Use of Cookies and Similar Technologies

Third-Party Links and Services

Changes to this Privacy Policy

Grievance Redressal and Contact Information

Governing Law and Jurisdiction

Privacy Policy

When you use our services, you entrust us with your personal information. We recognize the significance of this responsibility and are committed to safeguarding your data while giving you control over it.

We value your privacy and are committed to safeguarding your personal information. This Privacy Policy explains how we manage and protect your data when you visit our website or engage with our platform, regardless of where you are accessing it from. It also outlines your rights concerning your data and how the applicable laws protect you.

We recommend reviewing this Privacy Policy carefully. Our platform is not designed for use by children, and we do not knowingly collect data from individuals under the age of 18. By accessing our platform, you agree to be bound by the terms of this Privacy Policy. If you do not agree with any of the terms, please cease using the website immediately.
This Privacy Policy is part of and subject to our Terms of Use.

Last updated: June 10th, 2024

1. Introduction

This Privacy Policy (“Policy”) outlines the manner in which Giveza (“we”, “us”, or “our”) collects, uses, discloses, and safeguards your information when you visit or use our website, applications, and other services (collectively, “Services”), whether accessed via a computer, mobile device, or any other means. We are committed to ensuring the privacy and protection of your personal data in compliance with applicable laws and regulations.

1.1. Overview of Privacy Policy

1.1.1. This Privacy Policy provides detailed information about how we manage and protect personal data.
1.1.2. It outlines the type of information we collect, the purposes for which we collect it, how we use it, and the choices you have regarding your personal data.
1.1.3. The policy explains our legal obligations under Indian data protection laws and describes the procedures we have in place to ensure compliance.

1.2. Purpose of Data Collection and Processing

1.2.1. We collect personal data to facilitate and enhance the user experience on our platform, ensuring effective management of donation campaigns.
1.2.2. The primary purposes of collecting personal information include:

1.2.2.1. To create and manage user accounts for both campaign creators and donors.
1.2.2.2. To process donations, including financial transactions and payment processing.
1.2.2.3. To communicate with users about campaigns, donations, and platform updates.
1.2.2.4. To ensure compliance with legal obligations, such as anti-money laundering (AML) and know your customer (KYC) regulations.
1.2.2.5. To improve our platform, services, and user support.
1.2.2.6. To prevent fraud and other illegal activities on the platform.

1.3. Scope of Policy and User Consent

1.3.1. This Privacy Policy applies to all users of our platform, including campaign creators, donors, and visitors.
1.3.2. By using our platform, you consent to the collection, use, storage, and disclosure of your personal information as described in this policy.
1.3.3. Users are responsible for reviewing this policy periodically to stay informed of any updates or changes. Continued use of the platform following any modifications constitutes acceptance of the revised policy.
1.3.4. If you do not agree with any part of this policy, you must discontinue using the platform immediately.

1.4. Legal Basis for Data Processing under Indian Law

1.4.1. Giveza processes personal data in compliance with applicable Indian data protection laws, including the Information Technology Act, 2000 and the rules thereunder, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and any other applicable laws.
1.4.2. The legal bases for processing personal data may include:

1.4.2.1. User Consent: Users provide consent by agreeing to this Privacy Policy and by voluntarily providing their information while using the platform.
1.4.2.2. Contractual Necessity: Processing may be required to perform the contract between Giveza and the user, such as to process donations or allow the creation of fundraising campaigns.
1.4.2.3. Compliance with Legal Obligations: We may be required to process personal data to comply with legal or regulatory obligations, including AML/KYC requirements.
1.4.2.4. Legitimate Interests: We may process data based on legitimate interests, such as fraud prevention, improving our services, and safeguarding the security of the platform.

1.5. Legal Basis for Data Processing under Indian Law

1.5.1. This Privacy Policy is effective as of 17th, April 2023.
1.5.2. We reserve the right to modify this Privacy Policy at any time.
1.5.3. Any changes to this policy will be posted on our platform with a revised “Last Updated” date and we offer access to archived versions for your review.
1.5.4. Users are encouraged to review this policy periodically for any changes. Continued use of the platform will signify acceptance of the updated policy.

1.6. Key Definitions and Interpretations

1.6.1. “Personal Data” refers to any information that can identify an individual, including but not limited to name, contact details, email addresses, and financial information.
1.6.2. “Processing” refers to any operation performed on personal data, such as collection, storage, use, or sharing.
1.6.3. “User” refers to any individual accessing or using our platform, whether as a donor, campaign creator, or visitor.
1.6.4. “Campaign Creator” refers to a user who creates and manages a donation campaign on the platform.
1.6.5. “Donor” refers to an individual or entity making a donation to a campaign via the platform.
1.6.6. “Consent” refers to the agreement of the user to the collection and processing of their personal data as described in this policy.
1.6.7. “Platform” refers to our website (https://giveza.org), mobile application, and any associated services provided by Giveza.
1.6.8. “Sensitive Personal Data” includes information such as financial data, health information, and any other data classified as sensitive under applicable laws.

2. Definitions

2.1. Personal Data

2.1.1. “Personal Data” refers to any information that relates to an identified or identifiable individual (“Data Subject”).
2.1.2. Personal Data may include, but is not limited to, the following:

2.1.2.1. Name, address, email address, phone number, date of birth, or other contact information.
2.1.2.2. Financial information such as payment details, including bank account numbers and credit card information.
2.1.2.3. Any other information that can be used to directly or indirectly identify the individual, such as IP address, device identifiers, or location data.

We are committed to complying with the DPDPA (Digital Personal Data Protection Act, 2023), ensuring that personal data is processed lawfully, fairly, and transparently.

2.2. Non-Personal Data

2.2.1. “Non-Personal Data” refers to any data that cannot be used to identify a specific individual.
2.2.2. This may include aggregated or anonymized data collected by the platform. For instance:

2.2.2.1. Statistical information about the use of the platform (e.g., number of users, number of campaigns created).
2.2.2.2. Browser types, language preferences, or general geographic location.

2.2.3. Non-Personal Data is not subject to the same legal protections as Personal Data, as it cannot identify specific users.

2.3. Data Subject

2.3.1. “Data Subject” refers to any individual whose Personal Data is being collected, held, or processed by the platform.
2.3.2. For the purposes of this policy, Data Subjects include:

2.3.2.1. Campaign creators who register and use the platform to raise donations.
2.3.2.2. Donors who contribute funds to campaigns.
2.3.2.3. Visitors who browse the platform without registering or making donations.

2.4. Data Controller

2.4.1. “Data Controller” refers to the entity that determines the purposes and means of processing Personal Data.
2.4.2. In this context, Giveza acts as the Data Controller for Personal Data collected from users of the platform.
2.4.3. We are responsible for ensuring that the collection, use, and processing of Personal Data are done in accordance with this Privacy Policy and applicable data protection laws.

2.5. Third-Party Service Providers

2.5.1. “Third-Party Service Providers” refers to entities or individuals who provide services to us, but are not part of our organization.
2.5.2. These services may include, but are not limited to:

2.5.2.1. Payment processing services to facilitate donations.
2.5.2.2. Cloud storage and data hosting services.
2.5.2.3. Analytics and marketing tools.

2.5.3. Third-Party Service Providers may have access to certain Personal Data as necessary to perform their services but are bound by confidentiality agreements and required to comply with applicable data protection laws.

2.6. Sensitive Personal Data

2.6.1. “Sensitive Personal Data” refers to specific categories of Personal Data that are subject to enhanced protection under Indian law due to their sensitive nature.
2.6.2. As defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, Sensitive Personal Data may include:

2.6.2.1. Passwords.
2.6.2.2. Financial information, such as bank account details, credit or debit card details.
2.6.2.3. Physical, physiological, and mental health conditions.
2.6.2.4. Sexual orientation.
2.6.2.5. Medical records and history.
2.6.2.6. Biometric information.

2.6.3. We will only collect and process Sensitive Personal Data where strictly necessary and with explicit consent from the Data Subject.

2.7. Profiling

2.7.1. “Profiling” refers to any form of automated processing of Personal Data where the data is used to evaluate certain personal aspects of an individual, such as preferences, interests, or behavior.
2.7.2. Profiling may be used by us to:

2.7.2.1. Personalize and improve user experience on the platform.
2.7.2.2. Provide targeted content or recommendations to users.
2.7.2.3. Detect and prevent fraudulent activities or misuse of the platform.

2.7.3. We will not engage in any profiling activities that result in legal or similarly significant effects on the user without explicit consent.

2.8. Consent

2.8.1. “Consent” refers to a freely given, specific, informed, and unambiguous indication of the Data Subject’s agreement to the processing of their Personal Data.
2.8.2. Consent may be obtained in various forms, including:

2.8.2.1. Providing written or electronic consent through checkboxes or similar mechanisms on the platform.
2.8.2.2. Implied consent through the continued use of the platform after being made aware of this Privacy Policy.

8.3. Users have the right to withdraw consent at any time by contacting us or by ceasing the use of the platform, though withdrawal may impact their ability to fully use certain services offered by the platform.

3. Data Collection and Use

3.1. Types of Data Collected

We collect various types of data from its users to provide, improve, and secure the platform. The types of data collected include:

3.3.1. Personal Information

3.3.1.1 This includes information that identifies or can be used to identify an individual, such as:

Full name
Email address
Phone number
Date of birth
Identification documents (if required for KYC purposes)
PAN number

3.3.2. Financial Information

3.3.2.1. Financial information is collected to facilitate donations and transactions on the platform. This may include:

Bank account details
Credit or debit card numbers
UPI Id’s
Payment gateway information
Billing addresses

3.3.3. Donor and Beneficiary Information

3.3.3.1. Information related to individuals involved in donation transactions, including:

Donor names, email addresses, phone numbers, donation amounts, PAN, billing address and payment details
Beneficiary names, contact details, Identification documents (if required for KYC purposes) and campaign-related information

3.3.4. Technical and Usage Data

3.3.4.1. Third-Party Service Providers collects data automatically when users interact with the platform, such as:

IP address
Browser type and version
Device information (e.g., operating system, device identifiers)
Usage data (e.g., time spent on the platform, pages visited)

3.3.5. Location Data

3.3.5.1. Third-Party Service Providers may collect location-based data from users to:

Identify the geographic origin of transactions
Improve the user experience by customizing content based on location

3.3.6. Communication Data

1.6.1. Information collected when users communicate with us, such as:

Email exchanges
Support requests or inquiries
User feedback or survey responses

3.3.7. Social Media Information

3.3.7.1. If users link their social media accounts to our platform, we may collect information such as:

Public social media profile details
Social media interactions with campaigns
Any data shared with the platform through social media integration

3.2. Methods of Data Collection

We collect data through various methods to ensure a seamless experience for users:

3.2.1. Voluntary Disclosure

3.2.1.1. Users may voluntarily provide personal information when:

Registering on the platform
Creating or contributing to a campaign
Submitting payment information
Contacting customer support

3.2.1.2. This data is collected through forms, fields, or user-submitted content.

3.2.2. Automatic Collection via Cookies and Similar Technologies

3.2.2.1. Data may be automatically collected when users interact with the platform through:

Cookies, which are small files placed on the user’s device to store preferences and track activity
Web beacons, log files, and similar technologies to monitor usage and gather platform analytics

3.2.2.2. Users can manage cookie settings through their browser, but disabling cookies may affect platform functionality.

3.2.3. Collection from Third Parties

3.2.3.1. We may collect data from third-party sources, such as:

Payment processors (e.g., transaction verification and fraud prevention)
Social media platforms (e.g., when users link social media profiles to the platform)
Publicly available data or external databases

3.2.3.2. Data from third parties is collected in compliance with this Privacy Policy and relevant legal requirements.

3.3. Purposes for Data Processing

The data collected by us is processed for various purposes to enhance and secure platform functionality:

3.3.1. Facilitating Transactions and Donations

3.3.1.1. To process donations and ensure smooth financial transactions between donors and beneficiaries, including:

Verifying donor payment information
Transmitting funds to campaign beneficiaries
Issuing donation receipts and confirmations

3.3.2. Communication and Customer Support

3.3.2.1. To communicate with users, respond to inquiries, and provide assistance, including:

Sending transactional emails and notifications related to donations or campaigns
Handling customer support requests and technical issues

3.3.3. Marketing and Promotional Activities

3.3.3.1. To inform users about new campaigns, promotions, or platform updates, including:

Sending newsletters or promotional offers
Personalizing marketing content based on user preferences

3.3.3.2. Users can opt out of receiving marketing communications at any time.

3.3.4. Legal Compliance and Regulatory Requirements

3.4.1. To comply with legal obligations under Indian law, including but not limited to:

Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations
Responding to legal requests from government authorities
Fulfilling tax and reporting obligations related to donations

3.3.5. Improving Platform Services

3.3.5.1. To analyze usage patterns and gather feedback to improve the functionality and performance of the platform, including:

Testing and developing new features
Enhancing user interface and overall platform experience

3.3.6. Fraud Prevention and Risk Management

3.3.6.1. To prevent and mitigate fraudulent activity, protect users from unauthorized access or misuse of the platform, including:

Monitoring and detecting suspicious transactions
Implementing security measures to safeguard user data

3.3.7. User Personalization and Experience Enhancement

3.7.1. To personalize user experiences by:

Customizing content recommendations, campaign suggestions, and platform layout based on user preferences
Providing targeted advertisements and marketing material based on usage patterns
Enhancing platform performance based on location and technical data

4. Data Sharing and Disclosure

4.1. Sharing with Third Parties

We may share user data with third parties only as necessary to provide services, comply with legal requirements, or enhance platform functionality. The categories of third parties with whom data may be shared include:

4.1.1. Service Providers

4.1.1.1. We use third-party service providers to perform various functions, such as:

Payment processing (e.g., to facilitate donation transactions)
Cloud storage, data hosting, and website management services
Customer support, marketing, and communication services

4.1.1.2. These service providers are only provided with the minimum data necessary to perform their tasks and are bound by confidentiality agreements. They are required to comply with applicable data protection laws.

4.1.2. Legal and Regulatory Authorities

4.1.2.1. We may disclose user data in response to legal requests from regulatory or governmental authorities, including:

Compliance with legal obligations under Indian laws, such as tax laws, Anti-Money Laundering (AML), and Know Your Customer (KYC) requirements
Requests from law enforcement authorities for investigations, court orders, or other legal processes

4.1.2.2. Such disclosures are made only when necessary to protect the legal rights of Giveza or comply with legal obligations.

4.1.3. Business Partners and Affiliates

4.1.3.1. We may share data with its business partners and corporate affiliates, such as:

Affiliates within the same corporate group for administrative purposes
Partners involved in joint promotional or marketing activities

4.1.3.2. All data shared with business partners is subject to confidentiality and data protection obligations.

4.1.4. Beneficiaries and Campaign Organizers

4.1.4.1. For donation campaigns, we may share limited information about donors with campaign organizers or beneficiaries, such as:

Donor names, email addresses, and donation amounts
Any messages or notes donors attach to their contributions

4.1.4.2. Donors may choose to remain anonymous in their contributions, in which case their personal data will not be shared with the campaign organizers.

4.2. International Data Transfers

We operate in India but may engage service providers or partners in other jurisdictions, some user data may be transferred across borders. We take steps to ensure compliance with Indian and international data protection standards.

4.2.1. Cross-Border Data Flow

4.2.1.1. Data may be transferred to or accessed by service providers located in other countries for:

Payment processing, cloud storage, or technical support services
Data analytics and platform improvements

4.2.1.2. Such transfers are made in accordance with Indian data protection laws and international data transfer regulations.

4.2.2. Safeguards for International Transfers

4.2.2.1. When transferring data internationally, we ensure adequate protection through:

Contractual clauses with third-party service providers ensuring compliance with data protection regulations
Adherence to recognized international standards of data protection

4.2.2.2. Users will be notified in case of any changes to the countries where their data may be processed.

4.2.3. Data Transfers within Corporate Affiliates

4.2.3.1. We may transfer user data to its corporate affiliates or subsidiaries located in different jurisdictions for operational and administrative purposes.
4.2.3.2. All transfers within corporate affiliates are subject to internal data protection policies and are governed by agreements that ensure the protection of user data.
4.2.3.3. We may use the collected data internally to enhance services, conduct research, and analyze user behavior to improve overall user experience.

4.3. Anonymization and Aggregation of Data

4.3.1. We may anonymize or aggregate user data for business purposes such as:

Conducting platform analytics, market research, or improving services
Sharing aggregated data with partners for statistical analysis or platform development

4.3.2. Aggregated or anonymized data cannot be used to identify specific individuals and is not subject to the same legal protections as personal data.

4.4. Prohibition of Sale of Personal Data

4.4.1. We do not sell, rent, or trade users’ Personal Data to third parties for any purpose, including marketing or advertising activities.
4.4.2. Any data shared with third parties is done in compliance with this Privacy Policy and applicable legal requirements.

4.5. Disclosure in Case of Business Transactions

In the event of business changes or corporate transactions, user data may be shared or transferred as part of the business structure.

4.5.1. Mergers, Acquisitions, and Asset Transfers

4.5.1.1. In the event of a merger, acquisition, or sale of assets involving Giveza, user data may be transferred to the acquiring entity or combined with the acquiring entity’s data.
4.5.1.2. Users will be notified of any such transactions and will be given the option to discontinue using the platform if they do not agree with how their data will be handled by the new entity.

4.5.2. Corporate Restructuring

4.5.2.1. In the event of corporate restructuring, such as a reorganization or bankruptcy, user data may be transferred to another legal entity in the same corporate group.
4.5.2.2. Any such transfers will be conducted in compliance with applicable laws, and users will be informed of the changes to data management.

5. Data Security

5.1. Security Measures Implemented

We are committed to ensuring the security of users’ personal and financial data by implementing robust security measures to protect against unauthorized access, data loss, or misuse.

5.1.1. Encryption and Data Storage

5.1.1.1. All sensitive data, including financial information and personal details, is encrypted both in transit and at rest using industry-standard encryption protocols such as Secure Socket Layer (SSL) technology.
5.1.1.2. Personal and financial data are stored in secure environments that are protected by firewalls, encryption, and other security technologies, we utilize advanced encryption standards, such as AES-256 to safeguard against unauthorized access or breaches.
5.1.1.3. Despite the measures implemented, no method of transmission over the internet or electronic storage is 100% secure. Therefore, while we strive to protect Users’ personal information, it cannot guarantee absolute security.

5.1.2. Access Controls and Authentication

5.1.2.1. Access to user data is strictly limited to authorized personnel who need the information to perform their job functions.
5.1.2.2. Multi-factor authentication (MFA) is employed to verify the identity of authorized users before granting access to sensitive data.
5.1.2.3. Role-based access controls (RBAC) ensure that different levels of employees and service providers can only access the data necessary for their specific tasks.

5.1.3. Monitoring and Audits

5.1.3.1. We regularly monitor its systems for security vulnerabilities, unauthorized access attempts, and suspicious activities using advanced intrusion detection systems.
5.1.3.2. Periodic security audits and vulnerability assessments are conducted to identify and mitigate potential risks.
5.1.3.3. Logs of all access to sensitive data are maintained and reviewed for security incidents.

5.1.4. Security Compliance Certifications

5.1.4.1. We follow recognized industry standards and best practices for data security and may obtain relevant certifications, such as ISO/IEC 27001 (Information Security Management) or PCI DSS (Payment Card Industry Data Security Standard), where applicable.
5.1.4.2. These certifications demonstrate our commitment to maintaining a high level of security for user data and compliance with industry regulations.

5.2. Data Breach Notification Protocols

5.2.1. In the event of a data breach or security incident involving personal data, we will:

Promptly assess the scope of the breach and take measures to contain it.
Notify affected users and regulatory authorities within the time frames required by Indian data protection laws or any applicable international regulations.
Provide information on the nature of the breach, the data affected, and steps users should take to protect themselves.

5.2.2. Users will also receive guidance on potential risks and any preventive actions they should consider, such as changing passwords or monitoring financial accounts

5.3. User Responsibilities in Maintaining Security

5.3.1. Users have a role in maintaining the security of their personal data and should:

Use strong and unique passwords for their accounts.
Enable multi-factor authentication (MFA) where available.
Regularly update passwords and review account security settings.
Avoid sharing login credentials with third parties.

5.3.2. If users suspect unauthorized access to their account, they should immediately notify us so that security measures can be taken to secure their accounts.

5.4. Data Security in Third-Party Integrations

5.4.1. We may integrate with third-party service providers for payment processing, data storage, or other services.
5.4.2. We ensure that all third-party providers comply with stringent data security requirements, including:

Encryption of sensitive data shared between our platform and the third-party service.
Data protection agreements that require third-party providers to implement equivalent or better security measures than those followed by us.

5.4.3. While we take steps to verify the security of third-party providers, users are encouraged to review the privacy and security practices of these third parties when using their services.

5.5. Incident Response and Management

5.5.1. We have a dedicated incident response team responsible for managing and addressing security incidents, including:

Identifying the source and scope of any breach or security event.
Implementing immediate containment and mitigation strategies to prevent further damage.
Communicating with affected users and relevant authorities during and after the incident.

5.5.2. After a security incident, we conduct a full review of the event, including root cause analysis, to ensure that vulnerabilities are addressed and preventive measures are strengthened.

6. User Rights and Control

6.1. Right to Access and Rectification

6.1.1. Users have the right to access, correct, or delete their personal data we hold about them. Users may update their account information through their account settings or by contacting our customer support. Upon request, users can:

Obtain a copy of their personal data held by us.
Verify the accuracy of their data.

6.1.2. If any data is inaccurate or incomplete, users have the right to request correction or update of such data. We will promptly rectify any errors once notified.

6.2. Right to Data Portability

6.2.1. Users have the right to request and receive their personal data in a structured, commonly used, and machine-readable format.
6.2.2. Users may also request that we transfer their personal data directly to another data controller, where technically feasible, provided that such transfer does not infringe on the rights or freedoms of others.

6.3. Right to Erasure (Right to be Forgotten)

6.3.1. Users may request the deletion of their personal data under certain circumstances, including:

When the data is no longer necessary for the purposes for which it was collected.
When users withdraw consent to data processing and there is no other legal basis for processing.
When users object to the processing of their data, and there are no overriding legitimate grounds for the processing.
When the data was processed unlawfully.

6.3.2. We will comply with such requests, subject to any legal obligations that require the retention of certain data (e.g., for regulatory or financial reporting purposes).

6.4. Right to Restrict or Object to Processing

6.4.1. Users have the right to request a restriction on the processing of their personal data under certain conditions, such as:

When users contest the accuracy of their data, for a period allowing us to verify the data’s accuracy.
When the data processing is unlawful, and the user opposes erasure and requests restriction instead.

6.4.2. Users also have the right to object to the processing of their personal data for certain purposes, such as:

Direct marketing.
Profiling based on legitimate interests.

6.4.3. We will comply with such objections unless there are compelling legitimate grounds for the processing that override the user’s rights.

6.5. Right to Withdraw Consent

6.5.1. Users who have provided consent for the processing of their personal data have the right to withdraw that consent at any time.
6.5.2. Upon receiving a request to withdraw consent, we will stop processing the user’s data unless another legal basis for processing exists.
6.5.3. Withdrawing consent does not affect the lawfulness of processing conducted prior to the withdrawal.

6.6. Rights Regarding Automated Decision-Making and Profiling

6.6.1. Users have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significant impacts on them.
6.6.2. Where automated decision-making is used (e.g., for fraud detection or personalized services), users have the right to:

Obtain human intervention.
Express their views.
Contest the decision made by automated processing.

6.6.3. We ensure that such decisions are made in compliance with relevant legal requirements and with appropriate safeguards to protect users’ rights.

6.7. Exercising Your Rights: Procedures and Timeframes

6.7.1. Users can exercise their rights by submitting a request through our designated channels, such as:

Using the contact form on the platform.
Clearly specifying the nature of their request (e.g., access to data, rectification, erasure).

6.7.2. We will acknowledge the request and respond within a reasonable timeframe, typically within 30 days of receiving the request.
6.7.3. In cases where the request is complex or involves numerous records, we may extend the response time, but will inform the user of the reason for the delay.
6.7.4. Requests for data access or copies may incur a reasonable fee if they are excessive or repetitive, but users will be informed before any charges are applied.

7. Data Retention

7.1. Retention Periods for Different Types of Data

We retain user data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. The retention periods for different types of data are as follows:

7.1.1. Personal Data

7.1.1.1. Personal data, such as name, email address, and contact information, will be retained for as long as the user maintains an account with us or as required to fulfill user requests, after which it will be deleted or anonymized.

7.1.2. Financial Data

7.1.2.1. Financial information, including payment details and transaction records, will be retained for a minimum of five (5) years following the completion of the transaction, in compliance with tax and regulatory requirements.

7.1.3. Donor and Beneficiary Information

7.1.3.1. Information related to donors and beneficiaries will be retained for a period of five (5) years after the conclusion of the campaign, in accordance with legal and regulatory obligations.

7.1.4. Communication Data

7.1.4.1. Communication data, including support requests and feedback, may be retained for a period of three (3) years to ensure proper handling of inquiries and to improve service delivery.

7.2. Criteria for Determining Retention Periods

The retention periods are determined based on several criteria, including:
7.2.1. The necessity of retaining data for the purposes for which it was collected.
7.2.2. Legal and regulatory requirements that mandate retention for specific periods (e.g., tax laws, anti-money laundering regulations).
7.2.3. The potential need for data in the context of disputes, audits, or investigations, which may require longer retention periods.
7.2.4. Industry best practices and standards related to data retention.

7.3. Disposal and Deletion of Data

7.3.1. Upon expiration of the applicable retention period, we will securely dispose of or delete personal data in a manner that protects the data from unauthorized access or use.
7.3.2. Methods of data disposal include:

Permanently deleting digital files.
Shredding physical documents.
Using secure deletion methods to ensure that data cannot be recovered.

7.3.3. We may retain limited information necessary to comply with legal obligations or to resolve disputes, but such data will be separated from active user data.

7.4. Retention of Anonymized Data

7.4.1. We may retain anonymized data indefinitely for analytical, research, or statistical purposes.
7.4.2. Anonymized data is not subject to the same retention requirements as personal data, as it cannot be used to identify individual users and does not constitute personal data under applicable data protection laws.

7.5. Retention Obligations under Applicable Laws

7.5.1. We will comply with all applicable legal and regulatory requirements regarding data retention, including:

Data protection laws that mandate specific retention periods for certain types of data.
Financial regulations that require retention of transaction records for a defined period.

7.5.2. In the event of a conflict between the company’s data retention policy and applicable laws, we will prioritize compliance with legal obligations, ensuring that data is retained for the required durations.

8. Use of Cookies and Similar Technologies

8.1. Overview of Cookies and Tracking Technologies

8.1.1. We utilize cookies and similar tracking technologies to enhance user experience, analyze platform usage, and facilitate targeted advertising.
8.1.2. Cookies are small text files stored on users’ devices when they visit a website. These files enable the website to recognize the user’s device and gather information about their activity on the site.

8.2. Types of Cookies Used

We employ the following types of cookies:

8.2.1. Essential Cookies

8.2.1.1. These cookies are necessary for the functioning of the platform. They enable users to navigate the site and use its features, such as accessing secure areas.
8.2.1.2. Examples include cookies that maintain user sessions or remember items in a shopping cart.

8.2.2. Performance and Analytics Cookies

8.2.2.1. These cookies collect information about how users interact with the platform, such as pages visited, time spent on the site, and any errors encountered.
8.2.2.2. The data gathered helps us improve the functionality and performance of the website by understanding user behavior and preferences.
8.2.2.3. Examples include Google Analytics cookies, which analyze traffic and usage patterns.

8.2.3. Functionality Cookies

8.2.3.1. These cookies allow the platform to remember user preferences and choices, providing a more personalized experience.
8.2.3.2. Examples include cookies that store language preferences, user settings, and other customized features of the platform.

8.2.4. Targeting and Advertising Cookies

8.2.4.1. These cookies track user behavior across different websites and are used to deliver advertisements relevant to the user’s interests.
8.2.4.2. They may also limit the number of times a user sees an advertisement and help measure the effectiveness of advertising campaigns.
8.2.4.3. Examples include cookies from third-party advertising networks.

8.3. Managing and Disabling Cookies

8.3.1. Users have the right to manage their cookie preferences at any time. This can typically be done through the browser settings, where users can:

View and delete cookies already stored on their devices.
Block cookies from being set on their devices in the future.

8.3.2. Each browser has its own method for managing cookies, and users are encouraged to consult their browser’s help section for specific instructions.

8.4. Third-Party Cookies and Tracking

8.4.1. We may allow third-party service providers to place cookies on users’ devices to facilitate various functions, such as:

Analytics and performance tracking.
Advertising and retargeting campaigns.

8.4.2. These third-party cookies are governed by the privacy policies of the respective third parties, and we do not control their use.

8.5. Impact of Disabling Cookies on Platform Use

8.5.1. Users should be aware that disabling cookies may impact their experience on the platform.
8.5.2. Specifically, disabling essential cookies may prevent users from accessing certain functionalities, such as logging into their accounts or completing transactions.
8.5.3. Users may also find that the platform does not perform as intended, and personalized features may not function properly.

9. Third-Party Links and Services

9.1. Links to External Websites

9.1.1. The platform may contain links to external websites that are not operated by us.
9.1.2. These links are provided for users’ convenience and may lead to websites that contain content or features not endorsed by us.
9.1.3. We do not control these external websites and is not responsible for their content, privacy policies, or practices. Users are encouraged to review the privacy policies of any external websites they visit.

9.2. Third-Party Services and Integrations

9.2.1. We may incorporate third-party services and integrations to enhance its offerings, including:

Payment processing services.
Analytics tools.
Marketing and advertising services.

9.2.2. When users interact with these third-party services, they may collect personal data according to their own privacy policies, which may differ from our practices.

9.2.3. We utilize analytics tools to gather insights about user interactions with the Platform, enabling continuous improvement of services and features.

9.3. No Responsibility for External Privacy Practices

9.3.1. We are not responsible for the privacy practices of third-party websites and services.
9.3.2. Users should exercise caution and review the privacy practices and terms of use of any third parties before providing personal information or engaging with their services.
9.3.3. The inclusion of links to external websites or services does not imply endorsement by us of those entities or their practices.

9.4. Social Media Plugins and Data Sharing

9.4.1. The platform may include social media plugins or features that enable users to share content on their social media accounts.
9.4.2. These plugins may collect data about users’ interactions with the platform, including information on the pages visited and user activity.
9.4.3. Data collected through social media plugins is governed by the respective social media platforms’ privacy policies. Users are encouraged to review these policies to understand how their information may be used and shared.

9.5. External Payment Processors

9.5.1. We utilize external payment processors to handle financial transactions on the platform.
9.5.2. These payment processors may collect and store users’ payment information, including credit card details and billing addresses.
9.5.3. Users are advised to review the privacy policies of these payment processors to understand their data handling practices and how their personal information is protected.
9.5.4. We do not retain or store users’ payment information directly, and all payment processing is subject to the respective payment processors’ security measures.

10. Minors' Privacy

10.1. Age Restrictions and Parental Consent

10.1.1. We are committed to protecting the privacy of minors. The platform is not intended for use by individuals under the age of 18.
10.1.2. Users must be at least 18 years old to create an account, make donations, or participate in crowdfunding campaigns.
10.1.3. In cases where we inadvertently collect personal data from a minor, the data will be promptly deleted upon request from a parent or guardian.
10.1.4. If a parent or guardian becomes aware that their child has provided personal information without their consent, they should contact us immediately to facilitate the deletion of such information.

10.2. Special Provisions for Minors' Data

102.1. If we collect personal data from minors aged 13 to 17, it will do so only with verifiable parental consent.
10.2.2. The data collected will be limited to what is necessary for the participation in crowdfunding activities and will be used solely for that purpose.
10.2.3. We will not use, disclose, or share minors’ data for any marketing or promotional purposes without explicit parental consent.

10.3. Educational Content for Minors

10.3.1. We may provide educational resources related to crowdfunding, charitable giving, and financial literacy that are suitable for minors.
10.3.2. Such educational content will be designed to promote understanding and awareness of safe online practices, responsible financial management, and the importance of consent in sharing personal information.
10.3.3. Parents and guardians are encouraged to review educational materials and discuss online safety with their children.

10.4. Parental Controls and Monitoring

10.4.1. Parents and guardians are encouraged to utilize parental control tools and monitoring software to oversee their child’s online activities, including interactions on the platform.
10.4.2. These tools can help manage and restrict access to certain content and services on the internet, including the platform.
10.4.3. We recommend that parents actively engage with their children regarding their online activities, encouraging open communication about the importance of privacy and responsible online behavior.

11. Changes to this Privacy Policy

11.1. Procedure for Policy Updates

11.1.1. We reserve the right to modify or update this Privacy Policy at any time to reflect changes in legal requirements, business practices, or enhancements to our services.
11.1.2. Any amendments to the Privacy Policy will be reviewed and approved by the management team before becoming effective.
11.1.3. The updated Privacy Policy will be posted on the website, and the effective date will be clearly indicated at the top of the document.

11.2. Notification of Changes

11.2.1. Users will be notified of significant changes to this Privacy Policy through various means, which may include:

Prominent notices on the website or platform.
Notifications within user accounts upon login.
Users may receive notifications through the Giveza app, if applicable.

11.2.2. Users are encouraged to periodically review the Privacy Policy for any updates or changes to ensure they are aware of how their personal information is being handled.

11.3. User Acknowledgment and Acceptance of Changes

11.3.1. By continuing to use the platform after any changes to this Privacy Policy have been posted, users acknowledge and accept the revised terms.
11.3.2. If users do not agree to the updated Privacy Policy, they should discontinue use of the platform and may request the deletion of their personal data as outlined in the “User Rights and Control” section of this Privacy Policy.

11.4. Historical Versions of the Privacy Policy

11.4.1. We maintain historical versions of this Privacy Policy to provide transparency regarding changes made over time.
11.4.2. Users may request access to previous versions of the Privacy Policy by visiting this link.
11.4.3. Historical versions will be retained for a specified period in compliance with applicable laws and regulations.

12. Grievance Redressal and Contact Information

12.1. Contact Information for Privacy Concerns

12.1.1. Users who have concerns or inquiries regarding their privacy or this Privacy Policy may contact us using the form.
12.1.2. Users are encouraged to provide sufficient details regarding their concerns to facilitate a prompt response.

12.2. Grievance Redressal Mechanism

12.2.1. We have established a grievance redressal mechanism to address any privacy-related complaints or issues raised by users.
12.2.2. Upon receiving a grievance, we will:

Acknowledge receipt of the grievance within 7 days.
Conduct a thorough investigation into the matter.
Provide a response or resolution to the user within 30 days of receiving the grievance.

12.2.3. Users may also seek clarification on the status of their grievance by reaching out via the contact us form.

In cases requiring extended investigation or additional information, we will communicate the need for a delay and provide an estimated timeline for resolution.

12.3. Escalation to Data Protection Authorities

12.3.1. If users are not satisfied with the resolution provided by us or believe that their concerns have not been adequately addressed, they have the right to escalate their grievance to the higher authorities of our organization by using this contact us form.

13. Governing Law and Jurisdiction

13.1. Applicable Law

13.1.1. This Privacy Policy shall be governed by and construed in accordance with the laws of India, without regard to its conflict of laws principles.
13.1.2. The Parties agree that any matter relating to the Privacy Policy or any related terms, conditions, or agreements shall be subject to the applicable laws of India, specifically including but not limited to the Information Technology Act, 2000, and any amendments thereto.

13.2. Jurisdiction for Disputes

13.2.1. Any disputes, claims, or controversies arising out of or relating to this Privacy Policy or the use of the platform shall be subject to the exclusive jurisdiction of the courts located in Bangalore, Karnataka, India.
13.2.2. The Parties hereby irrevocably consent to the exclusive jurisdiction and venue of such courts, and agree that service of process in any such dispute may be made in accordance with applicable law.

13.3. Alternative Dispute Resolution Mechanisms

13.3.1. Prior to initiating any legal proceedings, users and Giveza agree to attempt to resolve any disputes amicably through informal negotiations.
13.3.2. If a resolution cannot be reached through informal negotiations, users may seek to resolve the dispute through alternative dispute resolution mechanisms, including mediation or arbitration, as applicable.
13.3.3. The mediation or arbitration process will be conducted in accordance with the relevant rules and procedures agreed upon by the parties involved.

14. Miscellaneous Provisions

14.1. Severability Clause

14.1.1. If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect.
14.1.2. The invalid or unenforceable provision shall be deemed modified to the extent necessary to make it valid and enforceable, preserving the intent of the original provision.

14.2. Waivers and Amendments

14.2.1. No waiver of any provision of this Privacy Policy shall be deemed a continuing waiver or a waiver of any other provision, nor shall any failure to assert a right or provision be construed as a waiver of such right or provision.
14.2.2. Any amendments or modifications to this Privacy Policy must be made in writing and signed by authorized representatives of Giveza to be effective.

14.3. Entire Agreement

14.3.1. This Privacy Policy constitutes the entire agreement between the users and Giveza regarding the subject matter herein and supersedes all prior agreements, understandings, and representations, whether written or oral, concerning the subject matter of this Privacy Policy.
14.3.2. No representations, inducements, or promises made by any party, or its agents, which are not contained in this Privacy Policy, shall be valid or binding.

14.4. Assignment and Transfer of Rights

14.4.1. We reserve the right to assign or transfer its rights and obligations under this Privacy Policy to any affiliate, subsidiary, or third party without the prior consent of users.
14.4.2. Users may not assign or transfer their rights or obligations under this Privacy Policy without the prior written consent of us.

14.5. Force Majeure

14.5.1. We shall not be liable for any failure to perform its obligations under this Privacy Policy if such failure is due to circumstances beyond its reasonable control, including but not limited to acts of God, war, terrorism, strikes, riots, civil commotion, pandemics, government actions, labor disputes, fire, flood, earthquakes, hurricanes, or any other event of a similar nature.
14.5.2. In the event of a force majeure occurrence, we shall use reasonable efforts to resume performance of its obligations as soon as practicable.

14.6. Survival of Terms

14.6.1. Any provisions of this Privacy Policy that, by their nature, should survive termination or expiration of the Privacy Policy shall so survive, including but not limited to provisions concerning limitation of liability, indemnification, and dispute resolution.
14.6.2. Users’ rights and obligations concerning the use of their personal data shall survive any termination of the relationship between the users and Giveza.

15. Verification

15.1. Verification of Identity

15.1.1. To ensure the security and integrity of personal data, we may require users to verify their identity before granting access to their personal information or processing requests related to their data.
15.1.2. Verification may include:

Requesting additional identifying information.
Using multi-factor authentication methods.
Sending confirmation emails or text messages to registered contact information.

15.2.3. These measures help protect users from unauthorized access to their personal data and ensure that requests are legitimate.