site does not use first-party analytics or advertising cookies. The only cookies or local storage that may be generated are those strictly necessary for the browser to display the content correctly and for the operation of external services we embed (PayPal, Google Fonts). You may disable cookies in your browser settings, although this may affect the correct display of the site.

9. Minors

The services on this site are aimed at people over 14 years of age. If you are under that age, please do not send us your data without the consent of your parents or legal guardians. If we detect that we have collected data from a minor without the corresponding consent, we will delete it.

10. Changes to this policy

We may update this privacy policy at any time to reflect changes in legislation, our services or the providers we work with. The date of the latest update will always be shown on this page. We recommend reviewing it periodically.

← Back to home