1. Who are we?

The Charles Darwin Foundation for the Galápagos Islands (CDF) is an international non-profit organization that has been present in Galapagos since 1959. Its mission is to tackle the greatest threats and challenges facing Galapagos through scientific research and conservation actions, aiming to protect one of the world’s most important natural treasures. In our daily activities, we collect and process personal data from various individuals, and we are committed to respecting your privacy and complying with applicable regulations.

2. Where does our policy apply?

This Policy applies to the processing of all personal data that we collect directly from data subjects or through publicly accessible sources and other sources authorized by the Organic Law on the Protection of Personal Data.

3. Who is responsible for data processing?

The Charles Darwin Foundation acts as the Data Controller. Our contact details are:

• Name: Charles Darwin Foundation
• Address: Av. Charles Darwin s/n, Santa Cruz, Puerto Ayora
• Phone: +593 (5) 2 526 146
• Email: cdrs@fcdarwin.org.ec

We are committed to complying with the principles of legality, fairness, transparency, security, and data minimization.

4. What do we use your data for and what is the legal basis?

The personal data we collect will be used for the following purposes:

• To respond to information requests from our users.
• To manage donations and contributions to the Foundation.
• To contact donors and send security alerts, newsletters, and promotional materials, always with the user's prior consent.
• To comply with legal and administrative requirements.
• For historical, statistical, or scientific purposes in accordance with the law.
• To segment and personalize the content of newsletters, fundraising campaigns, and communications related to our activities. This may include tailoring messages based on the user’s interests, previous interactions, or expressed preferences.

Legal Basis for Processing: Data processing is based on the data subject’s consent, compliance with legal obligations, the data controller’s legitimate interest, or the public accessibility of the data.

5. Who do we share your information with?

The Charles Darwin Foundation does not sell or transfer your personal data for commercial purposes. However, in certain cases, we may share information with third parties under strict security and confidentiality conditions:

• Service providers: We share information with companies providing essential services such as donation management, web hosting, or newsletter distribution.
• Legal compliance: We may disclose data when required by law or in response to requests from competent authorities.

In all cases, we ensure that these third parties comply with data protection and confidentiality regulations to safeguard your information.

6. What types of data do we collect?

• Contact information: Name, address, phone number, email.
• Browsing data: IP addresses, browser type, pages visited.

Users are informed about the use of cookies and are given the option to manage them via browser settings.

7. How long do we retain your data?

Data will be retained for as long as necessary to fulfill the purpose for which it was collected and will be deleted when no longer required. Periodic reviews will be conducted to ensure the deletion or anonymization of outdated data.

8. What are your rights regarding your personal data?

Data subjects have the right to:

• Access: Know what personal data we hold.
• Rectification: Correct inaccurate data.
• Deletion: Request deletion of data when appropriate.
• Objection: Object to the processing of data for specific purposes.
• Portability: Obtain a copy of their data in a structured format.

To exercise these rights, you may send a request to cdrs@fcdarwin.org.ec, including a copy of your ID. Requests will be answered within a maximum of 15 business days.

9. How do we protect your data?

We have implemented technical and organizational security measures to protect personal data from unauthorized access, loss, or alteration. Data transmitted through our website is encrypted using SSL.

10. How do we protect minors' privacy?

If a minor under the age of 18 wishes to provide personal data, we require verifiable consent from their parents or legal guardians.

11. Can this policy change?

Yes, we may modify this Policy at any time. In the event of significant changes, we will notify our users and request their consent when necessary.

For more information, contact us at cdrs@fcdarwin.org.ec.

Last updated April 2025.