about
programes
events
insights
Legal

Privacy Policy

This policy explains what personal information defenceukraine.com collects, how we use it, and the rights you have under EU data protection law.

Last updated: 11 April 2026

1. Who we are

The data controller for defenceukraine.com is Defence Ukraine OÜ, an Estonian private limited company with registry code 17265004 and registered seat at Veski tn 69, 50409 Tartu, Estonia. Full company information is published on our Imprint page.

For any question about your personal information or this policy, contact us at [email protected].

2. What information we collect

defenceukraine.com is an information and contact site. We do not require accounts, do not process payments, and do not invite users to upload files or post public content. The personal information we collect comes from two sources:

Information you submit through forms

The site has several forms — newsletter signup, the contact form, the program inquiry forms, the Fundwiser introduction form, and the event interest forms on individual event pages. Depending on the form, the fields you submit may include:

  • Your name
  • Your email address
  • Your phone number
  • Your company name
  • Your role or position
  • A free-text message (only on the main contact form)
  • Which option you selected from a dropdown (only on the main contact form)

You choose what to provide. Required fields on each form are marked. We do not collect any personal information through the forms beyond what you actively type.

Information collected automatically

When you visit defenceukraine.com, our hosting provider (Cloudflare) and any analytics tools we run may collect a limited amount of technical information automatically, including:

  • Your IP address (typically truncated or anonymised at the edge)
  • The browser and device you are using (user-agent string)
  • The pages you visit on the site and the time you visit them
  • The URL that referred you to the site, if any

Cloudflare uses this information for hosting, security, and bot-mitigation purposes. We use Google Tag Manager (GTM) to load measurement and analytics scripts. The exact tags loaded by GTM may change over time; where they involve cookies or similar identifiers that are not strictly necessary for the operation of the site, we will obtain your consent before they fire, in line with the EU ePrivacy Directive.

3. Why we use your information (legal basis)

Under the EU General Data Protection Regulation (GDPR), every use of your personal information must have a lawful basis. Our uses, and the basis for each, are:

  • Responding to your inquiry. When you submit any contact, program, partnership, or event interest form, we use the information you provide to reply to you, set up a follow-up conversation, or — with your knowledge — make an introduction to a partner organisation. The lawful basis is performance of a pre-contractual step at your request (GDPR Article 6(1)(b)) or our legitimate interest in operating the site and responding to people who contact us (GDPR Article 6(1)(f)).
  • Sending you our newsletter. If you submit your email address to subscribe to our newsletter, the lawful basis is your consent (GDPR Article 6(1)(a)). You can withdraw consent at any time by emailing us or by clicking the unsubscribe link in any newsletter.
  • Operating, maintaining, and securing the site. We use the technical information collected automatically (IP, user agent, request logs) to keep the site running, prevent abuse, and investigate security incidents. The lawful basis is our legitimate interest in operating a secure website (GDPR Article 6(1)(f)).
  • Measuring how the site is used. If you have consented to non-essential analytics cookies, we use the data those tools collect to understand how visitors find and use the site so we can improve it. The lawful basis is your consent (GDPR Article 6(1)(a)).

4. How we share your information

We do not sell your personal information. We share it only with the third parties needed to deliver the service, namely:

  • Resend — when you submit any form on the site, the contents of that form are sent to us as an email via the Resend transactional email service (operated by Resend Inc., USA). Resend processes the email solely to deliver it to our inbox and does not retain the contents long-term.
  • Cloudflare — our hosting provider, which serves the website, runs the form-handling function, and provides security and bot-mitigation. Cloudflare may process your IP and other technical information for these purposes.
  • Partner organisations — when you specifically request an introduction (for example, by submitting the form on the Fundwiser partnership page), we share the relevant contact details with the named partner so they can follow up with you. We will only share what is needed to make the introduction, and only with the partner you have asked to be introduced to.
  • Google Tag Manager — loaded on every page to manage measurement and analytics tags. The data Google collects through any tags loaded via GTM is governed by Google's own privacy policy.

We may also disclose your information if we are legally compelled to do so by a court order, lawful request from a public authority, or other legal obligation we are subject to.

5. International transfers

Some of our service providers (Resend, Google) are based in the United States. Where personal data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses or, where applicable, an adequacy decision, to ensure your information receives equivalent protection.

6. How long we keep your information

We keep the personal information you submit only as long as we need it for the purpose for which you submitted it:

  • Inquiry, partnership, and event interest emails — kept while we are actively in conversation with you, and for a reasonable period afterwards (typically up to 24 months) so we can pick the conversation back up if you re-engage. After that they are deleted from our inbox.
  • Newsletter subscribers — kept until you unsubscribe.
  • Server logs and security data — retained by Cloudflare for the period set out in their data retention policy (typically a few weeks).

7. Cookies and similar technologies

Cookies and similar identifiers used on defenceukraine.com fall into two groups:

  • Strictly necessary. Some cookies are essential to the operation of the site and its security — for example, the bot-management cookies set by Cloudflare. These cookies do not require your consent and cannot be disabled if you want to use the site.
  • Optional (analytics, measurement, marketing). Any cookies set via Google Tag Manager that are not strictly necessary will only be set with your consent. We will ask you for that consent before any non-essential cookie is set.

You can clear cookies at any time through your browser settings, and you can opt out of most analytics tracking through standard browser controls or do-not-track preferences.

8. Your rights

Under the GDPR, you have the right to:

  • Access the personal information we hold about you
  • Rectify personal information that is inaccurate or incomplete
  • Erase personal information we hold about you, in the circumstances permitted by law
  • Restrict our processing of your personal information
  • Object to our processing of your personal information where the legal basis is legitimate interest
  • Receive a copy of your personal information in a structured, commonly-used format (data portability)
  • Withdraw consent at any time, where the legal basis for processing is your consent
  • Lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee/en) or the supervisory authority in the EU country where you live or work

To exercise any of these rights, email [email protected]. We will respond within one month, as required by the GDPR.

9. Children

defenceukraine.com is not directed at children and we do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Security

We take reasonable technical and organisational measures to protect personal information against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure. These measures include using HTTPS for all traffic, restricting access to form submissions to people who need to act on them, and choosing reputable processors (Cloudflare, Resend) who provide their own security guarantees. No system is perfectly secure, however, and we cannot guarantee absolute security of data transmitted over the internet.

11. Changes to this policy

We may update this policy from time to time as the site, our practices, or applicable law change. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be announced on the site itself. Continued use of defenceukraine.com after a change indicates that you accept the updated policy.

12. Contact

For any question about this privacy policy, your personal information, or to exercise any of the rights described above, contact [email protected].