Privacy & Cookies

Stichting Fundamental Truth of Christ ("we", "us", "the foundation") is a Dutch not-for-profit foundation registered with the Chamber of Commerce (KVK) under number 70986665, with RSIN 858535701, recognised as an ANBI (Public Benefit Organisation) by the Dutch Tax Administration since 04-02-2021. Address: Koegelwieck 29, 2134 XX Hoofddorp, The Netherlands Email: info@fundamentaltruthofchrist.nl Website: www.fundamentaltruthofchrist.nl We are the data controller for personal data processed through this website within the meaning of the EU General Data Protection Regulation (GDPR / EU 2016/679) and the Dutch implementing law (Uitvoeringswet AVG).

We process the minimum personal data necessary for the website to function and for our ministry activities: • Account data — first name, last name, email address, hashed password, optional phone and address — supplied when you register with an invite code. • Invite-code redemption — the code you used and the time it was redeemed. • Contact-form messages — your name, email, and the message text when you contact us. • Technical / log data — IP address and basic request metadata captured by our hosting provider for security and abuse prevention (failed-login throttling, server logs). • Cookies — see the dedicated Cookies section below. We do not process special categories of personal data (such as health, ethnicity, or political opinions) through this website.

Each category of data is processed for a specific purpose with a specific legal basis under Article 6 GDPR: • Account creation and login — to give you access to member-only content. Legal basis: performance of a contract / service you requested (Art. 6(1)(b)). • Contact-form messages — to answer your enquiry. Legal basis: your consent (Art. 6(1)(a)) and our legitimate interest in responding (Art. 6(1)(f)). • Security logging and rate-limiting — to detect and stop abuse (e.g. brute-force attempts on login or invite codes). Legal basis: our legitimate interest in protecting the site and its users (Art. 6(1)(f)). • Functional cookies — to remember your session and CSRF token. Legal basis: strictly necessary for the requested service (no consent required; ePrivacy Directive Art. 5(3) exception). • Non-essential cookies (if any) — only with your prior consent (Art. 6(1)(a)). We do not use your data for profiling or automated decision-making.

Access is limited to people and providers who need it: • The foundation's super-admin (currently the chairman) for site administration. • Our hosting provider TransIP B.V. (the Netherlands), which hosts the database and the Object Store where uploaded files are kept. TransIP processes data on our behalf as a processor under a Data Processing Agreement (DPA). We do not sell your data and we do not share it with advertisers. Personal data is stored within the European Economic Area (EEA). We do not currently transfer personal data outside the EEA. If that ever changes, we will rely on appropriate safeguards under Chapter V GDPR (e.g. Standard Contractual Clauses) and update this policy first.

• Account data — for as long as your account exists, plus up to 12 months after deletion in encrypted backups, after which it is permanently removed. • Contact-form messages — up to 24 months, then deleted. • Server / security logs — up to 12 months, then automatically rotated and deleted. • Cookies — see the cookie table below for individual durations. Financial records (donations, ANBI-required disclosures) are kept for 7 years as required by Dutch tax law (Art. 52 AWR).

Under the GDPR you have the right to: • Access the personal data we hold about you. • Rectify inaccurate data. • Erase your data ("right to be forgotten"), subject to legal retention obligations. • Restrict or object to processing. • Data portability — receive your data in a structured, machine-readable format. • Withdraw consent at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. To exercise any of these rights, email info@fundamentaltruthofchrist.nl. We will respond within 30 days. We may ask you to verify your identity to prevent unauthorised disclosure. You also have the right to lodge a complaint with the Dutch Data Protection Authority — Autoriteit Persoonsgegevens — at autoriteitpersoonsgegevens.nl.

Providing your name and email is required to register for an account or use the contact form. If you choose not to provide them, we cannot create your account or respond to your enquiry — but you can still browse the public parts of the site without giving us any personal data.

We apply technical and organisational measures appropriate to the risk: • HTTPS / TLS encryption for all traffic between your browser and the server. • Passwords hashed with bcrypt (PHP password_hash, default cost) — we cannot read your password. • CSRF tokens on every state-changing form, compared in constant time. • Per-IP rate limiting on login and invite-code verification to deter brute-force attacks. • Role-based access control: only super-admins can access management pages. • Off-site, super-admin-only encrypted database backups. No system is 100% secure. If we ever discover a personal-data breach affecting your rights, we will notify the Autoriteit Persoonsgegevens within 72 hours and inform you directly when required by Article 34 GDPR.

This website is not directed at children under 16. Under the UAVG (Art. 5), processing personal data of a child under 16 requires parental consent. If you believe a child has provided us personal data without that consent, please contact info@fundamentaltruthofchrist.nl and we will delete it.

A cookie is a small text file stored by your browser. We use cookies for two reasons only: 1. Strictly necessary cookies — required to make the site work (e.g. keeping you logged in, protecting forms with CSRF tokens). These do not need consent under Article 11.7a of the Dutch Telecommunicatiewet. 2. Functional preference cookies — used only with your consent, and only to remember your cookie-banner choice itself. We do not currently use analytics cookies, advertising cookies, or third-party tracking cookies. If we ever add any, we will only set them after you give explicit consent through the cookie banner. Specific cookies set by this site: • PHPSESSID — first-party, session cookie, deleted when you close your browser. Purpose: keep you logged in and protect form submissions. Strictly necessary. • ftc_cookie_consent — first-party, expires after 12 months. Purpose: remember whether you accepted, rejected, or customised cookie preferences so we don't ask on every visit. Functional. You can withdraw or change your cookie consent at any time via the "Cookie settings" link in the footer, or by clearing cookies in your browser.

Our site links to other websites (e.g. KVK, Autoriteit Persoonsgegevens). We are not responsible for the privacy practices of those sites. When you follow an external link, please read the privacy policy of the destination site.

We may update this Privacy & Cookies Policy from time to time. The current version is always available at this page, with the "Last updated" date shown at the top. Material changes will be highlighted on the home page and, where required by law, communicated to registered users by email.

For any privacy or cookies question, or to exercise your rights, contact: Stichting Fundamental Truth of Christ Koegelwieck 29, 2134 XX Hoofddorp, The Netherlands Email: info@fundamentaltruthofchrist.nl Supervisory authority — Autoriteit Persoonsgegevens (Dutch DPA): Postbus 93374, 2509 AJ Den Haag — autoriteitpersoonsgegevens.nl