🔒 Privacy Policy (GDPR & Indian Law Compliant)

Transparency, Accountability, and Protection of Your Personal Data

Effective Date: 26th March 2026
Website: https://asarfoundation.org/

This Privacy Policy explains how Asar Foundation (“we”, “our”, “us”) collects, uses, shares, and protects personal data of visitors, donors, volunteers, partners, and other stakeholders. It is designed to comply with applicable laws including the Information Technology Act, 2000 and SPDI Rules, 2011 (India), and the General Data Protection Regulation (EU) 2016/679 (“GDPR”) for users in the European Economic Area (EEA).

By using our website or services, you acknowledge and agree to the practices described herein.

1. Scope and Applicability

This Policy applies to all personal data processed by Asar Foundation through:

1. Our website and digital platforms
2. Donation, volunteer, and contact forms
3. Email, phone, and other communications

For users located in the EEA/UK, GDPR provisions will apply in addition to local Indian law.

2. Definitions

For the purposes of this Policy:

1. Personal Data means any information relating to an identified or identifiable individual.
2. Sensitive Personal Data or Information (SPDI) (under Indian law) includes financial information, passwords, etc.
3. Processing means any operation performed on personal data (collection, use, storage, disclosure, etc.).
4. Data Controller (GDPR) refers to the entity determining the purposes and means of processing—here, Asar Foundation.

3. Data We Collect

We collect personal data that is necessary, relevant, and limited to our legitimate purposes.

3.1 Personal Data

1. Name, email address, phone number
2. Address and identification details (if required for receipts/compliance)
3. Information submitted via forms (contact, volunteer, partnership)

3.2 Financial Data (SPDI)

1. Donation amount and transaction reference
2. Payment method (processed via secure third-party gateways)

We do not store full card/banking details on our servers.

3.3 Technical and Usage Data

1. IP address, browser type, device information
2. Website usage patterns, pages visited, time spent

4. Legal Basis for Processing (GDPR Compliance)

For EEA/UK users, we process personal data based on the following lawful grounds:

1. Consent – When you voluntarily provide data (e.g., forms, newsletter sign-up)
2. Contractual Necessity – To process donations or respond to requests
3. Legitimate Interests – To improve our services, outreach, and communication
4. Legal Obligation – To comply with applicable laws (e.g., financial/tax compliance)

5. Purpose of Data Processing

We process your personal data for the following purposes:

1. To process donations and issue confirmations/receipts
2. To communicate updates, newsletters, and impact reports
3. To respond to queries, volunteer requests, and partnerships
4. To improve website functionality and user experience
5. To comply with legal, regulatory, and audit requirements

We do not process your data for purposes incompatible with the above.

6. Consent and Withdrawal

Where processing is based on consent:

1. Consent is obtained clearly and explicitly
2. You may withdraw consent at any time by contacting us
3. Withdrawal does not affect prior lawful processing

7. Data Sharing and Disclosure

We do not sell or rent personal data.

We may share data with:

1. Payment Processors (e.g., Razorpay, Stripe) for secure transactions
2. Service Providers (IT, hosting, analytics) under strict confidentiality
3. Legal/Regulatory Authorities when required by law

All third parties are obligated to maintain data protection standards.

8. International Data Transfers (GDPR)

If personal data is transferred outside India or the EEA:

1. We ensure adequate safeguards (standard contractual clauses or equivalent)
2. Data is shared only with compliant service providers
3. Reasonable security measures are maintained

9. Data Retention

We retain personal data only as long as necessary for:

1. Fulfilling the purpose for which it was collected
2. Legal, accounting, or reporting obligations

After this period, data is securely deleted or anonymized.

10. Data Security Measures

We implement appropriate technical and organizational measures including:

1. Secure servers and encrypted connections (SSL/HTTPS)
2. Restricted access to personal data
3. Regular monitoring for vulnerabilities

However, no system is completely secure, and we cannot guarantee absolute security.

11. Cookies and Tracking Technologies

We use cookies to:

1. Improve website performance and usability
2. Analyze traffic and user behavior
3. Enhance user experience

You can manage or disable cookies through browser settings.

12. Your Rights (GDPR & Indian Principles)

You have the following rights, subject to applicable laws:

Under GDPR:

1. Right to access your personal data
2. Right to rectification (correction)
3. Right to erasure (“right to be forgotten”)
4. Right to restrict processing
5. Right to data portability
6. Right to object to processing

Under Indian Law:

1. Right to review and correct personal data
2. Right to withdraw consent
3. Right to grievance redressal

Requests can be made via the contact details below.

13. Children’s Data

We do not knowingly collect personal data from individuals under 18 years of age without parental or guardian consent.

If such data is identified, it will be deleted promptly.

14. Grievance Redressal (India Compliance)

In accordance with the IT Act and SPDI Rules, a Grievance Officer is designated:
📧 Email: hello@asarfoundation.org
📍 Address: B-3005, Akshar Business Park, Sec 25, Vashi, Navi Mumbai – 400703

All grievances will be acknowledged within 36 hours and resolved within 30 days, as per applicable guidelines.

15. Data Protection Officer (Optional but Recommended)

If applicable:

Data Protection Officer (DPO):
📧 Email: hello@asarfoundation.org
📍 Address: B-3005, Akshar Business Park, Sec 25, Vashi, Navi Mumbai – 400703

16. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices, and users are advised to review their policies independently.

17. Updates to This Policy

We may update this Privacy Policy periodically to reflect legal or operational changes.

The updated version will be posted on this page with the revised effective date.

18. Contact Us

For any queries, requests, or concerns regarding this Privacy Policy:

📧 Email: hello@asarfoundation.org
📍 Address: B-3005, Akshar Business Park, Sec 25, Vashi, Navi Mumbai – 400703
🌐 Website: https://asarfoundation.org/

⚖️ Final Note

At Asar Foundation, we recognize that data protection is a matter of trust, responsibility, and ethics. We are committed to handling your personal information with integrity and transparency, ensuring compliance with applicable laws while respecting your rights.