We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, register for our programs, or communicate with us.
We comply with applicable data protection laws and strive to follow best practices in data privacy. By using our services, you consent to the practices described in this policy.
Data Controller: [Your Organization Name] Location: Cusco, Peru Contact: [your email] Last Updated: January 1, 2025
DATA COLLECTION
Information We Collect
Information You Provide:
Category | Examples |
Identity Data | Full name, date of birth, gender, nationality, passport details |
Contact Data | Email address, phone number, postal address |
Emergency Contact Data | Name, relationship, phone number of emergency contact |
Health Data | Medical conditions, allergies, medications, dietary requirements |
Background Data | Criminal background check results (where required) |
Educational Data | Student status, institution (for student discounts) |
Financial Data | Payment information, billing address |
Program Data | Preferences, dates, accommodation choice, project selection |
Communication Data | Emails, WhatsApp messages, feedback, testimonials |
Information Collected Automatically:
Category | Examples |
Technical Data | IP address, browser type, device information |
Usage Data | Pages visited, time spent, navigation patterns |
Location Data | General geographic location (country/city level) |
Cookie Data | Preferences, session information, tracking data |
Information from Third Parties:
- Payment processors (transaction confirmation)
- Background check services (where applicable)
- Social media platforms (if you connect your accounts)
- Referring organizations or individuals
How We Collect Data
Direct Collection:
- Registration forms (online and paper)
- Email and WhatsApp communications
- Phone conversations
- In-person interactions during your program
- Feedback surveys and evaluations
- Testimonial submissions
Automated Collection:
- Website cookies and tracking technologies
- Email open and click tracking
- Server logs
Third-Party Collection:
- Payment processor notifications
- Background check providers
- Analytics services (Google Analytics)
- Social media platforms
Legal Basis for Processing
We process your data based on:
Legal Basis | When It Applies |
Contract Performance | Processing necessary to deliver your program |
Legitimate Interest | Marketing to past participants, improving services |
Consent | Newsletter subscriptions, photo usage, non-essential cookies |
Legal Obligation | Tax records, safety incident reports, child protection compliance |
HOW WE USE YOUR DATA
Primary Uses
Program Delivery:
- Processing your registration and payment
- Arranging accommodation and project placements
- Communicating program details and updates
- Providing on-site support during your program
- Emergency response and medical care authorization
- Issuing certificates and reference letters
Communication:
- Responding to inquiries and requests
- Sending pre-departure information
- Program reminders and updates
- Post-program follow-up
- Alumni communications
Administration:
- Maintaining accurate records
- Processing payments and refunds
- Managing our database
- Legal and regulatory compliance
- Financial reporting
Secondary Uses
Marketing (With Your Consent):
- Newsletter and promotional emails
- Information about new programs or opportunities
- Partner organization offers
- Alumni events and reunions
Improvement:
- Analyzing program feedback
- Improving our services and website
- Understanding participant demographics
- Developing new programs
Safety and Security:
- Verifying identity and eligibility
- Conducting background checks (where required)
- Preventing fraud
- Protecting our community
Data Sharing
We Share Data With:
Recipient | Purpose | Data Shared |
Host families | Accommodation arrangements | Name, arrival dates, dietary needs, basic preferences |
Volunteer projects | Placement coordination | Name, skills, availability, relevant background |
Payment processors | Transaction processing | Payment details only |
Insurance providers | Emergency claims | As required for claims |
Government authorities | Legal requirements | As required by law |
Emergency services | Medical/safety emergencies | Contact info, medical details |
We Do Not:
- Sell your personal data to third parties
- Share your data for unrelated marketing purposes
- Transfer data outside necessary business operations
- Share more data than necessary for each purpose
DATA PROTECTION
Security Measures
Technical Measures:
- Encryption of sensitive data in transit and at rest
- Secure servers with regular security updates
- Access controls limiting who can view your data
- Regular security assessments
- Secure password policies
Organizational Measures:
- Staff training on data protection
- Limited access on need-to-know basis
- Confidentiality agreements with team members
- Incident response procedures
- Regular policy reviews
Physical Measures:
- Secure storage of paper documents
- Locked offices and filing cabinets
- Controlled access to work areas
- Secure document disposal
Data Retention
Data Type | Retention Period | Reason |
Program records | 7 years | Legal/tax requirements |
Financial records | 10 years | Tax compliance |
Emergency contact info | Duration of program + 1 year | Safety |
Marketing preferences | Until consent withdrawn | Consent-based |
Website analytics | 26 months | Analysis |
Testimonials | Indefinitely (unless removal requested) | Promotional use |
After Retention Period:
- Data is securely deleted or anonymized
- Paper records are shredded
- Electronic records are permanently erased
- Backups are cleared on schedule
Data Breach Response
If a data breach occurs:
- We will assess the breach severity within 24 hours
- We will contain the breach and prevent further exposure
- We will notify affected individuals if there is significant risk
- We will report to relevant authorities as required by law
- We will document the incident and improve safeguards
COOKIE POLICY
What Are Cookies
Cookies are small text files stored on your device when you visit websites. They help websites remember information about your visit and preferences.
Cookies We Use
Cookie Type | Purpose | Examples |
Essential | Required for website function | Session cookies, security tokens |
Functional | Remember your preferences | Language, display settings |
Analytics | Understand how you use our site | Google Analytics, page view tracking |
Marketing | Deliver relevant advertisements | Social media pixels, retargeting |
Specific Cookies
Cookie Name | Provider | Purpose | Duration |
Session ID | Our website | Maintain logged-in state | Session |
Language | Our website | Remember language preference | 1 year |
_ga | Google Analytics | Distinguish users | 2 years |
_gid | Google Analytics | Distinguish users | 24 hours |
fb_pixel | Facebook | Track conversions | 90 days |
Managing Cookies
Your Options:
- Accept all cookies (full website functionality)
- Accept essential cookies only (limited functionality)
- Reject all cookies (some features may not work)
- Manage preferences through your browser settings
Browser Settings:
- Most browsers allow you to control cookies through settings
- You can delete existing cookies at any time
- Blocking all cookies may affect website functionality
- Each browser has different controls (check your browser’s help section)
Opt-Out Links:
THIRD-PARTY SERVICES
Services We Use
Social Media
If You Connect With Us Via Social Media:
- We may receive information you’ve made publicly available
- Your interactions are also governed by that platform’s policies
- We don’t control how social media platforms use your data
- You can disconnect your accounts at any time
External Links
- Our website may contain links to external sites
- We are not responsible for the privacy practices of other sites
- We encourage you to read privacy policies of any site you visit
- Links don’t imply endorsement of external content
USER RIGHTS
Your Rights
Under applicable data protection laws, you have the right to:
Right | Description |
Access | Request a copy of the personal data we hold about you |
Rectification | Request correction of inaccurate or incomplete data |
Erasure | Request deletion of your data (subject to legal retention requirements) |
Restriction | Request we limit how we use your data |
Portability | Receive your data in a structured, machine-readable format |
Objection | Object to processing based on legitimate interest |
Withdraw Consent | Withdraw consent for consent-based processing at any time |
Complain | Lodge a complaint with a supervisory authority |
How to Exercise Your Rights
Contact Us:
What We Need:
- Proof of your identity (to protect your data from unauthorized access)
- Clear description of your request
- Any relevant details to help us locate your data
Response Time:
- We will acknowledge your request within 72 hours
- We will respond substantively within 30 days
- Complex requests may take up to 60 days (we’ll inform you)
- Requests are free unless excessive or repetitive
Limitations
We may not be able to fully comply with requests when:
- Legal obligations require us to retain certain data
- Data is necessary for legal claims or disputes
- Erasure would affect others‘ rights
- Processing is necessary for public interest
- Request is manifestly unfounded or excessive
SPECIAL CATEGORIES
Children’s Data
- Our programs generally require participants to be 18+
- We do not knowingly collect data from children under 16
- Limited data may be collected for 16-17 year old participants with parental consent
- Parents/guardians may request access to their child’s data
Sensitive Data
We may process sensitive personal data including:
- Health information (for safety and accommodation purposes)
- Criminal background check results (for child protection)
- Dietary requirements (which may reveal religious beliefs)
This processing is:
- Based on explicit consent
- Necessary to protect vital interests
- Required for legal obligations (child protection)
INTERNATIONAL TRANSFERS
Data Location
- Your data is primarily stored in Peru
- Some data may be processed in other countries through our service providers
- We ensure appropriate safeguards for any international transfers
Safeguards
For transfers outside Peru, we rely on:
- Standard contractual clauses
- Processor agreements with data protection obligations
- Privacy Shield certification (where applicable)
- Adequacy decisions (where available)
UPDATES TO THIS POLICY
Changes
- We may update this Privacy Policy from time to time
- Material changes will be communicated via email or website notice
- The „Last Updated“ date indicates the most recent revision
- Continued use of our services constitutes acceptance of updates
Notification
For significant changes, we will:
- Post a prominent notice on our website
- Send email notification to registered participants
- Provide opportunity to review changes before they take effect
- Obtain fresh consent where required by law
CONTACT US
Data Protection Inquiries
For any questions about this Privacy Policy or your personal data:
Email: hpx@volunteerinperu.com
Response Commitment:
- We aim to respond to all inquiries within 72 hours
- Complex requests will be acknowledged promptly with timeline
- We take all privacy concerns seriously
AGREEMENT
By using our website or participating in our programs, you acknowledge that:
- You have read and understood this Privacy Policy
- You consent to the collection and use of your data as described
- You understand your rights and how to exercise them
- You accept that this policy may be updated from time to time
Your privacy matters to us. Thank you for trusting us with your information.
