Data Protection Policy

Data Protection Policy

Introduction

This Data Protection Policy outlines the principles and guidelines for the protection and handling of personal and sensitive data collected and processed by NATURALS CARE (hereinafter referred to as "the Organization"), located in NCT of Delhi . The Organization recognizes the importance of safeguarding personal data and is committed to ensuring compliance with applicable data protection laws and regulations.

Scope

This policy applies to all employees, volunteers, contractors, and third-party service providers who have access to personal and sensitive data held by the Organization. It covers data collected from individuals, including but not limited to donors, beneficiaries, employees, and any other stakeholders.

Data Collection and Processing

a. Lawful and Fair Collection: The Organization will collect personal data only for legitimate purposes and with the consent of the individuals concerned. Data will be collected in a fair and transparent manner.

b. Purpose Limitation: Personal data will be processed only for specified and lawful purposes, and not further processed in a manner incompatible with those purposes.

c. Data Minimization: The Organization will collect and process only the minimum amount of personal data required to achieve the specified purposes.

d. Data Accuracy: Reasonable steps will be taken to ensure the accuracy and completeness of personal data. Individuals have the right to request correction of their data if inaccurate or incomplete.

Data Security and Confidentiality

a. Data Security Measures: The Organization will implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction.

b. Access Control: Access to personal data will be restricted to authorized personnel who require access for legitimate purposes. Access controls, including passwords and user permissions, will be implemented to ensure data confidentiality.

c. Data Breach Response: In the event of a data breach, the Organization will promptly assess and mitigate the risks, notify affected individuals, and report the incident to the appropriate regulatory authorities, as required by applicable laws and regulations.

Data Retention and Disposal

a. Data Retention: Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Retention periods will be clearly defined and regularly reviewed.

b. Data Disposal: Personal data will be securely disposed of when it is no longer needed, in accordance with the Organization's data disposal procedures.

Third-Party Data Processors

a. Data Processing Agreements: The Organization will establish written agreements with third-party service providers that process personal data on its behalf. These agreements will ensure that the service providers implement appropriate data protection measures.

b. Due Diligence: The Organization will conduct due diligence when selecting and engaging third-party service providers to ensure their ability to protect personal data in compliance with applicable laws and regulations.

Data Subject Rights

a. Individual Rights: The Organization will respect the rights of data subjects, including the right to access, rectify, restrict processing, and erase personal data as provided by applicable data protection laws.

b. Data Subject Requests: The Organization will establish procedures to handle data subject requests and will respond to such requests in a timely manner.

Staff Training and Awareness

The Organization will provide training and awareness programs to its staff, volunteers, and contractors to ensure they understand their responsibilities and obligations regarding data protection and privacy.

Compliance and Accountability

The Organization will regularly review and update this Data Protection Policy to ensure compliance with applicable laws and regulations. Any breaches of this policy will be investigated, and appropriate disciplinary action will be taken.

Contact Information

For inquiries or concerns related to data protection and privacy, individuals can contact the designated Data Protection Officer at the Organization.

This Data Protection Policy serves as a commitment to protecting personal data and promoting privacy within the Organization. It is the responsibility of all individuals associated with the Organization to comply with this policy and contribute to the effective implementation of data protection measures.

This is to certify that this broad policy has the approval of governing body

Dr. P.K. KHARE

NATURALS CARE

Email: naturalscareindia@gmail.com 

Mobile: +91 9891251245