Privacy Notice

Loading version…Policy Center

Arzé ("we") respects your privacy. This notice explains what data we collect, why, how we protect it, and the rights you have under the EU General Data Protection Regulation (GDPR) and similar laws.

1. Data we collect

  • Account data: email, display name, country, locale.
  • Verification documents (only if you choose to be verified to post needs from Lebanon): government ID. Stored encrypted in a private bucket; only authorised admins can view it for the purpose of approving or rejecting verification.
  • Content you post: needs, club details, messages, NGO contributions you log.
  • Operational data: session cookies (strictly necessary), error logs, security audit logs.

2. Why we process it (lawful bases)

  • Contract (Art. 6(1)(b)): to operate your account, post needs, and chat.
  • Legal obligation (Art. 6(1)(c)): to keep audit logs and respond to legal requests.
  • Legitimate interest (Art. 6(1)(f)): platform safety, fraud prevention, anonymous impact analytics.
  • Consent (Art. 6(1)(a)): for verification document upload and any optional communication preferences. You can withdraw consent at any time.

3. How long we keep it

  • Account data: until you delete your account.
  • Verification documents: kept only while verification is pending plus up to 30 days after a decision, then permanently deleted.
  • Audit logs: 12 months for security and compliance.
  • Anonymised analytics: indefinitely (no personal identifiers).

4. Sharing

We do not sell or share your data with advertisers. We share strictly with:

  • Our infrastructure providers (database & storage), under contract and within the EU/equivalent jurisdictions.
  • Authorities when required by law.

5. Security

Encryption in transit (TLS) and at rest. Strict role-based access control. Documents in private buckets with signed-URL access only. Audit log of every admin action. NIS2-aligned incident response procedures.

6. Your rights

See the dedicated GDPR rights page.

7. Contact & DPO

Reach our Data Protection Officer at dpo@arze.example. See also the Trust Center, subprocessors and DPIA summary.