Blog

Data protection in fundraising: Collect donations in compliance with GDPR with GRÜN spendino

Last updated on: 17.11.2025

The essentials in brief:

  • A GDPR-compliant donation form is mandatory – and strengthens the trust of your donors.
  • GRÜN spendino meets all requirements: data disclosure, marketing blocking, no unnecessary cookies.
  • The cockpit enables you to implement it easily and legally compliant directly in your daily business.
  • Our team will support you in designing, integrating and optimizing your data protection process.

Anyone who collects donations online cannot avoid a sensitive topic: data protection. Donors disclose personal data – a vote of confidence that you as an organization must take seriously. Therefore, GDPR-compliant fundraising is not optional, but mandatory – and an important signal of trust, professionalism, and transparency. But what does that mean in concrete terms? What technical and organizational measures are necessary to ensure that your Donation form is really GDPR compliant?

Fundraising manager with laptop working in compliance with GDPR GRÜN spendino

Why data protection is so important in fundraising

Donors expect their data to be handled as responsibly as their money. The basis for this is legally compliant data protection in fundraising, which is ensured by the Privacy regulation Especially with online donations, personal contact is lacking – making it all the more important to communicate security and transparency digitally.

Professional data handling not only builds trust but also protects you from legal risks. Those who combine data protection and fundraising effectively demonstrate digital maturity and a sense of responsibility.

FAQ on data protection in fundraising
Young woman donates online on laptop and confirms privacy policy

This ensures GRÜN spendino for data protection and data security

Privacy-friendly presets

New forms contain all GDPR-relevant elements – from consent to the privacy policy to active consent to contact. Nothing is preselected; everything must be consciously confirmed.

Own privacy policy in the form

Since the donation form is integrated into your website, your own privacy policy applies. GRÜN spendino provides you with recommended wording and text modules to adapt your privacy policy.

Multi-tenancy and access control

Data is technically clearly assigned to a specific organization. Even for users with access to multiple organizations, data access remains separate. This reliably prevents unauthorized access – a must for GDPR-compliant fundraising.

No unnecessary cookies

Only session cookies are used for transactions – no personal data is stored. These cookies are automatically deleted and, according to current law, do not require consent.

Central functions for your proof of compliance

Data information for donors

Im GRÜN With spendino Cockpit, you can create a data report with just a few clicks – either as a PDF for information or as an XML file in machine-readable format. This function directly meets the requirements of Art. 15 DSGVO, makes your everyday documentation easier and is therefore an important building block for professional data protection in fundraising.

Person works in GRÜN spendino Cockpit on a GDPR-compliant data disclosure for donors
Woman works in GRÜN spendino Cockpit and sets a marketing block according to GDPR

Marketing block instead of data deletion

If a donor no longer wishes to receive further information or be contacted, you must comply with this request in compliance with data protection regulations – but in many cases, you cannot simply delete the data. Actual donations are subject to legal retention requirements, for example, for tax purposes.

GRÜN Spendino offers a practical solution for this: the marketing block. With one click, you can indicate in the cockpit that the donor no longer wishes to receive mailings or promotions. This block is set system-wide and is clearly visible for the respective person – even in exports or filter lists. This ensures that the donor is no longer contacted for future campaigns, fulfills their data protection wishes, and simultaneously adheres to your retention obligation.

What to do if you are unsure?

Data protection can be complicated—especially when internal resources are lacking or laws are changing. Our team actively supports you in implementing GDPR-compliant fundraising in your organization:

  • When designing forms
  • When integrating into your website
  • With text modules and concrete recommendations for the privacy policy
Request consultationFrequently Asked Questions (FAQ)

Prevention tips: How to make your organization GDPR-ready

  • Create clear processes for data deletion and disclosure obligations
  • Train team members in cockpit handling
  • Regularly integrate data protection into your IT and fundraising strategy
  • Always work with current text modules
  • Participate in webinars and stay up to date
Laptop with donation form and seal “Software made & hosted in Germany”

Conclusion: Trust needs security – GDPR-compliant fundraising with GRÜN spendino

GRÜN spendino stands for security, transparency, and legally compliant data processing – all "made in Germany." With our software, you not only meet the legal requirements of the GDPR but also strengthen the trust of your donors.

Frequently asked questions about data protection in fundraising

How can I ensure that my donation forms are GDPR compliant?

Donation forms must be designed to request consent to the privacy policy and contact details separately—via unchecked boxes. Furthermore, only necessary information may be collected and must be transmitted over a secure connection. GRÜN spendino ensures that these requirements are already implemented in all form templates.

Which data can I store – and for how long?

You may store all data necessary for processing donations and for legally required documentation. Donor data must generally be retained for ten years. Data from individuals who have initiated but not completed a donation may only be stored for a short period of time. GRÜN Spendino automatically deletes them after six weeks.

How do I obtain legally secure consent to contact you?

Consent must be voluntary, clear, and active—this means the donor must check a box if they wish to be contacted by email or phone. Pre-checked boxes are not permitted. Furthermore, consent must not be tied to the donation. GRÜN spendino implements these requirements technically correctly.

What happens to the data if someone cancels the donation process?

If a donor cancels the process, the entered data will be stored for a short time – for example, to enable follow-up in case of technical problems. This data will be automatically deleted after six weeks unless valid consent for further use has been given. Deletion will occur when GRÜN spendino reliably and without manual effort.

How often is my donor data backed up?

The donor data in GRÜN Spendino is automatically backed up daily. This means you're well protected even in the event of technical issues or accidental deletion. Backups run in the background, without any intervention from you.

Where exactly are my donor data stored?

All donor data is stored exclusively on servers in Germany – within the GRÜN App Cloud. Data is stored under strict security guidelines. It is not shared with third parties or stored abroad.

How secure are my donor data with GRÜN spendino?

Data is transmitted encrypted and stored exclusively on secure servers. Access is regulated by role and rights management, ensuring that only authorized persons have access. GRÜN spendino therefore meets high standards in IT security and data protection.

Who actually owns the donor data?

Donor data belongs solely to your organization. GRÜN Spendino manages them solely as part of its contract processing. You can access, export, or delete all data at any time. The data will not be used for any other purpose and will not be shared.

Where will GRÜN spendino developed and operated?

GRÜN spendino is developed entirely in Germany and manufactured in the company’s own GRÜN App Cloud. This means you have software "made and hosted in Germany" – with short communication channels, direct support, and the highest level of legal certainty.

Which hosting standards are met GRÜN spendino?

GRÜN spendino is in the GRÜN App Cloud hosted. The GRÜN App Cloud meets high standards for data protection and IT security. All data is stored exclusively in German data centers, backed up daily, and protected from unauthorized access. The infrastructure is modern, fail-safe, and ideal for sensitive data in the fundraising sector.

Sarah Marie Berg

Sarah Berg
Fundraising expert at GRÜN spendino

Sarah is a fundraising expert and partner manager at GRÜN spendino and has been supporting nonprofit organizations in digitizing their fundraising processes for many years. In her role, she is not only a contact for clients but also a regular speaker in online seminars. With her practical knowledge and sensitivity to the needs of fundraising organizations, she brings complex topics to the forefront in an understandable way.

Contact inquiry

Send us a message to find out more about how our solutions can benefit you. We are looking forward to hearing from you.

Contact