Legal
Privacy Policy
Last updated: 6 June 2026
This policy describes how Biserica Poarta Regelui (the data controller) collects, uses and protects your personal data, in accordance with Regulation (EU) 2016/679 (GDPR).
The data controller is Biserica Poarta Regelui, based in Cluj-Napoca, Romania. You can contact us at [email protected] or at 0752 108 979.
We collect data in two ways:
Through the contact and sign-up forms: your name, email address, phone number (optional) and the message you send us. This data is transmitted to Planning Center (our contact-management processor).
Cloudflare, our hosting and security provider, may process your IP address and HTTP request information (User-Agent, timestamp) for security and reliability purposes. Cloudflare Web Analytics collects aggregated traffic data without using tracking cookies or identifying individual users.
We process your data for the purposes and on the legal bases below (GDPR, Art. 6):
- Responding to enquiries - legal basis: consent [Art. 6(1)(a)] or legitimate interest [(f)].
- Organising the launch team - legal basis: consent [Art. 6(1)(a)].
- Website security (Cloudflare) - legal basis: legitimate interest [Art. 6(1)(f)].
- Aggregate traffic statistics (Cloudflare Web Analytics) - anonymised data; does not constitute personal data.
We use the following authorised third-party processors:
- Cloudflare, Inc. (USA) - hosting, CDN, security and anonymous traffic analytics.
- Planning Center Online, LLC (USA) - managing contact data and sign-up forms.
- WhyDonate B.V. (Netherlands, EU) - online donation processing (card data does not pass through our site; WhyDonate is the controller for donation-payment data).
- Sanity AS (Norway/USA) - content management system (CMS).
Some processors (Cloudflare, Planning Center) process data in the United States of America. These transfers are protected by the Standard Contractual Clauses (SCCs) adopted by the European Commission or by other appropriate mechanisms under the GDPR. WhyDonate B.V. processes donation-payment data within the European Union.
Form data is kept for at most 2 years from collection or until the purpose is fulfilled, after which it is deleted. You can request deletion at any time (see section 7).
Under the GDPR, you have the right to:
- Access - to know what data we hold about you.
- Rectification - correction of inaccurate data.
- Erasure - to ask us to delete your data.
- Portability - to receive your data in a structured format.
- Objection - to object to processing based on legitimate interest.
- Withdrawal of consent - at any time, without affecting the lawfulness of prior processing.
To exercise these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the ANSPDCP (the Romanian National Supervisory Authority for Personal Data Processing): www.dataprotection.ro.
Our site is not intended for children under 16 and we do not knowingly collect data from them without the consent of a parent or legal guardian.
We may update this policy from time to time. The updated version will be published on this page with a new update date. Significant changes will be communicated by email if we hold your address.
For any question about the processing of your data: [email protected] · 0752 108 979.