Privacy Policy & Data Protection

Last Updated: October 2024

The Empowering Ummah Foundation ("EUF", "we", "our", or "us") respects your privacy and is committed to protecting the Personal Data we process. This Privacy Policy outlines our data handling practices in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, and other applicable global data protection frameworks where relevant.

1. Collection of Personal Data

We collect Personal Data that you voluntarily provide to us when you make a donation, volunteer, or interact with our Platform. This may include:

  • Identity & Contact Data: Name, email address, phone number, and postal address.
  • Financial & Statutory Data: Permanent Account Number (PAN) specifically mandated for the issuance of 80G tax exemption receipts, and payment transaction IDs (Note: We do not store credit card numbers or bank account credentials; these are processed securely by our certified payment gateway partners).
  • Technical Data: IP addresses, browser types, and usage metrics collected via non-intrusive cookies to improve Platform performance.

2. Purpose and Lawful Basis of Processing

EUF processes your Personal Data strictly for the following lawful purposes:

  • To execute charitable transactions and issue statutory tax exemption receipts (Section 80G of the Income Tax Act).
  • To comply with anti-money laundering (AML) and counter-terrorism financing (CTF) directives issued by the Government of India.
  • To communicate impact reports, audits, and foundation updates, subject to your explicit consent.

3. Data Retention Policy

We retain Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. Statutory records (such as PAN details and donation ledgers) are retained for a minimum period of eight (8) years as mandated by the Income Tax Department of India. Non-essential communication data is purged upon request or after two (2) years of inactivity.

4. Strict Beneficiary Anonymity

The dignity of our beneficiaries is absolute. EUF maintains strict internal access controls over beneficiary data. We do not publish personally identifiable information (PII), medical records, or un-obscured photographs of beneficiaries on our public domains without explicit, documented, and revokable consent. All public impact ledgers are anonymised or pseudonymised.

5. Third-Party Disclosures

We do not sell, rent, or trade your Personal Data. We may disclose your data to third parties only in the following circumstances:

  • To regulatory authorities (e.g., Income Tax Department, Ministry of Home Affairs) when legally mandated.
  • To trusted service providers (e.g., payment processors, statutory auditors) under strict confidentiality agreements.

6. Your Rights (Data Principal Rights)

Under the DPDP Act, you possess the right to:

  • Obtain a summary of the Personal Data being processed by us.
  • Request correction or erasure of your Personal Data (subject to our statutory retention obligations).
  • Withdraw your consent for non-essential processing (e.g., marketing communications) at any time.

7. Grievance Redressal

If you have any questions, concerns, or wish to exercise your data rights, please contact our designated Data Protection / Grievance Officer at:

Email: info@empoweringummah.org