The Hunar Foundation - Data Protection Policy
1. Purpose
The Hunar Foundation is committed to protecting the privacy and data of its students, staff, donors, and other stakeholders. This Data Protection Policy outlines how personal information is collected, processed, stored, and secured in compliance with relevant data protection laws.
2. Scope
This policy applies to all employees, volunteers, contractors, and partners who handle personal data on behalf of The Hunar Foundation. It covers all data, whether stored electronically or in paper format, including personal data of students, staff, donors, partners, and vendors.
3. Data Collection
The Hunar Foundation collects personal data for specific, legitimate purposes, including but not limited to:
- Student registration and enrollment
- Staff and volunteer recruitment
- Donor records and correspondence
- Financial transactions and audits
- Program monitoring and evaluation
Data collected may include:
- Names, addresses, and contact information
- Academic and professional qualifications
- Financial and transaction details
- National identity or passport information
- Any other information relevant to the services provided by the foundation
4. Data Processing
Personal data shall be:
- Processed lawfully, fairly, and transparently.
- Collected for specific, explicit, and legitimate purposes.
- Accurate and, where necessary, kept up to date.
- Stored securely to prevent unauthorized access or misuse.
- Retained for only as long as necessary to fulfil the purpose for which it was collected.
5. Data Security
The Hunar Foundation is committed to ensuring that personal data is secure. To prevent unauthorized access, disclosure, alteration, or destruction of data, we have implemented the following measures:
- Password-protected systems for electronic data storage.
- Secure physical storage for paper records.
- Regular data backups and updates to IT security protocols.
- Access to personal data is restricted to authorized personnel only.
6. Rights of Data Subjects
Individuals whose data is held by The Hunar Foundation have the following rights:
- Access: To request access to their personal data and receive a copy.
- Rectification: To have inaccurate or incomplete data corrected.
- Erasure: To request the deletion of their personal data where there is no legitimate reason for its continued use.
- Restriction: To request that the processing of their data be restricted in certain circumstances.
- Objection: To object to the processing of their personal data for specific purposes.
Requests regarding data access, rectification, or deletion can be submitted to The Hunar Foundation’s designated Data Protection Officer (DPO) via email at privacy@hunarfoundation.org.
7. Third-Party Data Sharing
The Hunar Foundation may share personal data with trusted third parties, such as service providers, government bodies, and partner organizations, for legitimate business purposes. Data sharing will only occur under the following conditions:
- The third party has a data protection policy in place.
- Data will only be shared for purposes that align with the foundation’s goals.
- A confidentiality agreement or contract has been signed to ensure data protection.
8. Data Breach Management
In the event of a data breach, The Hunar Foundation will:
- Investigate the breach immediately.
- Notify the relevant stakeholders and regulatory authorities, if necessary.
- Take appropriate steps to mitigate any harm or further unauthorized access.
- Review and improve data security measures to prevent future breaches.
9. Training and Awareness
All employees, volunteers, and contractors who handle personal data will receive regular training on data protection practices. Awareness programs will also be conducted to ensure that the importance of data protection is understood across all levels of the organization.
10. Policy Review
This policy will be reviewed annually or as needed to comply with any changes in data protection laws or practices. Any updates will be communicated to all relevant stakeholders.