Last updated on 29 June 2026.
When you use the website www.leetchi.com (hereinafter the “Site”) or our services, we collect personal data concerning you.
The purpose of this policy is to inform you about how we process this data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”).
1. Who is the data controller?
The data controller is the company Leetchi, a simplified joint-stock company, registered with the Paris Trade and Companies Register under number 907 495 204, with its registered office located at 4 rue de la Tour des Dames – 75009 Paris (hereinafter “We”).
2. What data do we collect?
Personal data is data that allows an individual to be identified directly or by cross-referencing with other data.
The data collected is listed below:
- When creating a profile on Leetchi: surname, first name, date of birth, phone number, an avatar, email address, nationality and country of residence of the organiser of the fundraisers.
This collected data is mandatory to access the services of the Leetchi site. Without it, it will not be possible to register and use Leetchi’s services.
- When creating a fundraiser by the organiser: surname, first name, project title, category it falls under, description, an image, objective, targeted amount, name and surname of the fundraiser beneficiary, IP address as well as any identity verification documents necessary to identify the fundraiser organiser, whether a natural or legal person.
- When spending funds from a fundraiser by the organiser for the beneficiary: surname, first name and postal address of the beneficiary, beneficiary’s bank details, as well as any supporting documents related to the legitimacy of the fundraiser (quotes, invoices, etc.)
This Personal Data is necessary for Leetchi to verify the identity of the fundraiser organiser, the destination of the funds, and the receipt of the funds.
- When contributing to a fundraiser by the participant: surname, first name, nationality, country of residence, phone number, date of birth, IP address, payment information, type of bank card used (Carte Bleue, Visa, Mastercard, Maestro) and any identity verification documents necessary to identify the participant, whether a natural or legal person.
Leetchi informs its users and visitors that it does not process data related to the payment methods used to make transactions on the site, except for the first four digits of the bank card, its expiry date, card type and country of origin.
This Personal Data is necessary for Leetchi to verify the identity of the participant(s).
If the above information is not provided, users will not be able to publish their project and/or contribute to projects on the site for contractual and/or regulatory reasons (notably for the purposes of combating fraud, money laundering and terrorist financing).
Collection of other data may be mandatory. All data whose collection is mandatory, the contractual or regulatory nature of this obligation to provide it, as well as the consequences of not providing the relevant data will be communicated to you directly if necessary.
- When contacting Leetchi customer service: surname, first name, date of birth, phone number, email address, link to the fundraiser, content of the request.
This collected data is mandatory for processing the support request. Without it, Leetchi will not be able to process the request.
- When browsing the Leetchi site: see article “Cookies ”.
- When logging into the Leetchi site via the website or the iOS & Android app: surname, first name, email address, phone number, postal address, geolocation data, user preferences, history of creation & participation, data related to interactions with emails and push notifications, technical data such as the type of smartphone used, operating system.
This data is used to personalise and send communications via emails and push notifications, analyse communication effectiveness, and improve Leetchi’s services. It is also used to recommend creations and participations in fundraisers based on the preferences and history of the individuals concerned, offer competitions and participate in satisfaction surveys.
- When the user opens an email, tracking PIXEL data: recipient identity, timestamp of opening and type of device used.
This data is collected to analyse email open rates, optimise campaigns and adjust sending frequency.
2.1. Personal data collected by Mangopay (the payment service provider)
Payments made directly on the site are processed by Mangopay, authorised as an electronic money institution by the Commission de Surveillance du Secteur Financier (CSSF). Mangopay processes personal data for which it is responsible, as described in Mangopay’s privacy policy https://www.mangopay.com/fr/privacy/.
Leetchi is designated by Mangopay as a payment agent. Thus, the personal data necessary for providing payment services and executing contributions to fundraisers are transmitted to Mangopay. This concerns data related to the following purposes:
· Subscription to services and opening of your Mangopay payment account;
· Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF);
· Management of payment orders;
· Customer relationship management, including handling your questions, requests to exercise rights, and any complaints related to payment services;
· Execution of card payments.
Under their legal and regulatory obligations to combat fraud, money laundering and terrorist financing, Leetchi and Mangopay carry out personal data processing, including data combinations, to determine the level of fraud risk associated with a contribution or fundraising. These processes may be used to justify Leetchi’s or Mangopay’s decision to refuse or block a participation or expenditure of a fundraiser on the site.
3. On what legal bases, for what purposes and how long do we keep your personal data?
| Purposes | Legal bases | Retention periods |
|
Performance of contractual measures requested by you within the framework of the intermediation service offered by Leetchi | Your data is retained for 3 years from the last activity |
|
Our legitimate interest in developing and promoting our business
Consent via Opt-in |
Your data is retained for 3 years after the last exchange or immediately after withdrawal of your consent.
Your preference data is retained for 13 months from your inactivity or immediately after withdrawal of your consent. |
|
Article L.561-12 of the Monetary and Financial Code
Contractual performance of the intermediation service |
Your data is retained for 5 years from the closure of your account or the end of the relationship with Leetchi |
|
Participant’s consent
Leetchi’s legitimate interest |
We do not keep data relating to the payment methods used during participation except for the first and last digits of the bank card, its expiry date, card type and country of origin. |
|
Our legitimate interest in responding to your requests and keeping a record of them. |
Identity proof may be requested: we keep it only for the time necessary to verify identity. Once verification is completed, the proof is deleted.
If you exercise your right to object to receiving communications from us: we keep this information for 3 years from the date of objection. |
4. Who are the recipients of your data?
Will have access to your personal data:
- Authorised Leetchi staff;
- Leetchi’s subcontractors (hosting providers, mailing tools, site security tools, audience measurement tools, tracking tools for navigation on our site, customer service and support tools). Leetchi’s subcontractors are bound by confidentiality and security obligations, as well as other obligations set out by Data Protection Regulation;
- The payment service provider Mangopay to manage financial transactions carried out through our service. Information is then collected and processed by Mangopay under the terms of section 2.1 of this Policy;
- Any competent administrative or judicial authority or more generally any authorised third party, to comply with Leetchi’s legal or regulatory obligations;
- The fundraiser organiser and only in the following case: in the event of participation in a fundraiser, the organiser receives an email indicating that their fundraiser has received a contribution. The email contains at least: the participant’s name, surname or pseudonym, the amount of the contribution and the date.
5. Are your data likely to be transferred outside the European Union?
Your data is retained and stored throughout the processing period on servers of the company Microsoft Azure – Île de France.
Leetchi informs its users that Personal Data may be transmitted for the purposes described in section 3 of this policy to companies located in countries outside the European Union.
Data transfers to countries outside the European Union are carried out in compliance with specific rules that ensure the protection and security of Personal Data. In case of transfer of Users’ Personal Data to a country outside the European Union, Leetchi undertakes to implement all appropriate safeguards available, in accordance with applicable Regulation, to ensure the supervision and security of these transfers.
During payment operations carried out with the payment service provider, Personal Data may be transferred to countries outside the European Union, to allow the settlement of the operation, to combat money laundering or terrorist financing (EU Regulation 2015/847), as well as to ensure the security of payment flows more generally.
6. What are your rights regarding your data?
You have the following rights concerning your personal data:
Right to information: this is precisely why we have drafted this policy. This right is provided for by Articles 13 and 14 of the GDPR.
Right of access: you have the right to access all your personal data at any time under Article 15 of the GDPR.
Right to rectification: you have the right to rectify your inaccurate, incomplete or outdated personal data at any time in accordance with Article 16 of the GDPR.
Right to restriction: you have the right to obtain restriction of processing of your personal data in certain cases defined in Article 18 of the GDPR.
Right to erasure: you have the right to request that your personal data be erased and to prohibit any future collection for the reasons set out in Article 17 of the GDPR.
Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a breach of applicable laws. (Article 77 of the GDPR).
Right to define instructions relating to the retention, erasure and communication of your personal data after your death.
Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR states you may withdraw your consent at any time. This withdrawal will not affect the lawfulness of processing carried out before the withdrawal.
Right to data portability: under certain conditions set out in Article 20 of the GDPR, you have the right to receive the personal data you provided to us in a machine-readable standard format and to request its transfer to the recipient of your choice.
Right to object: under Article 21 of the GDPR, you have the right to object to the processing of your personal data. However, please note that we may continue processing despite this objection for legitimate reasons or the defence of rights in court.
You can exercise these rights by writing to us at the contact details below. We may ask you at that time to provide additional information or documents to verify your identity.
7. Contact point for personal data
Contact email: rgpd@leetchi.com
Contact address:
Leetchi - DPO
4 rue de la Tour des Dames
75009 Paris
8. Security
Leetchi takes all physical, technical and organisational measures necessary to protect the confidentiality, integrity and availability of your personal data, notably against loss, accidental destruction, alteration and unauthorised access.
Leetchi also strives with the utmost vigilance to maintain a high standard of security and confidentiality of your personal data by raising awareness among our employees and business partners and training our staff in data protection, by implementing control measures, by deploying tools and practices aimed at obfuscation, anonymisation, encryption and cryptography of data to ensure the protection of your personal data against internal and external data leakage risks.
In the event of a personal data breach concerning you that presents a risk to your rights and freedoms, we will notify the CNIL within the regulatory timeframe. If this breach presents a high risk to your rights and freedoms, we will inform you as soon as possible of the nature of the breach and the measures implemented to remedy it.
8. Changes
We may change this policy at any time, notably to comply with any regulatory, case law, editorial or technical developments. These changes will apply from the effective date of the modified version. You are therefore invited to regularly consult the latest version of this policy. However, we will inform you of any significant changes to this policy.
Effective date: 20 October 2024
| 📧 Any comments or questions? Contact us here. |