PRIVACY POLICY

1.1. "Personal Information" shall mean any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with the Trust, is capable of identifying such person.

1.2. "Sensitive Personal Data or Information" (SPDI) shall have the meaning ascribed to it under Rule 3 of the SPDI Rules, and shall include, without limitation, passwords, financial information (including bank account details, credit/debit card information), physical and mental health conditions, sexual orientation, medical records, and biometric information.

1.3. "Data Principal" shall mean the individual to whom the Personal Information relates.

1.4. "Data Fiduciary" shall mean the Trust, which determines the purposes and means of processing of Personal Information.

1.5. "Processing" shall mean any operation or set of operations performed on Personal Information, whether wholly or partly by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure, or destruction.

1.6. "Website" shall mean the official website of the Trust located at [www.kanayadantrust.org] and any associated sub-domains, mobile applications, or digital platforms operated by the Trust.

2.1. The Trust may collect, receive, and process the following categories of Information from Data Principals:

2.1.1. Identity Information: Full name, date of birth, gender, age, relationship to the Beneficiary, and government-issued identification numbers (including but not limited to Aadhaar number, PAN, Voter ID, or Passport number).

2.1.2. Contact Information: Residential address, postal code, email address, telephone number, mobile number, and emergency contact details.

2.1.3. Financial Information: Bank account details, payment instrument information (including UPI IDs, debit/credit card information), income certificates, and proof of economic status.

2.1.4. Beneficiary Information: Educational records, school attendance, academic performance, health records (if applicable), and any other information provided during Registration or subsequently.

2.1.5. Technical Information: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device information, and clickstream data when visiting the Website.

2.1.6. Usage Information: Information about how you use the Website, including the pages visited, time spent on pages, navigation paths, and access times.

2.2. The Trust does not knowingly collect or process Information from individuals under the age of eighteen (18) years except through their parent or legal guardian who provides explicit consent. The parent or legal guardian shall be deemed to have provided consent on behalf of the minor Data Principal.

The Trust collects and processes Information for the following legitimate purposes:

3.1. Registration and Administration: To process, evaluate, and administer Registration applications under the Scheme, verify eligibility criteria, maintain beneficiary records, and communicate with Data Principals regarding the status of their Registration.

3.2. Service Provision: To provide educational support services, career counselling, ex-gratia assistance (if any), and other welfare benefits under the Scheme.

3.3. Communication: To respond to queries, complaints, or grievances; to send notices, updates, and information about the Scheme; and to fulfill legal or regulatory reporting obligations.

3.4. Donor Management: To process voluntary contributions, issue donation receipts, provide tax exemption certificates under Section 80G of the Income Tax Act, 1961, and maintain donation records as required by law.

3.5. Compliance and Legal Obligations: To comply with applicable laws, regulations, court orders, legal processes, or governmental requests; to detect, prevent, and address fraud, security, or technical issues; and to enforce the Terms and Conditions of the Scheme.

3.6. Research and Analytics: To conduct anonymized and aggregated analysis for the purpose of improving the Scheme, understanding demographic trends, and reporting to donors and regulatory authorities, provided that such analysis does not identify individual Data Principals.

4.1. The Trust processes Personal Information on the basis of express, informed, and voluntary consent obtained from the Data Principal at the time of Registration and collection of Information.

4.2. By providing Information to the Trust, the Data Principal explicitly and affirmatively consents to the collection, processing, storage, and disclosure of their Information as described in this Policy.

4.3. The Data Principal has the right to withdraw consent at any time by providing written notice to the Trust. Upon withdrawal of consent, the Trust shall cease further processing of the Data Principal's Information, except to the extent required to comply with legal obligations or to complete any pending transactions or services.

4.4. Withdrawal of consent shall result in immediate cancellation of Registration under the Scheme, forfeiture of any pending benefits or assistance, and no refund of any voluntary contributions previously made shall be provided.

5.1. The Trust shall not sell, rent, trade, or otherwise transfer Information to any third party except as expressly provided herein.

5.2. The Trust may disclose Information to the following categories of recipients:

5.2.1. Service Providers and Partners: Third-party vendors, contractors, and partners who assist the Trust in providing educational services, payment processing, communication, data storage, or other operational functions, subject to such third parties executing confidentiality agreements and complying with applicable data protection laws.

5.2.2. Regulatory and Government Authorities: In response to a lawful request, subpoena, court order, or government investigation, or as otherwise required to comply with Applicable Laws.

5.2.3. Professional Advisors: To auditors, legal counsel, accountants, and other professional advisors who owe duties of confidentiality.

5.2.4. With Explicit Consent: To any other third party with the explicit consent of the Data Principal.

5.3. The Trust may share anonymized and aggregated data that does not identify individual Data Principals with donors, researchers, and the public for reporting and transparency purposes.

6.1. The Trust implements reasonable security practices and procedures, including administrative, technical, and operational safeguards, to protect Information against unauthorized access, use, modification, disclosure, or destruction. Such measures include, without limitation, encryption of sensitive data, access controls, secure data centers, regular security assessments, and employee training.

6.2. Notwithstanding the foregoing, no method of transmission over the Internet or electronic storage is one hundred percent (100%) secure. The Trust does not guarantee absolute security, and the Data Principal assumes the risk of any unauthorized access or breach to the extent permitted by law.

6.3. The Trust shall retain Information for as long as necessary to fulfill the purposes described herein, to comply with legal obligations, to resolve disputes, and to enforce the Terms and Conditions. Generally, Information shall be retained for a period of ten (10) years from the date of last interaction or until the Beneficiary attains the age of thirty (30) years, whichever is later, after which it shall be securely deleted or anonymized.

Under Applicable Laws, Data Principals have the following rights, exercisable by submitting a written request to the Trust at the contact address provided in Section 10 herein:

7.1. Right to Access: To obtain confirmation from the Trust as to whether the Trust is processing their Information, and to request a copy of such Information.

7.2. Right to Correction: To request correction, update, or completion of inaccurate or incomplete Information.

7.3. Right to Erasure (Right to be Forgotten): To request deletion of their Information, subject to legal retention obligations and legitimate interests of the Trust.

7.4. Right to Withdraw Consent: To withdraw previously given consent for processing of Information, subject to the consequences stated in Section 4.4 hereof.

7.5. Right to Grievance Redressal: To lodge a complaint with the Trust's Grievance Officer or with the appropriate regulatory authority under Applicable Laws.

The Trust shall respond to any such request within thirty (30) days of receipt. The Trust reserves the right to charge a reasonable fee for processing repeated or manifestly unfounded requests.

8.1. The Website uses cookies, web beacons, and similar tracking technologies to enhance user experience, analyze usage patterns, and improve services.

8.2. Cookies are small text files stored on the user's device. The Trust uses session cookies (which expire when the browser is closed) and persistent cookies (which remain until deleted).

8.3. Data Principals may configure their browser settings to refuse cookies or to alert them when cookies are being sent. However, certain features of the Website may not function properly without cookies.

8.4. Third-party analytics services (including but not limited to Google Analytics) may also deploy cookies on behalf of the Trust for the purpose of tracking Website usage. Such third parties are subject to their own privacy policies.

9.1. The Website may contain links to third-party websites, applications, or services that are not owned or controlled by the Trust.

9.2. The Trust is not responsible for the privacy practices, content, or data handling policies of such third parties. Data Principals are advised to review the privacy policies of any third-party websites they access.

9.3. Inclusion of a link to a third-party website does not constitute an endorsement by the Trust of such website or its operators.

10.1. The Trust may transfer Information to servers and service providers located outside the territory of India, subject to compliance with Applicable Laws and the implementation of appropriate safeguards, including standard contractual clauses or binding corporate rules.

10.2. By providing Information to the Trust, the Data Principal consents to such cross-border transfers, understanding that data protection standards in other jurisdictions may differ from those in India.

11.1. The Trust reserves the right to amend, modify, supplement, or replace this Policy at any time without prior notice.

11.2. Any material changes to this Policy shall be communicated by posting the updated Policy on the Website and updating the "Effective Date" at the top of this document.

11.3. Continued use of the Website or the Scheme after the posting of an amended Policy shall constitute deemed acceptance of such amendments.

12.1. Any queries, complaints, or requests regarding this Policy or the handling of Information may be directed to the designated Grievance Officer of the Trust:

12.2. The Grievance Officer shall acknowledge receipt of any grievance within seven (7) working days and shall endeavor to resolve the same within thirty (30) days from the date of receipt.