Data Protection Policy
This platform is owned and operated by Dakshina Foundation. In this Data Protection Policy, “we”, “us” and “our” refer to Dakshina Foundation. Mithra is a non-profit organization launched by the Dakshina Foundation to bridge the gap between donors with the financial capacity to donate and donees affected by the outbreak of the COVID-19 pandemic. However, the purpose of Mithra is to evolve and ensure help & support is afforded to people in need of it.
The objective of this Data Protection Policy Statement is to inform you of how we provide services to you, as well as its representatives, affiliates and/or agents, manages Personal Data (as defined below). We ask that you read this Personal Data Protection Policy Statement carefully as it contains important information about what to expect when we collect Personal Data about you or from you.
This Data Protection Policy Statement supplements but does not supersede or replace any other consent you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights to which we may have at law to collect, use or disclose your Personal Data.
Personal Data
We cater to two types of users at Mithra, the donor and the donee. The collection of information and its usage differs for both the types of users.
If you are a donee, we collect Personal Data such as, your Aadhar Card, Ration Card, PAN card, BPL card or any other information required to achieve the goal and purpose of the Dakshina Foundation.
If you are a donor, when you make an online donation on the Mithra platform, we collect Personal Data such as your name, billing address, PAN card, telephone number, email address and any other information provided by you.
The Personal Data that you are asked to provide, and the reasons for asking the same, will be made clear to you when you are requested to provide your Personal Data. We only collect information that we believe to be relevant and for the purpose of acknowledging receipt of the donation.
Why this policy exists
This Data Protection Policy ensures Dakshina Foundation:
Complies with data protection law and follow good practice
Protects the rights of staff, donors, donees and partners
Is open about how we processes individuals’ data
Protects itself from the risks of a data breach
Data protection risks
This policy helps to protect Dakshina Foundation from some very real data security risks, including:
Breaches of confidentiality. For instance, information being given out inappropriately.
Failing to offer choice. For instance, all users, including the donors and the donees, should be free to choose how the organisation uses data relating to them.
Reputational damage. For instance, the organisation could suffer if hackers successfully gained access to sensitive data.
General staff guidelines
The only people able to access data covered by this policy should be those who need it for their work.
Data should not be shared informally. When access to confidential information is required, employees can request it from their line managers.
We will provide training to all employees to help them understand their responsibilities when handling data.
Employees should keep all data secure, by taking sensible precautions and following the guidelines below.
In particular, strong passwords must be used and they should never be shared.
Personal data should not be disclosed to unauthorised people, either within the organisation or externally.
Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.
Employees should request help from their line manager or the data protection officer if they are unsure about any aspect of data protection.
Data storage
These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or data controller.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
When not required, the paper or files should be kept in a locked drawer or filing cabinet.
Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
Data printouts should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
Data should be protected by strong passwords that are changed regularly and never shared between employees.
If data is stored on removable media (like a CD or DVD), these should be kept locked away securely when not being used.
Data should only be uploaded to an approved cloud computing services.
Data should be backed up frequently. Those backups should be tested regularly, in line with our standard backup procedures.
Data should never be saved directly to laptops or other mobile devices like tablets or smart phones.
All servers and computers containing data should be protected by approved security software and a firewall.
Responsibilities
Everyone who works for or with the Dakshina Foundation has some responsibility for ensuring data is collected, stored and handled appropriately.
Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
However, these people have key areas of responsibility:
The board of trustees is ultimately responsible for ensuring that Dakshina Foundation meets its legal obligations.
Dakshina Foundation, is responsible for:
Keeping the board updated about data protection responsibilities, risks and issues.
Reviewing all data protection procedures and related policies, in line with an agreed schedule.
Arranging data protection training and advice for the people covered by this policy.
Handling data protection questions from staff and anyone else covered by this policy.
Dealing with requests from individuals to see the data that we hold about them.
Checking and approving any contracts or agreements with third parties that may handle our sensitive data.
Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
Performing regular checks and scans to ensure security software is functioning properly.
Evaluating any third-party services that we may be considering using to store or process data. For instance, cloud computing services.
Approving any data protection statements attached to communications such as emails and letters.
Addressing any data protection queries from journalists or media outlets like newspapers.
Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.
Privacy
The use of our Mithra platform, including the website and the mobile application, is also governed by our Privacy Policy and Terms of Use, which can be accessed on the Mithra platforms.
Consent
By using our website “www.mithra.life”, you hereby consent to our Privacy Policy and agree to its terms.
Contact Us
If you have any comments or questions about the collection, use or disclosure of your Personal Data or this Privacy Policy Statement, please contact us in writing at enquiries@matangifoundation.org.
