Data Protection & GDPR Compliance Policy

Effective Date: August 2025
Approved By: UniNetra Board of Volunteers
Contact: 📧 [email protected]

1. Introduction

At UniNetra, we recognize that protecting the personal data of our beneficiaries, donors, partners, volunteers, staff, and supporters is not just a legal obligation but also a matter of trust, integrity, and responsibility. As a global humanitarian, welfare, and rights-focused NGO, we are committed to safeguarding privacy and ensuring that every individual connected with UniNetra can engage with our work confidently.

This policy outlines our data protection principles, rights, and responsibilities under international standards, including the EU General Data Protection Regulation (GDPR), UK GDPR, and global best practices. It applies to all digital and physical data processing activities carried out by UniNetra across human welfare, animal care, environmental sustainability, youth empowerment, education, and emergency relief initiatives.

2. Scope of Policy

This policy applies to:

  • All personal data collected and processed by UniNetra (online and offline).
  • Data of donors, volunteers, staff, beneficiaries, partners, supporters, and website visitors.
  • All UniNetra projects, platforms, websites (including UniNetra), and communications.

It covers data obtained via:

  • Donations and funding platforms.
  • Volunteer sign-ups and recruitment.
  • Emergency relief and beneficiary records.
  • Event participation.
  • Mailing lists, newsletters, and awareness campaigns.
  • Social media, websites, and digital engagement tools.

3. Our Principles of Data Protection

In line with GDPR and global best practices, UniNetra follows seven core principles:

  1. Lawfulness, Fairness & Transparency – Data is collected legally, fairly, and openly.
  2. Purpose Limitation – Data is collected for specific, legitimate purposes only.
  3. Data Minimization – We collect only the minimum data required.
  4. Accuracy – Data is accurate, kept up to date, and corrected when necessary.
  5. Storage Limitation – Data is retained only as long as needed.
  6. Integrity & Confidentiality – Data is secured against unauthorized access or misuse.
  7. Accountability – UniNetra is fully responsible for compliance and transparent reporting.

4. What Data We Collect

Depending on the relationship, UniNetra may collect:

  • Personal Identification Data: Name, date of birth, gender, ID/passport (where required).
  • Contact Information: Email, phone number, postal address.
  • Donor Information: Donation records, payment method (processed securely through third-party providers), communication preferences.
  • Volunteer & Staff Data: Applications, background checks, skill assessments, references, role history.
  • Beneficiary Data: Case records, family background, emergency needs (strictly limited and anonymized where possible).
  • Digital Engagement Data: Website usage, IP addresses, cookies, newsletter subscriptions, feedback forms.

UniNetra does not collect sensitive data (e.g., religious beliefs, health details) unless absolutely necessary for project delivery, and only with explicit consent.

5. How We Use Data

UniNetra processes personal data for the following purposes:

  • Donor Engagement – Sending receipts, thank-you notes, donation impact reports, and campaign updates.
  • Volunteer & Staff Management – Recruitment, training, assignment, and safeguarding.
  • Beneficiary Support – Delivering aid, emergency assistance, and social services effectively.
  • Transparency & Accountability – Ensuring financial reporting and audit compliance.
  • Awareness & Education – Sending newsletters, invitations, and updates aligned with mission goals.
  • Website & Digital Platforms – Improving user experience, ensuring security, analyzing engagement.
  • Legal & Compliance Obligations – Following donor agreements, grant requirements, and laws.

6. Lawful Basis for Processing

UniNetra processes personal data under GDPR legal bases, including:

  • Consent – When individuals voluntarily opt-in (e.g., newsletters, campaigns).
  • Contract – When data processing is necessary for fulfilling agreements (e.g., volunteer roles).
  • Legal Obligation – Compliance with reporting, financial regulations, or safeguarding laws.
  • Vital Interests – Protecting lives during emergency aid or disaster response.
  • Legitimate Interests – Maintaining supporter relationships, ensuring project effectiveness.

7. Data Security & Storage

We employ strong data security measures to protect all personal information:

  • Encrypted storage of digital data.
  • Restricted access based on role and necessity.
  • Regular backups and secure cloud systems.
  • Firewalls, SSL encryption, and malware protection on websites.
  • Staff and volunteer training on data handling.
  • Physical files stored securely with restricted access.

In case of a data breach, UniNetra follows GDPR requirements by:

  1. Notifying affected individuals promptly.
  2. Reporting to relevant authorities within 72 hours (if EU/UK data is involved).
  3. Taking corrective measures immediately.

8. International Data Transfers

As UniNetra operates globally, personal data may be transferred outside the country of origin.

  • Transfers are always done securely and only to countries with adequate protection measures.
  • Where GDPR applies, Standard Contractual Clauses (SCCs) or equivalent safeguards are enforced.

9. Rights of Data Subjects

Under GDPR and global privacy laws, individuals have the following rights:

  1. Right to Access – Request a copy of personal data we hold.
  2. Right to Rectification – Correct inaccuracies in their data.
  3. Right to Erasure (“Right to be Forgotten”) – Request deletion of data, subject to legal obligations.
  4. Right to Restrict Processing – Pause processing under certain conditions.
  5. Right to Data Portability – Transfer data to another service provider.
  6. Right to Object – Opt-out of data processing for marketing or research.
  7. Right to Withdraw Consent – At any time, without affecting prior lawful processing.
  8. Right to Lodge a Complaint – With data protection authorities if rights are violated.

Requests can be submitted to 📧 [email protected].

10. Cookies & Digital Tracking

Our websites (e.g., Uninetra) use cookies for:

  • Improving user experience.
  • Measuring performance and reach.
  • Ensuring security and fraud prevention.

Visitors may accept, reject, or customize cookies via browser settings.

11. Children’s Data Protection

UniNetra works with children and youth as part of its welfare and education programs. Therefore:

  • We collect children’s data only with explicit parental/guardian consent.
  • We never use children’s data for marketing.
  • Strict safeguarding protocols are in place (aligned with Child Protection & Safeguarding Policy).

12. Data Retention

  • Donor records: 7 years (financial compliance).
  • Volunteer/staff applications: 3 years post-engagement.
  • Beneficiary records: As long as required for aid, then anonymized.
  • Newsletter subscribers: Until opt-out/unsubscribe.

13. Accountability & Governance

To ensure strong data protection:

  • UniNetra has a Data Protection Officer (DPO) responsible for compliance.
  • Regular training is provided to staff and volunteers.
  • Annual audits include data protection review.
  • Policies are reviewed every 12 months.

14. Whistleblowing & Complaints

Individuals may report privacy concerns, misuse, or violations confidentially via:
📧 [email protected]

Reports are investigated promptly, with full protection for whistleblowers under our Anti-Fraud & Whistleblowing Policy.

15. Policy Updates

This policy may be updated to reflect:

  • Changes in global data protection laws (GDPR, UK GDPR, etc.).
  • Evolving NGO best practices.
  • New UniNetra projects or platforms.

Latest version will always be available on our website.

16. Contact Information

For questions, concerns, or exercising rights, contact:

Data Protection Officer – UniNetra
📧 Email: [email protected]
🌍 Website: https://uninetra.org

Conclusion

At UniNetra, data protection is a moral duty as much as a legal one. We handle personal information with the highest standards of integrity, transparency, and care. This ensures that donors, beneficiaries, volunteers, and partners trust our work and continue to stand with us in creating a world where compassion meets action.