Privacy Policy

← Back

Last updated: August 9, 2019

1.- Controller and Description

1.1.- Controller

The data controller of this site is Beyond the Goal Fdn (hereinafter “the Company”), Baba Dogo, Nairobi (Kenya).

Tax ID: N/A

Email: beyondthegoalfdn@gmail.com

1.2.- Description

Acceptance of the privacy policy of the Company (hereinafter, “Privacy Policy”) is a necessary condition for using our website, service for purchasing products and/or services, online store, and social media (hereinafter, the “Service”).

This Privacy Policy governs the collection, processing, and use of your personal and non-personal information as a user of www.beyondthegoalfoundation.org, effective from the date shown at the top.

To process your personal data, the Company complies with applicable local and European legislation, as well as its development regulations.

2.- Information Collected

The Service may be used without providing any data, although to purchase a ticket you will need to provide certain personal information. The personal and non-personal information collected by the Service may vary accordingly.

The information (personal or not) collected by the Service comes through three channels: 1) automatically collected data, 2) voluntarily provided data, and 3) data provided by third parties.

2.1.- Automatically collected data

This information includes:

  • Data collected through cookies or similar mechanisms stored on your device, always with your consent or based on other legal grounds. See our Cookies Policy for more details.
  • The IP address from which the connection is made, type of device and its features, OS version, browser type, language, date, country, time of request, referring URL, exit URL, or mobile network used, among others.
  • Service usage data and possible errors detected during use.

Additionally, the Company uses Google Analytics, an analytics service provided by Google, Inc., headquartered at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. These services use cookies to collect information, including the user’s IP address, which is transmitted to, processed, and stored by Google as set out on www.google.com. This includes possible transmission of such data to third parties for legal reasons or where such third parties process the information on Google’s behalf.

You can disable Google Analytics cookies from [here].

2.2.- Voluntarily provided data

This information includes:

  • Data required by the Company to complete the purchase of a product or service: name, surname, email address, postal address, tax ID, and phone number.
  • All fields are mandatory.
  • If you make a reservation on behalf of someone else through the Service (e.g., as a gift), you guarantee that you have lawfully obtained their personal data before providing it.
  • Any personal or non-personal information contained in messages sent via contact or feedback channels of the Service (e.g., your name, alias, or email).
  • Your photo, name, nickname, or geolocation if you participate in any of our activities on social media.
  • Information required to subscribe to our newsletter, such as your email address.

2.3.- Data provided by third parties

This includes:

  • Information from payment systems or credit card processors, such as time and amount of purchase.
  • Information from delivery services used to ship your order, such as delivery date and location.

3.- Rights and Purposes

Filling in forms is voluntary. However, if you do not fill in the required fields (usually marked with an asterisk), some functions of the Service may not be available or may be limited.

The personal data you provide will be incorporated and processed in the Company’s Record of Processing Activities, in order to address your requests, provide the requested service, and keep you informed about the Company’s activity and services.

You can exercise your rights of access, rectification, erasure, restriction of processing, objection, and data portability at any time by email: beyondthegoalfdn@gmail.com or by postal mail to: Baba Dogo, Nairobi (Kenya)

In both cases, you must identify yourself with your full name and a copy of your ID or national ID card.

If you have given consent for a specific purpose, you may withdraw it at any time without affecting the legality of processing based on prior consent.

If you believe that there is a problem with the way the Company is handling your data, you may file a complaint with the relevant data protection authority. In Spain, this is the Agencia Española de Protección de Datos.

4.- Age

By using the online service, you declare that you are of legal age and have the legal capacity to be bound by this agreement and to use the site in accordance with its terms and conditions, which you fully understand and acknowledge.

You declare that all the information you provide to access the Service, before and during its use, is true, complete, and accurate.

5.- Use of Data

The Company will use the data collected to:

  • Manage, provide, and update the Service (legal basis: contract).
  • Address your requests (legal basis: legitimate interest in responding to user inquiries).
  • Process your payments (legal basis: contract).
  • Share data such as your image on our social media (legal basis: legitimate interest in promoting our products).
  • Send you newsletters and promotional offers via email (legal basis: your consent or our legitimate interest based on previous contractual relationship, as applicable).

You can unsubscribe via the link in the email or by contacting us at beyondthegoalfdn@gmail.com. However, you cannot unsubscribe from messages related to data security or Service terms and conditions.

  • Ensure the security of the Service, investigate unlawful activities, enforce our terms and conditions, and assist law enforcement agencies in their investigations (legal basis: legitimate interest in maintaining the Service’s security).

The Company does not use automated decision-making, although it may create basic user profiles for commercial purposes and personalized offers (legal basis: legitimate interest).

The Company may also use user information in an aggregated and anonymous form for third-party display. It may share statistics and demographic information with third parties regarding Service use. None of this will allow third parties to personally identify you.

5.1.- Emails and contact forms

The Service website uses SSL encryption to securely send your personal data through standard contact forms.

Collected personal data will be subject to automated processing and incorporated into the Company’s corresponding processing records.

In this regard:

  • We will receive your IP address, used to verify the origin of the message to provide appropriate recommendations (e.g., show content in the correct language) and detect irregularities (e.g., attempted cyberattacks), as well as data regarding your ISP.
  • You may also provide your data via phone, email, and other communication channels indicated.

Regarding the payment services:

  • Our payment service providers for transactions are VISA and Mastercard. The Service and its personnel never have access to your banking data (e.g., credit card number) submitted to these third parties.

Some web services (e.g., participating in a contest or promo code giveaway) may have specific terms regarding personal data. You will need to accept them before participating.

5.2.- On social media

The Company has profiles on major social networks and is the data controller regarding data published therein (e.g., photos uploaded by the Company where people’s faces appear).

Processing of such data by the Company will be limited to what corporate profiles are allowed to do within each network. The Company may inform followers of its products or offers, and provide customer service, as permitted by law.

Under no circumstances will the Company extract data from social networks without the user’s express and specific consent.

5.3.- On promotions

If you participate in promotional actions organized exclusively by the Company, the data you provide will be processed solely by us for the indicated purpose and subject to the corresponding legal terms.

6.- Data Retention

Below is the retention period of data processed by the Service:

  • Disaggregated data will be retained with no deletion deadline.
  • Customer data will be retained for the minimum necessary period and may be kept for:
    • 5 years, per Art. 1964 of the Civil Code (personal actions without special term).
    • 6 years, per Art. 30 of the Commercial Code (e.g., accounting records, invoices).
  • Newsletter subscriber data will be retained from the time of subscription until unsubscription.
  • Data uploaded by the Company to its social media will be kept from the time of consent (or based on legitimate interest) until it is withdrawn.

7.- Data Shared with Third Parties

Some third parties manage parts of the Service.

The Company requires them to comply with this Privacy Policy to the extent applicable and to maintain their own privacy policies. However, the Company is not responsible for their compliance.

In certain circumstances, the Company may share or disclose some collected personal information with third parties:

To provide the Service:

  • Service providers performing tasks on our behalf, such as payment processors, web hosting, commercial analytics, customer service, marketing, or merchandise sales platforms. These providers may access the necessary data for their function, but cannot share or use it for other purposes.

To cooperate with authorities:

a) If we believe it is reasonably necessary to comply with any law, legal process, or legitimate interest worldwide. Only strictly required data will be provided.
b) If we believe it is appropriate to enforce the Company’s terms and conditions.
c) If needed to detect or prevent fraud or security issues involving the Company, its providers, or users.

8.- Security Measures

The Company adopts all necessary technical and organizational measures to safeguard the security and integrity of the personal and non-personal information collected, preventing unauthorized access, alteration, accidental loss, or destruction.

However, the Company cannot guarantee absolute security, so you must cooperate and use common sense regarding the information you share.

You understand and acknowledge that, even after deletion, personal and non-personal data may remain visible in caches or if others have copied or stored it.

9.- Changes to the Privacy Policy

We may update this Privacy Policy in the future.

We will notify you of any changes via the email address provided and/or by posting a notice prominently on our website.

10.- Contact

If you have any questions about this Privacy Policy, contact us at:

Email: beyondthegoalfdn@gmail.com

Address: Baba Dogo, Nairobi (Kenya)