This policy aims to guide how data is handled in Siva Foundation. It is intended to guide the first three years of operation of Siva Foundation. We outline the main types of data that we expect to handle and a set of policies that the Foundation will follow. Types of Data We handle the following broad categories of data. For each category, we list some examples, but actual data may include other information. 1. Personal data: name, age, address, contact information, identity 2. Program data: location, attendee lists, photos, recordings 3. Operational data: data related to temples, farms 4. Transaction data: donation details, expenses, financial records 5. Web data: IP addresses, access credentials, cookies, tracking data 6. Communication data: email, social media interactions Data Collection and Storage 1. We collect the above kinds of data through forms, email, Whatsapp groups, webpages, physical visits or other means. 2. We will store personal and sensitive data securely, either in physical or electronic forms using mechanisms such as password protection and access control. Sensitive data may span several categories above including experience sharing from programs, transaction data, emails etc. 3. To facilitate easy data access, data may be stored in servers at any location in the world using on premise or cloud storage and computation. Data Use 1. We will use personal contact information to publicize our events, to organize volunteer activities, for distribution of electronic or material goods, or other legitimate uses with consent from the individual. 2. We will not share personal contact information with third parties for commercial purposes or marketing. 3. We may share personal information (e.g., login,identification credentials, media) with third parties for non-commercial purposes to enable certain operations of Siva Foundation. We will make reasonable attempts to inform individuals in such cases or withhold personally identifiable information if required. For example, photographs from an event may be shared with a third-party printing service without revealing names, identities of the attendees. 4. With consent from the individual, Siva Foundation may share personal information privately or publicly on websites, social media, flyers or other media, for example, as a contact person on a flyer. 5. For historical media related to Siva Swamigal such as photographs or videos, Siva Foundation has the right to share information publicly, even when it includes personal information. 6. For non-personal elements of data related to programs, operations, finances etc., Siva Foundation has the right to share information with third parties or publicly for non-commercial activities that align with the Trust’s principles. 7. Siva Foundation may guide other establishments such as temples, farms etc. without directly owning them. In this case, data arising from such interactions will be stored securely if required and shared publicly only with consent from the establishment. 8. Webpages, apps etc. associated with Siva Foundation may collect information such IP addresses, timestamps, system details etc. This data will be used only to facilitate and ease user transactions with Siva Foundation. This data will not be used for commercial purposes. 9. Siva Foundation has a right to retain financial records indefinitely even when it includes personally identifiable information. Siva Foundation may share financial records with third parties for the purposes of an audit, legal compliance or other reasons. 10. Consent for data sharing may be obtained through written or electronic or other means. User Rights 1. An individual may request a copy of their personal information. 2. An individual may request modification of their personal information. 3. An individual may request subscription or unsubscription or removal from one or more of our mailing lists or communication channels. 4. An individual may request deletion of their personal information from Siva Foundation’s records. 5. For all above requests, Siva Foundation has up to 90 days to process the request. 6. In certain cases, deletion of personal information may not be 100% possible and the Foundation is exempt from complying with the request. Some examples include personal information as part of groups events, information that has been shared with consent on a platform such as YouTube. 7. Siva Foundation has the right to retain financial information, operational information, program information, media etc. even when they have personal information, in order to comply with Indian laws.