top of page

Privacy Policy

PRIVACY POLICY & DATA PROTECTION – BIBLOOM.ORG

Last Updated: July 25. 2025
Version: 1.0
Application: Global Compliance (GDPR, LGPD, CCPA, Swiss FADP)

1. DATA CONTROLLER

The Association BIBLOOM.org, headquartered at Rue Centrale 3, 1564 Belmont-Broye, Canton of Fribourg, Switzerland (CHE-215.912.218), is the data controller for personal data collected through all digital platforms and operations worldwide.

2. GLOBAL LEGAL COMPLIANCE

This policy is designed to comply with:

  • European Union: General Data Protection Regulation (GDPR)

  • Brazil: Lei Geral de Proteção de Dados (LGPD)

  • United States: California Consumer Privacy Act (CCPA)

  • Switzerland: Federal Act on Data Protection (FADP)

  • International: Privacy principles across Americas, Europe, and Latin America

3. LEGAL BASIS AND PURPOSES

PurposeLegal BasisData Involved

Provision of free religious contentContract executionCountry, language, preferences

Donation processingContract execution + legal obligationRegistration data, financial information

Newsletter and communicationsExplicit consentEmail, name, preferences

Platform improvementLegitimate interestCookies, analytics, metadata

Legal and tax complianceLegal obligationAll necessary data

4. CATEGORIES OF DATA COLLECTED

4.1 Basic Personal Data:

  • Full name

  • Valid email address

  • Country of residence

  • Preferred language

  • Age (for age verification)

4.2 Financial Data:

  • Transaction information (via Stripe/PayPal)

  • Donation history

  • Data for receipt issuance

4.3 Technical Data:

  • IP address

  • Device type and browser

  • Cookies and similar technologies

  • Analytics data (Google Analytics 4)

4.4 Sensitive Data Protection:

  • We do not collect data about religious beliefs, health, or political opinions

  • Content preferences are treated with maximum security

5. SPECIAL PROTECTION FOR CHILDREN

5.1 Age Verification:

  • We implement age verification systems for users under 16 (EU), 13 (US), and 18 (other jurisdictions)

  • Require verifiable parental consent for data collection from minors

5.2 Rights of Guardians:

  • Parents/guardians can request deletion of minors' data

  • Priority contact: privacy@bibloom.org

6. INTERNATIONAL DATA TRANSFERS

6.1 Legal Framework:

  • Standard Contractual Clauses (EU/Switzerland)

  • Adequacy Decisions

  • Explicit consent for other international transfers

6.2 Global Processors:

ProcessorPurposeLocationCompliance

StripeDonation processingUSAGDPR, CCPA compliant

PayPalDonation processingUSAGlobal privacy standards

Google LLCAnalytics, YouTubeUSAData protection certified

Wix.comWebsite hostingIsraelEU adequacy decision

Cloud ServicesContent deliveryGlobalSCC protections

7. DATA SUBJECT RIGHTS (GLOBAL)

7.1 Universal Rights:

  • Access and data portability

  • Rectification and updates

  • Erasure ("right to be forgotten")

  • Restriction of processing

  • Objection to direct marketing

  • Withdrawal of consent

7.2 Regional Specific Rights:

  • CCPA: Right to know, delete, opt-out

  • LGPD: Anonymization, blocking, elimination

  • GDPR: Data portability, objection

  • Swiss FADP: Information, correction, destruction

8. DATA RETENTION FRAMEWORK

8.1 Retention Periods:

CategoryGlobal StandardRegional Variations

Donor data10 years baseExtended per local tax laws

Newsletter dataUntil revocationImmediate upon request

Analytics data14 months25 months (Google standard)

Children's dataImmediate actionParental verification required

8.2 Secure Deletion:

  • Data anonymization for statistical purposes

  • Secure destruction protocols

  • Certification of deletion available

9. SECURITY MEASURES

9.1 Technical Safeguards:

  • End-to-end encryption (SSL/TLS)

  • Multi-factor authentication

  • Secure encrypted backups

  • Continuous security monitoring

9.2 Organizational Measures:

  • Records of processing activities

  • Data Protection Impact Assessments

  • Annual staff training

  • Confidentiality agreements

10. COMMUNICATIONS PROTOCOL

10.1 Marketing Principles:

  • Double opt-in for all communications

  • Easy unsubscribe in every message

  • No third-party data sharing for marketing

  • Preference-based segmentation only

11. POLICY MANAGEMENT

11.1 Updates and Notifications:

  • Significant changes: direct email notification

  • Current version always at bibloom.org/privacy

  • Version history maintained for compliance

12. CONTACTS AND SUPERVISORY AUTHORITIES

12.1 Data Protection Officer:

  • Email: dpo@bibloom.org

  • Postal: Rue Centrale 3, 1564 Belmont-Broye, Switzerland

12.2 Regional Supervisory Authorities:

  • EU: Local data protection authority

  • Brazil: Autoridade Nacional de Proteção de Dados (ANPD)

  • Switzerland: FDPIC

  • USA: State attorneys general (CCPA)

COMPLIANCE ANNEXES

Annex A - Cookies and Tracking Technologies

CategoryPurposeUser Control

EssentialPlatform functionalityRequired

AnalyticsService improvementOpt-out available

PreferencesUser experienceConsent required

Annex B - Legal Basis Documentation
Complete documentation maintained for regulatory compliance.

FINAL PROVISIONS

This comprehensive privacy framework ensures BIBLOOM.org's commitment to global data protection, reflecting our dedication to transparency, security, and ethical data handling across all jurisdictions where we operate.

Implementation Status:

  • Global compliance framework established

  • Regional adaptations completed

  • Team training scheduled

  • Continuous monitoring activated

This policy represents BIBLOOM.org's unwavering commitment to protecting personal data across all regions and legal jurisdictions, maintaining the highest standards of digital stewardship.

bottom of page