Purpose
This policy outlines Aman Fund for Future of Orphans commitment to protecting personal, financial, and sensitive data. It ensures confidentiality, integrity, and lawful processing of information related to beneficiaries, donors, employees, and partners.

Scope
Applies to all:

• Data collected, stored, or processed by the Fund.
• Employees, volunteers, contractors, and third parties handling Fund data.
• Digital and physical data management tools.

Principles

• Lawfulness & Transparency – Data is processed for clear, lawful purposes.
• Minimization – Only relevant data is collected.
• Accuracy – Data must be up to date and correct.
• Retention Limits – Data is retained only as long as needed.
• Security – Data is protected from loss, access, or misuse.
• Accountability – The Fund is responsible for compliance.

Types of Data

• Personal: Names, contact details, national ID, etc.
• Financial: Donation records, bank info, receipts.
• Employment: CVs, certificates, payroll data.
• Beneficiary: Education, social status, needs assessments.

Rights of Data Subjects

• Access information about their data use.
• Request updates or corrections.
• Request deletion (unless legally required to retain).
• Object to unauthorized or marketing-related use.

Data Security

• Technical: Encryption, firewalls, secure backups.
• Physical: Locked storage, access control.
• Administrative: Limited access, staff training.

Data Sharing

• No data shared without a confidentiality agreement.
• Legal sharing permitted only under regulatory obligations.

Data Breach Response

• Must be reported within 24 hours to Internal Audit & Compliance.
• Mitigation steps and notifications will follow as needed.

Retention & Disposal

• Retention periods based on data type and legal requirements.
• Secure deletion/disposal when no longer needed.
• Refer to official Data Retention Schedule for details.