Privacy Policy
Last updated: April 3, 2026
The Parish of St. Basil the Great ("we," "us," or "our") operates basiliusagung.com (the "Website"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Website.
By using the Website, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information Automatically Collected
When you visit our Website, certain information is collected automatically, including:
- Device and browser information: browser type and version, operating system, device type
- Network information: IP address, approximate geographic location (country/region level)
- Usage data: pages visited, time spent on pages, referring URLs, click patterns, scroll depth
- Cookies and similar technologies: session identifiers, preference tokens, analytics identifiers
1.2 Information You Provide Voluntarily
We may collect information you provide directly, such as:
- Contact forms: name, email address, phone number, message content
- Donation and payment forms: name, email address, billing address, payment method details (processed securely by third-party payment providers — we do not store full payment card numbers)
- Newsletter subscriptions: email address, name
- Event registrations: name, contact details, number of attendees
- Account registration: name, email address, password (hashed)
1.3 Information from Third Parties
We may receive limited information from third-party services we integrate with, such as payment confirmation status from payment providers.
2. How We Use Your Information
We use the collected information for the following purposes:
- Website operation: to serve content, maintain performance, and ensure security
- Analytics: to understand how visitors use our Website and improve the user experience
- Communications: to respond to inquiries, send newsletters, and provide event or donation confirmations
- Payment processing: to facilitate donations and other transactions
- Legal compliance: to comply with applicable laws, regulations, and legal processes
- Security: to detect, prevent, and address fraud, abuse, or technical issues
3. Third-Party Services
Our Website uses the following third-party services that may collect and process your data:
3.1 Cloudflare
Our Website is proxied through Cloudflare, Inc. for performance, security, and DNS services.
- Data collected: IP address, request headers, traffic metadata
- Purpose: DDoS protection, CDN caching, SSL/TLS encryption, Web Application Firewall
- Privacy policy: https://www.cloudflare.com/privacypolicy/
3.2 Google Analytics
We use Google Analytics 4 to understand Website traffic and usage patterns.
- Data collected: anonymized IP address, device/browser information, pages visited, session duration, referral source
- Purpose: traffic analysis, content optimization, audience insights
- IP anonymization: enabled by default in GA4
- Privacy policy: https://policies.google.com/privacy
- Opt-out: you may install the Google Analytics Opt-out Browser Add-on
3.3 Vercel
Our Website is hosted on Vercel, Inc.
- Data collected: server logs including IP address, request URL, timestamp, user agent
- Purpose: website hosting, deployment, edge network delivery
- Privacy policy: https://vercel.com/legal/privacy-policy
3.4 Payment Providers
We use third-party payment processors to handle donations and transactions. Depending on the payment method selected, your payment may be processed by:
- [Payment Provider Name, e.g., Stripe, Midtrans, Xendit]
- Data collected by provider: name, email, billing address, payment card or bank account details
- Purpose: secure payment processing
- Note: we do not store your full credit card number, CVV, or bank account details on our servers. All payment data is transmitted directly to and handled by the payment provider.
- Privacy policy: [link to provider's privacy policy]
4. Cookies
4.1 What Are Cookies
Cookies are small text files stored on your device when you visit a website. They help the website remember your preferences and understand how you interact with it.
4.2 Cookies We Use
| Cookie Type | Provider | Purpose | Duration |
| -------------- | ---------------- | --------------------------------------------------- | ---------------- |
| Essential | Cloudflare | Security, bot detection (__cf_bm, cf_clearance) | Session – 30 min |
| Analytics | Google Analytics | Traffic measurement (_ga, _ga_*) | Up to 2 years |
| Functional | Our Website | Language preference, theme preference | 1 year |
4.3 Managing Cookies
You can control cookies through your browser settings:
- Chrome: Settings → Privacy and Security → Cookies
- Firefox: Settings → Privacy & Security → Cookies
- Safari: Preferences → Privacy → Cookies
- Edge: Settings → Cookies and Site Permissions
Please note that disabling certain cookies may affect Website functionality.
5. Data Retention
We retain your information only as long as necessary for the purposes outlined in this policy:
| Data Type | Retention Period |
| ---------------------------- | ------------------------------------ |
| Analytics data | 14 months (Google Analytics default) |
| Server/access logs | 30 days |
| Contact form submissions | 2 years or until resolved |
| Donation/transaction records | 7 years (financial compliance) |
| Newsletter subscriptions | Until you unsubscribe |
| Account data | Until you request deletion |
6. Data Sharing
We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:
- Service providers: with the third-party services listed in Section 3, solely for the purposes described
- Legal requirements: if required by law, regulation, legal process, or governmental request
- Protection: to protect the rights, safety, or property of the Parish, our users, or the public
- Consent: with your explicit consent for any purpose not covered above
7. Data Security
We implement reasonable technical and organizational measures to protect your information, including:
- HTTPS/TLS encryption for all data in transit
- Cloudflare Web Application Firewall and DDoS protection
- Hashed and salted password storage
- Limited access to personal data on a need-to-know basis
- Regular security reviews of third-party integrations
However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate or incomplete data
- Deletion: request deletion of your personal data
- Restriction: request that we restrict processing of your data
- Portability: request a copy of your data in a structured, machine-readable format
- Objection: object to processing of your data for certain purposes
- Withdraw consent: withdraw consent at any time where processing is based on consent
To exercise any of these rights, please contact us at the details provided in Section 11.
9. Children's Privacy
Our Website is not directed at children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately and we will take steps to delete such information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.
For significant changes, we may provide additional notice through the Website or via email.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
St. Basil the Great
- Address: Jl. Flamboyan Gg. Nias, Kec. Pancoran Mas, Depok 16431, Jawa Barat, Indonesia
- Contact Form: Click here
12. Applicable Law
This Privacy Policy is governed by the laws of the Republic of Indonesia, including but not limited to:
- Law No. 27 of 2022 on Personal Data Protection (UU PDP)
- Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions
Where applicable, we also endeavor to comply with the General Data Protection Regulation (GDPR) for visitors from the European Economic Area.