Privacy Policy

Suno Sab ki Awaz Foundation ("we," "us," "our," or the "Foundation") is a registered non-profit organization dedicated to providing cochlear implant surgeries and hearing rehabilitation services to underprivileged children in India.

This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you:

• Visit our website (sunosabkiawaz.com)

• Apply for our programs or services

• Make donations to our organization

• Subscribe to our newsletters or communications

• Interact with us through any other means

By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

We collect several types of information from and about users of our services:

2.1 Personal Information You Provide:

• **Identity Information:** Full name, date of birth, gender, photographs, and identification documents (Aadhaar, passport, etc.)

• **Contact Information:** Email address, phone number, postal address

• **Financial Information:** Bank account details (for donation receipts), income certificates, BPL/APL status documentation

• **Medical Information:** Audiological reports, medical history, diagnosis reports, treatment records (for program applicants)

• **Family Information:** Parent/guardian details, family composition, emergency contacts

2.2 Information Collected Automatically:

• **Device Information:** IP address, browser type, operating system, device identifiers

• **Usage Data:** Pages visited, time spent on pages, click patterns, referring URLs

• **Cookies and Tracking:** We use cookies and similar technologies to enhance your experience

2.3 Information from Third Parties:

• Medical reports from partner hospitals

• Verification data from government databases (with your consent)

• Payment confirmation from payment processors

We use the information we collect for the following purposes:

3.1 Program Administration:

• Evaluate eligibility for our cochlear implant and rehabilitation programs

• Coordinate medical procedures with partner hospitals

• Track patient progress and outcomes

• Schedule appointments and follow-up care

3.2 Donor Services:

• Process donations and issue tax receipts under Section 80G

• Send acknowledgments and impact reports

• Maintain donor records as required by law

3.3 Communications:

• Respond to your inquiries and requests

• Send program updates and newsletters (with your consent)

• Notify you of changes to our services or policies

3.4 Legal and Operational:

• Comply with legal obligations under Indian law

• Prevent fraud and ensure security

• Analyze and improve our services

• Generate anonymized statistical reports

3.5 We Will NOT:

• Sell your personal information to third parties

• Use your medical information for marketing purposes

• Share your data without your explicit consent (except as required by law)

We may share your personal information only in the following circumstances:

4.1 With Your Consent:

• When you explicitly authorize us to share information with specific parties

4.2 Service Providers:

• Partner hospitals and medical professionals (for treatment purposes)

• Payment processors (for donation processing)

• Technology service providers (for website hosting and maintenance)

• All service providers are bound by confidentiality agreements

4.3 Legal Requirements:

• When required by Indian law, court order, or government authority

• To comply with regulatory requirements (FCRA, Income Tax Act, etc.)

• To protect our legal rights or safety of others

4.4 Aggregated Data:

• We may share anonymized, aggregated statistics that cannot identify individuals

• This data is used for research, reporting, and improving services

4.5 Organizational Changes:

• In the unlikely event of merger, reorganization, or dissolution, data may be transferred to successor organizations with similar charitable purposes

We implement appropriate technical and organizational measures to protect your personal information:

5.1 Technical Safeguards:

• Encryption of data in transit (SSL/TLS) and at rest

• Secure servers with firewall protection

• Regular security assessments and updates

• Access controls and authentication systems

5.2 Organizational Safeguards:

• Staff training on data protection and confidentiality

• Limited access to personal data on a need-to-know basis

• Confidentiality agreements with all personnel and partners

• Regular audits of data handling practices

5.3 Medical Data Protection:

• Medical records are handled in accordance with applicable healthcare privacy standards

• Access to medical information is restricted to authorized medical personnel

• Separate secure storage for sensitive health information

5.4 Breach Notification:

• In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by law within 72 hours of becoming aware of the breach

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

6.1 Retention Periods:

• **Program Records:** Medical and treatment records are retained for a minimum of 10 years after the last treatment, as required for medical records

• **Donor Records:** Financial records are retained for 8 years as per Indian tax regulations

• **Communication Preferences:** Retained until you withdraw consent

• **Website Analytics:** Anonymized after 26 months

6.2 Deletion:

• Upon request, we will delete your personal information unless retention is required by law

• Some information may be retained in anonymized form for statistical purposes

• Backup copies may be retained for a limited period for disaster recovery

6.3 Children's Data:

• Data of minor beneficiaries is retained with additional safeguards

• Parents/guardians may request deletion of their child's data

You have the following rights regarding your personal information:

7.1 Right to Access:

• Request a copy of the personal information we hold about you

• Receive information about how your data is processed

7.2 Right to Rectification:

• Request correction of inaccurate or incomplete information

• Update your contact preferences at any time

7.3 Right to Erasure:

• Request deletion of your personal information (subject to legal requirements)

• Withdraw from our mailing lists at any time

7.4 Right to Restrict Processing:

• Request limitation of how we use your data in certain circumstances

7.5 Right to Data Portability:

• Receive your data in a structured, commonly used format

• Request transfer of your data to another organization where technically feasible

7.6 Right to Object:

• Object to processing of your data for specific purposes

• Opt-out of marketing communications at any time

7.7 Right to Withdraw Consent:

• Withdraw consent for any processing based on consent

• Withdrawal does not affect the lawfulness of prior processing

To exercise any of these rights, please contact us using the details provided below.

8.1 What Are Cookies:

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience.

8.2 Types of Cookies We Use:

• **Essential Cookies:** Required for website functionality (cannot be disabled)

• **Analytics Cookies:** Help us understand how visitors use our website

• **Preference Cookies:** Remember your settings and preferences

8.3 Third-Party Cookies:

• We may use Google Analytics to analyze website traffic

• Social media plugins may set cookies when you interact with share buttons

• Payment processors may use cookies for transaction security

8.4 Managing Cookies:

• You can control cookies through your browser settings

• Disabling cookies may affect website functionality

• We honor "Do Not Track" browser signals

8.5 No Advertising Cookies:

• We do not use cookies for targeted advertising

• We do not sell cookie data to advertisers

Given the nature of our work, we often collect information about children who are beneficiaries of our programs:

9.1 Parental Consent:

• We only collect children's information with verifiable parental or guardian consent

• Parents/guardians must sign consent forms before we process any child's data

9.2 Limited Collection:

• We collect only information necessary for providing medical services

• We do not collect children's information for marketing purposes

9.3 Parental Rights:

• Parents/guardians may review their child's information

• Parents/guardians may request correction or deletion

• Parents/guardians may withdraw consent at any time

9.4 Enhanced Protection:

• Children's data receives additional security measures

• Access to children's records is strictly limited

• Photos/videos of children require separate explicit consent

10.1 Primary Storage:

• Your personal information is primarily stored and processed in India

• Our servers are located within India

10.2 Limited Transfers:

• In some cases, data may be transferred internationally for:

- Cloud backup services

- Technical support from service providers

- International donor communications

10.3 Safeguards:

• Any international transfer is protected by appropriate safeguards

• We ensure receiving parties provide adequate data protection

• We comply with applicable data localization requirements

We process your personal information based on the following legal grounds:

11.1 Consent:

• When you explicitly agree to the processing (e.g., newsletter signup, photo consent)

• You may withdraw consent at any time

11.2 Contractual Necessity:

• When processing is necessary to provide services you have requested

• When processing is necessary to fulfill our obligations to you

11.3 Legal Obligation:

• When we are required to process data by law (e.g., tax records, FCRA compliance)

• When processing is necessary for regulatory requirements

11.4 Legitimate Interests:

• When processing is necessary for our legitimate organizational interests

• We balance our interests against your rights and freedoms

• Examples: fraud prevention, service improvement, organizational security

11.5 Vital Interests:

• In emergency medical situations where processing is necessary to protect life

12.1 Updates:

• We may update this Privacy Policy from time to time

• Changes will be posted on this page with an updated "Last Modified" date

• Material changes will be communicated via email or website notification

12.2 Review:

• We encourage you to review this policy periodically

• Continued use of our services after changes constitutes acceptance

12.3 Version History:

• Previous versions of this policy are available upon request

• We maintain records of policy changes for compliance purposes

We are committed to complying with applicable data protection laws and regulations:

13.1 Indian Laws:

• Information Technology Act, 2000

• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

• Digital Personal Data Protection Act, 2023 (as applicable)

• Foreign Contribution (Regulation) Act, 2010 (FCRA)

• Income Tax Act, 1961

13.2 Regulatory Oversight:

• We cooperate with regulatory authorities on data protection matters

• We maintain records as required by law

• We respond to lawful data access requests

13.3 Grievance Redressal:

• We have designated a Grievance Officer as required by law

• Complaints are addressed within the timeframes specified by law

• You may escalate concerns to the appropriate regulatory authority