loader

Privacy Policy

1. Purpose and

Scope

This Privacy Policy explains our policy regarding the collection, use, disclosure and transfer of your information by Anadhanam, which is an initiative of Valliappa Foundation. Anadhanam aims to eradicate hunger worldwide by streamlining the donation process and linking donors with trusted non-profit organizations and those in need and/or its subsidiary(ies) and/or affiliate(s) (collectively referred to as the organization, which operates the website (“https://anadhanam.org/”), mobile applications (App) and other services including but not limited to delivery SMS, Mobile app is primarily designed for volunteers who work in the field. Providing them with a digital platform to stay connected with the network, the mobile app enables them to carry out efficient food distribution in the hunger hotspots, any mobile or internet connected device or otherwise (collectively the “App Service”).

The Organization respects the privacy of the users of the Anadhanam platform Services and is committed to reasonably protecting it in all respects. The information about the user as collected by the Company is: (a) information supplied by users and (b) information automatically tracked while using a mobile device having Anadhanam platform Services enabled (collectively referred to as Information).

It is the policy of Anadhanam to comply with all applicable laws and regulatory requirements for the use, access and disclosure of Sensitive Information, to ensure the confidentiality and protection of Sensitive Information, and to prevent and mitigate any privacy incidents.

All members of the Workforce shall be required to comply with this Policy, and it is applicable to all Anadhanam global operations. Individuals who violate these requirements are subject to disciplinary action, up to and including termination or dismissal.

1.1 Information Supplied by Users :

To avail certain services of Anadhanam, users are required to provide some personally identifiable information for the registration process which may include: - a) legal full name, b) email address, c) and phone number.

For donors they may also need to provide e) PAN to generate donation receipts and NGOs need to provide f) Trust/Society registration and necessary details for verification g) bank account details for receiving donations. The information supplied by the users enables us to improve administering and protecting our operations and this Platform and send our users notifications, receipts, etc,.

We may use your email address and phone number without further consent for non-marketing or administrative purposes (such as notifying you of donations, pick-up/delivery information, providing information about updates to services, etc.).

Any personally identifiable information provided by you will not be considered as sensitive if it is freely available and/or accessible in the public domain. Further, any reviews, comments, messages, blogs posted/uploaded/conveyed/communicated by users on the public sections of the Site becomes published content and is not considered personally identifiable information subject to this Privacy Policy.

In case you choose to decline to submit personally identifiable information on the App/Site, we may not be able to provide certain services on the App/Site to you. We will make reasonable efforts to notify you of the same at the appropriate time. In any case, we will not be liable and/or responsible for the denial of certain services to you for lack of you providing the necessary personal information.

When you register with the Anadhanam services, we may contact you from time to time about updating your personal information to provide such features that we believe may benefit/interest you.

1.2 Information automatically tracked while using the App or Site :

  • SMS Inbox Information : The Anadhanam platform also access the User’s SMS inbox only for reading the OTP.
  • The Anadhanam platform accesses business messages that originate from senders. The Anadhanam platform may read personal and OTP messages only if the SMS feature is privilege enabled, no personal SMSes or OTPs are backed up. The collection of such information is only limited to the extent that such data is available in the relevant messages.
  • Demographic and Related Information : We may reference other sources of demographic and other information in order to provide you with more targeted communications and promotions. We use Google Analytics, among others, to track user behavior on our website.
  • Google Analytics specifically has been enabled to support display advertising to help us gain an understanding of our users’ Demographics and Interests. The reports are anonymous and cannot be associated with any individual personally identifiable information that you may have shared with us.
  • Log File Information : Our Servers automatically collect limited information about your device’s connection to the Internet, including your IP address, when you visit our Site or use the App. We automatically receive and log information from the App and/or your browser including but not limited to IP address, your device or computer’s name, and your operating system. We may also collect log information from your device, including but not limited to your location, IP address, your device’s name, device’s serial number or unique identification number (e.g. UDiD on your iOS device, Android ID or ADID on your Android Device), your device operating system, browser type and version, CPU speed, and connection speed etc.
  • Cookies : To improve the responsiveness of the Site for our users, we may use “cookies”, or similar electronic tools to collect information to assign each visitor a unique, random number as a User Identification (User ID) to understand the user’s individual interests using the identified computer. Our partners may also assign their own cookies to your browser, a process that we do not control.

1.3 Links to Third Party Sites/Ad-Servers : The Site may include links to other websites. Such sites are governed by their respective privacy policies, which are beyond our control. Once you leave our servers (you can tell where you are by checking the URL in the location bar on your browser), use of any information you provide is governed by the privacy policy of the operator of the site you are visiting. That policy may differ from ours. If you can’t find the privacy policy of any of these sites via a link from the site’s homepage, you should contact the site directly for more information.

1.4 Information Sharing : The Company may share sensitive personal information with any third party without obtaining the prior consent of the User in the following limited circumstances:

  • When it is requested or required by law or by any court or governmental agency or authority to disclose, for the purpose of verification of identity, or for the prevention, detection, investigation including cyber incidents, or for prosecution and punishment of offences. These disclosures are made in good faith and the belief that such disclosure is reasonably necessary for enforcing these Terms or for complying with the applicable laws and regulations.
  • No personally identifiable data of an individual user such as name, phone number, email address, card details etc. would be shared with any other User and/or third party – unless explicitly approved by the concerned individual user in order to avail of certain services. However, if this conflicts with conditions mentioned in the immediate point above, this condition would become null and void.

1.5 Accessing and Updating Personal Information : When you use the Anadhanam platform Services Site (or any of its sub sites), we make efforts in good faith to provide you, as and when requested by you, with access to your personal information and shall further ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible, subject to any requirement for such personal information or sensitive personal data or information to be retained by law or for legitimate organizational purposes.

We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required.

In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Because of the way we maintain certain services, after you delete your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems.

1.6 Information Storage and backup :

  • 1.6.1 Data Storage: The Amazon RDS is mainly used for the backend for web applications where it can support maximum number of in and output operation. Also, it is easy to scale up and down. Our application is highly secure which can be achieved with the help of AWS RDS. Amazon RDS also allows its users to encrypt the databases using “keys” which is managed by KMS (Key Management Service) under Amazon RDS.
  • 1.6.2 Backups: RDS provides us with the facility to have backups. We are having the backups in multiple forms. Snapshots are basically non-editable backups used for maintaining records and, we have enabled the Automated Backups.

1.7 Information Security : We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where we store personal data. All information gathered on the Anadhanam platform is securely stored within the controlled database. Access to the servers is password-protected and is strictly limited.

2. Exceptions to this

Privacy Policy

Exceptions to this Privacy Policy may be granted by the Head and/or Managing Trustee of Valliappa Foundation in accordance with applicable laws.

3. Privacy

Principles

Anadhanam has implemented the following fair information privacy principles that support individual rights and set guidelines for the protection of Sensitive Information:

3.1 Notice : Anadhanam shall provide notice regarding its privacy policies and procedures and include the purposes for which Sensitive Information is accessed, collected, used, retained, and disclosed. Notice may occur in a variety of formats including publication on Anadhanam’s internal and external websites and specified in internal and external contracts and agreements, or by providing link from other sites and documents.

3.2 Choice and Consent : Where practical or required by law or contract, Anadhanam shall provide individuals with opportunity to consent to or authorize Anadhanam’s access, collection, use, retention, and disclosure of Sensitive Information. Consent or authorization may be explicit or implicit depending upon the specific circumstances, and the Head and/or Managing Trustee of Valliappa Foundation shall advise the Enabling Service Units as to appropriate means of obtaining consent or authorization.

3.3 Limited Collection : Sensitive Information shall only be collected for the purposes identified in the notice.

3.4 Limited Use and Disclosure : Sensitive Information shall only be used and/or disclosed to third parties for the purposes identified in the notice.

3.5 Limited Retention : Sensitive Information may be retained only as long as necessary, including, but not limited to, as may be required by law or contract, to fulfill a valid business purpose.

3.6 Accuracy : Anadhanam shall maintain the accuracy and integrity of the Sensitive Information under its care.

3.7 Right to Inspect/Correction : Individuals may request access to their Sensitive Information and request amendment to that Sensitive Information if such information is believed to be inaccurate. Anadhanam shall review and respond to requests for access and amendment in a timely manner. The IT compliance and legal team shall provide guidance to Enabling Service Units regarding individual rights to access and/or amend Sensitive Information upon request by the organization.

3.8 Disposal : Anadhanam shall dispose and destroy Sensitive Information, at the end of the applicable retention period, in a manner that prevents the likelihood of restoration of the Sensitive Information or in a manner required by law or contract.

3.9 Breach Notification : Actual or suspected breaches of sensitive information shall be immediately reported to Administrator at admin@anadhanam.org

3.10 Training : Workforce members shall be provided training on this Privacy Policy.

3.11 Accountability : Violations of this Privacy Policy may result in disciplinary action up to and including termination, in compliance with Human Resources policies.

4. Privacy Policy

Requirements

4.1 Policy Availability : This Privacy Policy shall be made available to the Workforce through Anadhanam management, the Intranet, formal training programs, and other appropriate mechanisms.

4.2 Review Cycle :

  • 4.2.1 The Head and/or Managing Trustee of Valliappa Foundation shall review the privacy requirements for the organization. The Head and/or Managing Trustee of Valliappa Foundation shall be responsible for conducting an annual review of this Privacy Policy and all related corporate policies, standards, and procedures. The Head and/or Managing Trustee of Valliappa Foundation may grant an exception for an annual review of this Privacy Policy. A review shall also occur each time there is a significant and material change in laws or regulations regarding the privacy of Sensitive Information.
  • 4.2.2 Requests for changes or modifications to this Privacy Policy may be submitted by a member of the Workforce in writing to the Head and/or Managing Trustee of Valliappa Foundation. The Head and/or Managing Trustee of Valliappa Foundation shall determine whether the requested change or modification should be included in the Privacy Policy.

4.3 Policy Retention : This Privacy Policy, as well as any procedures supporting this Privacy Policy, and all previous versions shall be maintained for a minimum m of x three (3) years after the latest effective date, even if superseded, or longer if required by a legal, regulatory, or contractual requirement.

5. Privacy

Requirements

5.1 Executive Commitment : Anadhanam’s executive leadership agrees that maintaining the privacy and security of Anadhanam, the Workforce, Personally Identifiable Information (PII), PI, and other Sensitive Information is necessary for operating in a responsible, compliant manner.

5.2 Workforce Responsibilities : Each member of the Anadhanam workforce is responsible for the security of Sensitive Information in his or her workspace. Workforce members take reasonable and appropriate precautions to safeguard access to Sensitive Information including, without limiting the generality of the following, compliance with security measures required by the Security Policy and other guidance issued by the Head and/or Managing Trustee of Valliappa Foundation

Each Workforce member shall be responsible for:

  • 5.2.1 Reading and understanding the contents of this Privacy Policy and its related policies and procedures;
  • 5.2.2 Ensuring that his or her actions comply with the requirements of this Privacy Policy and its related policies and procedures;
  • 5.2.3 Demonstrating his or her understanding of and compliance with this Privacy Policy and its related policies and procedures through the completion of annual training and certification or through any other means used by Anadhanam for such certification;
  • 5.2.4 Collaborating with all levels of the organization to ensure that an effective privacy program is implemented and maintained;
  • 5.2.5 Seeking assistance if uncertain how to comply with the requirements of this Privacy Policy and its related policies and procedures;
  • 5.2.6 Complying with the Security Policy and related policies and procedures and implementing and maintaining the Security Program;
  • 5.2.7 Reporting any violations of this Privacy Policy, related policies or procedures or the law or regulations to the Human Resources representative, Anadhanam management.

5.3 Project Managers’ Responsibilities :

In addition to responsibilities as a member of the Workforce, Project Manager of Anadhanam shall also be responsible for:

  • 5.3.1 Ensuring that all members of the Workforce reporting directly or indirectly to such manager have read, understood, been trained on, and comply with, this Privacy Policy and its related policies and procedures;
  • 5.3.2 Ensuring all members of the Workforce who report directly or indirectly to such manager have completed the required privacy training;
  • 5.3.3 Ensuring that this Privacy Policy, and its related policies and procedures, are fully implemented in his or her functional area of responsibility;
  • 5.3.4 Requesting guidance from Human Resources on implementing this Privacy Policy as a manager if needed.

5.4 Head and/or Managing Trustee of Valliappa Foundation The Head and/or Managing Trustee of Valliappa Foundation shall be responsible for:

  • 5.4.1 Developing, implementing and maintaining this Privacy Policy and related policies and procedures;
  • 5.4.2 Coordinating with the IT compliance and legal team in the development and maintenance of security policies and programs to ensure that appropriate physical, administrative and technical safeguards are in place to protect the privacy and security of Sensitive Information;
  • 5.4.3 Upon request, reviewing, guiding, and approving Standard Operating Procedures (SOPs) for Enabling Service Units and functions, relating to Sensitive Information;
  • 5.4.4 In collaboration with Human Resources, designing and ensuring the provision of adequate training to all Workforce members, including to every new hire as a part of the on-boarding process, on this Privacy Policy, related policies and procedures, and the privacy and security laws and regulations of applicable jurisdictions.
  • 5.4.5 Receiving and reviewing complaints related to this Privacy Policy and related procedures or the requirements for the handling of Sensitive Information under any applicable law, including documenting the complaint and disposalition thereof.
  • 5.4.6 Coordinating with Human Resources to recommend appropriate discipline for violations of this Privacy Policy;
  • 5.4.7 Reviewing and responding to requests from law enforcement and regulatory agencies for access to Sensitive Information, in coordination with others to the extent permitted and as appropriate;
  • 5.4.8 Ensuring that Anadhanam complies with applicable privacy laws, regulations, and contractual privacy requirements;
  • 5.4.9 May designate another individual to function in his/her capacity with regards to the requirements set forth in this Policy.

5.5 Human Resources : Human Resources shall be responsible for:

  • 5.5.1 Together with the Head and/or Managing Trustee of Valliappa Foundation, designing, documenting, and enforcing a progressive disciplinary policy for non-compliance with or violation of this Privacy Policy and related policies and procedures;
  • 5.5.2 Ensuring that Workforce members reporting violations of this Privacy Policy, related policies or procedures or the law are protected from retaliation;
  • 5.5.3 Communicating job status changes, including termination of Workforce members, to IT Operations, so that access to systems with Sensitive Information is appropriately modified.

6. Permitted Uses and Disclosures

of Sensitive Information

All members of the Workforce shall safeguard the confidentiality of and protect any Sensitive Information in accordance with the requirements of this Privacy Policy, other applicable policies and procedures, relevant contractual requirements, and as required by law.

6.1 Consent and Authorization to Use Sensitive Information :

  • 6.1.1 Limited Collection. Workforce members shall only collect, request, or access the minimum amount of Sensitive Information necessary to serve a valid business purpose and in accordance with the requirements of this Privacy Policy, other applicable policies and procedures, relevant contractual requirements, and as required by law.
  • 6.1.2 Limited Use. Anadhanam Workforce members shall only access, use, and disclose Sensitive Information in accordance with:
    • 6.1.2.1 the requirements of the consent or authorization provided by the subject or owner of the Sensitive Information;
    • 6.1.2.2 the requirements of this Privacy Policy, or other applicable policies and procedures;
    • 6.1.2.3 relevant contractual requirements; and
    • 6.1.2.4 as required by law.
  • 6.1.3 All access, use and disclosure of Sensitive information shall be limited to the minimum amount of Sensitive Information necessary to accomplish a valid business purpose.
  • 6.1.4 All requests to limit or cease using Sensitive Information shall be directed to the Head and/or Managing Trustee of Valliappa Foundation for review.

6.2 De-Identified Sensitive Information :

  • 6.2.1 In certain cases, Anadhanam may receive consent or authorization to de-identify Sensitive Information. In these cases, once the Sensitive Information has been de-identified, Workforce members may use and disclose the de-identified Sensitive Information in accordance with the consent or authorization.
  • 6.2.2 Requests to de-identify Sensitive Information must be submitted, in writing, to the Head and/or Managing Trustee of Valliappa Foundation or her/his designee who will evaluate the scope and purpose of the request and the means of de-identification to ensure a low likelihood of re-identification of Sensitive Information and that applicable legal, contractual, and industry-standard requirements are met.

6.3 Disclosures Required by Law : Anadhanam may use or disclose Sensitive Information as required by law.

7. Disposal of

Sensitive Information

All electronic media and paper copies containing Sensitive Information shall be retained in accordance with Anadhanam Retention Schedule, and properly disposed of once the intended use has been completed. All media or copies containing Sensitive Information from a client is either to be returned to the client, or destroyed, in accordance with the contractual agreement with the client.

8. Human Resources

Privacy Requirements

Human Resources is responsible for ensuring that Workforce Members’ Sensitive Information is appropriately identified and protected in accordance with this Privacy Policy, contractual requirements, applicable laws and regulations of Government of India.

9. Definitions

9.1 “Enabling Service Units” is a formally defined area of Anadhanam representing a specific service function (such as Finance, Solutions Development, Support, etc.). This could be a department or subset of a department.

9.2 “Information” is considered databases, data files, contracts, agreements, system documentation, research information, user manuals, training material, standard operating procedures, disaster recovery plans, third-party data, audit trails, and archived information.

9.3 “Privacy Guidelines” are documents that support this Privacy Policy but are not directive in nature. Guidelines are designed to provide members of the Workforce a recommended path to achieve compliance with Anadhanam’s policy.

9.4 “Privacy Policyrefers to this formal statement by Anadhanam’ executive management outlining the overall intention and direction of the safeguarding and protection of Sensitive Information for Anadhanam, including, but not limited to, affiliates of Anadhanam. It is not intended to be detailed, but rather to serve as a capstone principle supported by subordinate documents (including, but not limited to, the Privacy Procedures and Privacy Standards).

9.5 “Privacy Procedures”directly support this Privacy Policy and are a detailed set of instructions for various groups of individuals, such as the general Workforce, management, Human Resources, and Enabling Service Units. These procedures outline the detailed steps, establish timelines, and document specific behaviors for all Workforce members who are bound within this Privacy Policy’s scope to be in compliance.

9.6 “Privacy Standards” support this Privacy Policy by providing specific boundaries. Privacy Standards are focused and serve to establish a set of mandatory decision criteria for systems and processes. Privacy Standards are intended for a limited audience and are mandatory by definition. Privacy Standards do not normally require executive management approval and therefore are more fluid and may adapt to technological changes.

9.7 “Sensitive Information”is a class of data, that relates to an identified or identifiable individual or entity that is sensitive, confidential, or proprietary to such person or entity and may potentially cause harm to such person or entity if lost or accessed, or used or disclosed by unauthorized persons, either internal or external to Anadhanam. “Sensitive Information” includes, but is not limited to, Protected Health Information, Personal Information, Personal Health Information, Personal Data, and Personally Identifiable Information including other sensitive KYC (Know Your Customer) information collected as a part of OVD (Officially valid document (OVD) the passport, the driving license, the Permanent Account Number (PAN) Card, the Voter's Identity Card issued by the Election Commission of India, job card issued by NREGA (as those terms are defined in applicable law).

9.8 “Systems”are any computing assets that may create, access, or store sensitive data, including those used internally and those developed and sold as a product.

9.9 “Workforce”means full-time or temporary employees, contractors, third-party users, volunteers, interns, trainees, agents, and other persons whose conduct, in the performance of work for Anadhanam, is under the direct control of Anadhanam, whether they are on-site or off-site, and whether or not they are paid by Anadhanam.

Appendix A –

Applicable Regulatory Standards

Laws and regulations relevant to this Policy include, but are not limited to, the following: 

  • Information Technology Act of 2000/2008 (India)
  • Personal Data Protection Bill 2019 -PDP Bill 2019
  • RBI Master Circular – 'Know Your Customer' (KYC) Guidelines-RBI/2015-16/108
  • Organization of Economic Cooperation and Development Guidelines