1. Data controller
The data controller is Stichting Wadden Wildlife Trust, Helderseweg 188, 1782 GG Den Helder, the Netherlands, registered with the Chamber of Commerce under KvK 41-228-911. The data protection officer can be reached at privacy@teso.best.
2. What personal data we collect
We collect personal data only when you provide it, through one of the following channels:
- Contact form — name, email address, optional organisation, and the contents of your message.
- Donations — name, billing address, email, the amount and frequency of your gift, and the payment-method tokens supplied by our payment processor (we never see your full card details).
- Volunteer registration — name, address, date of birth (to confirm you are 16 or older), telephone, dietary requirements (only for events with shared meals), and emergency contact details.
- Newsletter sign-up — email address and the date you opted in.
3. Legal basis
For donors and volunteers, the legal basis is the contract you enter into with the trust. For contact-form messages and newsletter sign-ups, the legal basis is your explicit consent. For statutory accounting records, the legal basis is our legal obligation under Dutch tax law (article 52 of the Algemene wet inzake rijksbelastingen).
4. How long we keep your data
- Contact form messages: two years after the last exchange, then deleted.
- Donor records: seven years after the last gift, in line with Dutch tax law.
- Volunteer records: five years after the last event you took part in.
- Newsletter subscriptions: until you unsubscribe; thereafter the email address is removed within 30 days.
5. Processors and recipients
We share personal data with the following categories of recipient, only as strictly necessary:
- An EU-based email service provider, under a Data Processing Agreement.
- An EU-based payment processor for handling donor payments.
- Our independent auditors, Mazars Accountants N.V., during the annual financial audit.
- The Dutch Tax Administration (Belastingdienst), where required to evidence ANBI compliance.
We do not sell, rent, or trade personal data, ever. We do not transfer personal data outside the European Economic Area.
6. Your rights under the GDPR
If you are in the EEA, you have the right at any time to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent for any purpose for which consent is the legal basis. You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens (the Dutch supervisory authority) at autoriteitpersoonsgegevens.nl.
To exercise any of these rights, please write to privacy@teso.best. We will respond within one calendar month.
7. Security
Personal data is held on EU-hosted servers, encrypted at rest, and accessible only to staff and trustees who require it for their official duties. Internet traffic to and from this site is encrypted with TLS 1.3. We conduct an annual security review with an external IT consultancy.
8. Children
Our public services are not directed at children under 16. Volunteering for under-18s requires written parental consent and is offered only at supervised events.
9. Changes
If we change this policy, we will publish the new version on this page with a new effective date. Substantive changes will be communicated to active donors and volunteers by email at least 30 days in advance.
10. Contact
Questions about privacy can be sent to privacy@teso.best or by post to the head office address on our contact page.