We collect information to serve you better and provide you with a more enjoyable experience of our website.
As per the Indian IT Act 2000, section 43 requires every Data Controller who is processing personal data to notify the Information Commissioner unless they are exempt. Failure to report is a criminal offence.
Organisations and people about which we hold information are referred to in this policy as Data Subjects. Dhaneshwarikumari Solanki, the founder Member has been designated as the Data Protection Compliance Officer, the Data Controller for the organisation.
Information we hold
We hold information of three types:
- Organisational information
It is publicly available information as well as some confidential information about organisations.
- Personal information
It is information about individuals such as their names, addresses, job titles, etc.
- Sensitive personal information
We hold information only about the Company Bank Details.
The Data Protection Act does not cover information about organisations. Also, sometimes, there is ambiguity if particular information is personal or organisational.
We obtain people’s consent before holding their individual information. We respect their right and legal requirement of knowing how we are using the data and with whom are we sharing it.
We hold information only for specific purposes, and keep the data subjects informed about those purposes. We also update them if there is a change in purpose.
We understand that if we buy in a mailing list, we cannot use it for any other purpose than the one designated originally by the Data Controller.
Access to Information
- We strive to maintain accurate information by allowing data subjects to update it from time to time.
- We do not disclose information about Data Subjects to other organisations, or to individuals, who are not members of our organisation, staff, or trustees. Except in circumstances where it is a legal requirement, where there is explicit or implied consent, or where information is publicly available elsewhere.
- Data Subjects have the option to opt-out of receiving marketing mailings from us or our partner organisations.
- Data Subjects are entitled to have access to information held about them by us and for what purpose within 40 days of submitting a request.
- Subject to any rules of the organisation awarding the funding, the information will not be retained if no longer required for its stated purpose, we will not keep more than a project requires or surplus information ‘just in case’. We will establish retention periods and a process to delete personal information when no longer required.
- The staff member managing a new project or activity will consult the Data Controller and check about any data protection implicationsat the beginning itself.
- We might work in partnership with other organisations on projects which require data sharing. In such cases, we will ensure clarify on which organisation will be the Data Controller and that it deals correctly with the data collected by us.
- We have procedures in place to ensure the security of electronic personal data. We dispose of paper records containing confidential personnel data securely.
- We preserve project documents and staff records in a locked filing cabinet, and keep IT equipment containing personal information in a locked room or cupboard, when not in use.
- To ensure that the passwords are not easy to guess and to secure the information from would-be thieves, we mandate that all passwords contain upper-and lower-case letters, a number, and ideally a symbol.
- We ensure that all portable devices used to store personal information, including memory sticks and laptops are encrypted.
- We have a set of procedures covering all areas of our work which we follow to ensure that we achieve the aims set out above.
- We have established a business continuity/disaster recovery plan, and we take regular back-ups of computer data files which are stored away from the office at a safe location.
- We provide training on the data protection policy and procedures to the new staff and explain how to store and handle personal information. The existing staff receives refresher training at regular intervals.
- We also carry out an annual review of our data protection policy and procedures.
Appendix – The Data Protection Principles defined by the Information Commissioners Office (ICO)
Whenever collecting information about people, you agree to apply the Eight Data Protection Principles:
- Process personal data fairly and lawfully
- Obtain personal data only for the specified purpose
- Collect adequate, relevant, and not excessive data for the required purposes
- Keep the data accurate and up-to-date
- Don’t keep the data for longer than necessary for the purpose
- Abide by the rights of data subjects under this act while processing the data
- Ensure complete security with adequate technical and organizational measures against unlawful or unauthorized processing of personal data as well as against accidental loss, damage, or destruction to personal data.
- Don’t transfer personal data outside the EEA unless that country or territory ensures an adequate level of data protection.
Note :Incase of any assistance please call our nodal officer on below number
Company No : +1 905 830 4858