We believe that understanding how your data is handled is crucial, and our straightforward policy is designed to make this information accessible to you. Join us on this journey of transparency, where we strive to build trust by prioritizing your privacy and upholding the principles of openness, accountability, and respect for your rights.
- Clear Communication: The best GDPR policies use straightforward language to explain how personal data is collected, used, and protected.
- User Empowerment: They give users control, allowing them to easily access, modify, or delete their personal information.
- Transparency: These policies disclose the purpose of data processing, ensuring users understand why their information is being collected.
- Security Measures: They outline robust security measures to safeguard data, providing reassurance about its protection.
- Consent Clarity: Obtaining user consent is emphasized, and the policies specify the exact purposes for which consent is sought.
- Data Minimization: They stress the principle of collecting only the necessary data, minimizing the intrusion into users’ privacy.
- Cross-Border Data Transfer: If applicable, there’s a clear explanation of how international data transfers comply with GDPR regulations.
- Incident Response: The policies detail steps taken in the event of a data breach, showcasing a commitment to timely and effective response.
- Periodic Review: Regular updates and reviews of the policy demonstrate a commitment to staying current with evolving privacy standards.
- Educational Elements: They include user-friendly explanations to enhance understanding, fostering a sense of awareness regarding privacy rights and obligations.
General Date Protection Regulation
SCOPE OF GDPR DATA PROTECTION POLICY
The policy emphasizes the importance of obtaining clear consent, specifying the purposes for which data is collected. Security measures are outlined, showcasing a robust commitment to protecting user data. The foundation adheres to the principle of data minimization, collecting only essential information. In the event of a data breach, a well-defined incident response plan is in place.
The policy undergoes regular reviews to stay current with GDPR regulations, and educational elements are integrated to enhance user awareness of privacy rights and responsibilities.
This policy governs the processing of all personal data by Soina Foundation, encompassing information collected through our website, social media platforms, email communications, and various other channels.
Data Collection and Use
Our data collection is purpose-driven, focusing on information essential to realizing our charitable objectives and facilitating communication with our valued supporters. This may include, but is not limited to, names, email addresses, postal addresses, phone numbers, and payment details. Importantly, Soina Foundation commits to never selling or sharing personal data with third parties for marketing purposes.
Lawful Basis for Data Processing
We engage in data processing only when a lawful basis exists. This includes obtaining explicit consent from data subjects, processing for the performance of contractual obligations, compliance with legal requirements, or pursuit of our legitimate interests.
To thwart unauthorized access, disclosure, alteration, or destruction of personal data, we have implemented and regularly review robust technical and organizational measures. This ongoing commitment to security ensures the effectiveness of our protective protocols.
Personal data is retained only for as long as necessary, aligning with the purposes for which it was collected or as mandated by legal obligations. Our organization continually reviews and updates retention policies to remain in accordance with these principles.
Data Subject Rights
Under GDPR, data subjects are entitled to several rights, including being informed about data collection, accessing their data, correcting or updating information, requesting data deletion, objecting to processing, restricting processing, and exercising data portability.
Data Protection Officer (DPO)
Soina Foundation has appointed a Data Protection Officer (DPO), Anita Soina, who oversees GDPR compliance and ensures all data processing aligns with GDPR standards while respecting the rights of data subjects.
Roles and Responsibilities of the DPO
The DPO’s responsibilities extend to providing guidance on GDPR and data protection, monitoring compliance, cooperating with supervisory authorities, advising and training employees, conducting data protection impact assessments, and serving as a point of contact for data subjects.
Appointment and Contact Information
DPO Anita Soina, is accessible and can be contacted at info at the Soina Foundation dot org, providing an avenue for both employees and data subjects to seek information or address concerns.
Training and Resources
The DPO ensures employees handling personal data receive comprehensive training on GDPR and data protection regulations, supplemented with relevant resources to enhance understanding.
Monitoring and Reporting
Continuous monitoring of GDPR compliance and reporting any violations to senior management is a responsibility of the DPO. Additionally, the DPO ensures timely reporting of any data breaches to supervisory authorities.
Lawful Basis for Processing Special Categories of Personal Data
When processing special categories of personal data is necessary, the Soina Foundation adheres to lawful bases such as explicit consent, legal obligations, vital interests, not-for-profit activities, public interest, and legal claims.
Data Minimization and Retention of Special Categories
Soina Foundation commits to processing only relevant special categories of personal data and limiting processing to what is strictly necessary. Retention periods for such data are determined by the purposes of collection and legal requirements.
Rights of Data Subjects
Individuals possess rights to access, rectify, erase, or restrict processing of their special categories of personal data. Furthermore, they have the right to object and request data portability. Soina Foundation endeavors to respond to such requests within one month, providing reasons if compliance is not possible.
Children and Minors
We place great emphasis on safeguarding the privacy of children, ensuring that we do not knowingly collect personal identifiable information from those aged 13 years and under. Parents or guardians can contact us to remove information and unsubscribe children from electronic marketing lists.
We affirm that we do not collect data or registration information from children on this site.
For additional information, please read our Terms of Service.
What policies do nonprofit/not-for-profit really need for GDPR?