Privacy Policy

Effective: 21 July 2022

We value your privacy. We don’t rent or sell your personal information with any person, business, or organization, ever. We commit to uphold transparency, accountability, and choice regarding the collection of your personal information. We are committed to using the personal information you provide to only support your relationship with Kanya Raksha Foundation (KRF) and the global network of KRF affiliates (the “KRF Global Team”). The KRF Global Team has business processes to ensure that personally identifiable data is accurate and complete. These business processes are in accordance with KRF’s privacy policy, and serve to support your relationship with the KRF Global Team.

This privacy policy describes how the KRF Global Team collects and uses the personal information you provide, whether online or offline. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. Visitors to kanyaraksha.in can browse our website without providing any personal information.

Contact information of the controller
KRF, as the data controller, is located at PO Box 1096 Kilpauk, Chennai, India – 600010. If you have questions or complaints regarding our privacy policy or practices, please contact us via email at [email protected].
Collection and Use of Personal Information
1. Collection and use of personal information in connection with your donations and any services provided to you by the KRF Global Team
  
  Purpose and legal basis of processing
  1. Art. 6 (1) a) GDPR (processing is based on your consent)
    Only if you provide us your consent (which is revocable at any time), we process personal information from you for e.g. marketing purposes or to facilitate your participation in KRF events or activities in which you voluntarily engage.
  2. Art. 6 (1) b) GDPR (processing is necessary for the performance of a contract)
    In order to communicate with you and for the performance of our contractual obligations to you (for example, to process your donation, issue receipts, and otherwise support your relationship with the KRF Global Team), we may collect the following personal information from you:
    - Contact information such as name, e-mail address, mailing address, phone number
    - Billing Information such as credit card number and billing address
    - Unique identifiers such as user name, account number, password
    - Additional information as needed to support your relationship with KRF, such as minimum age or DOB (to ensure age-appropriate content) and tax-payer information (to support tax recovery)
  3. Art.6 (1) c) GDPR (complying with a legal obligation)
    In certain circumstances, we are obliged to process personal data from you due to a legal obligation, such as anti-corruption stipulations or statutory retention periods.
  4. Art.6 (1) c) GDPR (complying with a legal obligation)
    In certain circumstances, we are obliged to process personal data from you due to a legal obligation, such as anti-corruption stipulations or statutory retention periods.
  5. Art.6 (1) f) GDPR (legitimate interest in transmitting personal data)
    We primarily rely on the legitimate interest of the KRF Global Team to provide constituents with desired information about KRF and its work worldwide. Where we process your personal information on the basis of legitimate interests, including sharing of your personal information within the KRF Global Team or with third-party processors for such purpose, we do so primarily to provide and improve constituent services and provide constituents a service that is suitable to their requirements. We may use your information to improve and customize our constituent services, and as necessary to pursue our legitimate interests of improving our constituent services and experience; understanding how constituents engage with the KRF Global Team, communicating with constituents in appropriately customized ways, and exploring ways to better engage current and future constituents in the mission of KRF. We may also process your information for our legitimate interest in providing age-appropriate content for children; supporting tax recovery; and maintaining the safety and security of our constituent services, including enhancing protection against spam, harassment, intellectual property infringement, crime, and security risks of all kind. We may further process personal information of constituents who attend in-person events or trips for our legitimate interest in providing for the safety and security of all event attendees. The KRF Global Team has a further legitimate interest in processing your personal information as follows:
    - We may exchange personal data within KRF’s international affiliate offices for the legitimate interests described above, as well as for administrative purposes.
    - We may also process personal data from you in order to defend legal claims.
    Additionally, we may collect the following personal information from third-party sources, including from public sources:
    - Marketing information such as additional forms of contact, indicators, or flags used for segmentation purposes.
    - Demographic information, including census data or third-party research for segmentation purposes.
    Surveys or Contests
    From time-to-time, we may provide you the opportunity to participate in contests or surveys on our website or elsewhere. If you participate, we will request certain personal information from you. Participation in these surveys or contests is completely voluntary and you, therefore, have a choice whether or not to disclose this information. The requested information typically includes contact information (such as name and shipping address), and demographic information (such as zip code). The legal basis for processing that Personal Data is Art.6 (1) a) GDPR (consent).
2. Collection and Use of Personal Information in connection with your use of our website
  
  Informational use of our website
  If you do not register with us or otherwise provide us with personal information, we only process the personal information that your browser transmits to our server. This includes your IP address, date and time of the request, content of the request (specific page), the access status/HTTP status code, the amount of data transferred in each case, website from which the request comes, browser, operating system and its surface, language, and version of the browser software. This processing is technically necessary for us to display our website to you and to ensure the stability and security of the website. The legal basis for such processing is Art.6 (1) f) GDPR.
  Links to Other Websites
  Our Site includes links to other websites whose privacy practices may differ from those of KRF. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.
Recipients of your Personal Information
We will share your personal information with third parties only in the ways that are described in this privacy policy. We do not sell your personal information to third parties. In those situations where we use a third party to process your data, we require that these third parties agree to provide the equivalent level of protection as provided under the applicable data privacy law and this privacy policy. Third parties may be suppliers that process personal data on our behalf, such as:
- IT service providers
- Companies that assist with customer service, shipping, or event registration
- Companies that provide other services to support our relationship with you
- Companies that provide demographic and market research assistance
In addition, any office within the KRF Global team may share personal information you provide to the Kanya Raksha Foundation headquarters (“KRF Global”) office in India, or another member of the KRF Global Team, so that the receiving KRF office may engage with users located in their country and as otherwise necessary to manage the provision of suitable services to constituents as appropriate for their needs.
We may also disclose your personal information to third parties:
- as required by law such as to comply with a subpoena or similar legal process;
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; or
- with your prior consent to do so.
Transfers of personal data to countries outside the EU
1. When we use external service providers based outside the European Economic Area to process your personal information, we do so pursuant to the standard contractual clauses for data processors approved by the European Commission to ensure an appropriate level of data protection. These service providers have been carefully selected by us, commissioned in writing, and are bound by our instructions. We regularly check them. The service providers will not pass this data on to third parties but will delete it after fulfillment of the contract and the conclusion of legal storage periods unless you have consented to further storage.
2. When a member of the KRF Global team located within the EU, or otherwise serving as a controller for data subject to GDPR, transfers personal information to the KRF Global office or any other office within the KRF Global Team located outside of the EU, we rely on the standard contractual clauses for data controllers approved by the European Commission to ensure an appropriate level of data protection.
General information and your rights

Choice/Opt-Out
Where you have provided your consent, you have the right to withdraw your consent to our processing of your personal information. For example, you may choose to stop receiving all or certain types of communication by following the unsubscribe instructions included in these emails or you can contact us at [email protected]. You can further choose to withdraw your consent to our processing of your personal information related to an online account (e.g., donor portal) by closing your account through your account settings and then emailing [email protected] to request that your personal information be deleted, except for information that we are required to retain. This deletion is permanent and your account cannot be reinstated.

Correcting, Deleting, and Updating Your Personal Data
To review and update or delete your personal information, contact us at [email protected]. We will respond to your request to access within 10 days.
Customer Testimonials/Comments/Reviews
We may post customer testimonials/comments/reviews on our website that may contain personal information. We will obtain the customer’s consent via email before posting the testimonial to post the customer’s name along with his/her testimonial. If you wish to update or delete your testimonial, you can contact us at [email protected]. The legal basis for that processing is Art.6 (1) a) GDPR.
Data Retention
We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us as described in this policy. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Security
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at [email protected]. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL).
Transaction Security
The personal information collected when you make a contribution or purchase items by credit card is kept for the purposes of tracking your order and to provide a receipt of the transaction. This information is stored on an encrypted, secure server managed by a third-party commercial credit card processing institution.
Notification of Privacy Policy Changes
We may update this privacy policy to reflect changes to our information practices. If we make any material changes we will notify you by e-mail (sent to the e-mail address specified in your account) or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Your rights in respect of your Personal Data
You have the right of access (Art.15 GDPR), rectification (Art.16 GDPR), erasure (Art.17 GDPR), restriction of processing (Art.18 GDPR), and the right to data portability (Art.20 GDPR). In addition, you have the right to object to processing that is based on Art.6 (1) f) GDPR. You also have the right to lodge a complaint with the data privacy supervisory authority.
If you have given us your consent to process personal data for specific purposes, this consent is the legal basis for processing your personal data. Consent can be revoked at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. The revocation can take place form-free and should be directed if possible to the contact information provided in this policy.
Contact Information
Kanya Raksha Foundation
PO Box 1096 Kilpauk, Chennai – 600010
India
[email protected]