Privacy Policy

Last Updated: 27/02/2026

01. Purpose and scope

This Privacy Policy explains how we collect, use, share, store, and protect digital personal data of individuals in India—such as students/learners, educators, school partners, beneficiaries, donors, volunteers, job applicants, staff, and website/app visitors (collectively, “Data Principals”). It applies whenever we process digital personal data in India or data that was initially collected offline but later digitized.

We act as a Data Fiduciary when we determine the purposes and means of processing personal data. (Vendors who process on our behalf are Data Processors.)

 

02. Key legal framework and principles

Our processing follows India’s Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025 (collectively, the “DPDP framework”). The framework emphasizes transparency, purpose limitation, consent, security safeguards, Data Principal rights, breach notifications, grievance handling, and accountability.

 

03. Donation and payment security

Your financial information is processed securely using encrypted payment gateways. TryfactaEDU Global Foundation does not store or have access to your credit/debit card details. All transactions are handled through trusted, PCI-compliant payment processors to ensure your safety.

 

04. What personal data we collect

Depending on your relationship with us and the programs you engage with, we may collect:

    • Identity and contact data: name, age, gender, photo, address, email, phone, government‑issued ID where legally necessary (e.g., to meet KYC or grant requirements).

    • Education and program data: school/organization, class/grade, attendance, learning assessments, training participation, certifications, mentoring logs.

    • Donor/volunteer data: donation history, PAN (where legally required), communication preferences, volunteer skills/hours.

    • HR/recruitment data: CV/resume details, qualifications, interview notes, background checks as permitted by law.

    • Device/usage data: IP address, device identifiers, browser/app telemetry, cookies or similar technologies for security and analytics.

  • Sensitive categories (only if needed and with enhanced safeguards): limited health/disability details to enable program accessibility or safety; financial data for reimbursements/scholarships; biometric data only if explicitly required for identity verification and permitted by law.
 

05. Why we process personal data (purposes)

We process data for the following specific purposes:

    1. Program delivery to beneficiaries and educators: enrollment, learning support, assessments, certifications, mentorship, impact measurement.
    2. Donor and partner engagement: receipting, statutory compliance, stewardship, and impact reporting (in de‑identified or aggregated form where possible).
    3. Volunteer management: onboarding, scheduling, compliance, feedback.
    4. Operations and security: fraud prevention, information security, service continuity, and quality improvement.
    5. Legal and regulatory compliance: responding to lawful requests, audits, record‑keeping obligations.
    6. Hiring and HR administration: recruitment, payroll, benefits, performance, grievance redressal.

  • Communications and consented outreach: program updates, training invites, newsletters—only with your consent or as permitted by the DPDP framework.
 

06. Lawful basis: consent and legitimate uses

    • Consent: Where required, we seek free, specific, informed, and unambiguous consent tied to the stated purpose(s), with a clear ability to withdraw at any time. We avoid bundled/blanket consent.

    • Legitimate uses permitted by law: In limited situations defined by the DPDP Act (e.g., compliance with legal obligations, emergencies, or certain State functions), we may process without consent, while still upholding transparency and safeguards.

If our purpose materially changes, we will provide a new notice and seek fresh consent before processing for the new purpose.

 

07. Children’s data and persons with disabilities

For children (as defined under Indian law) and persons with disabilities who require guardian support, we obtain verifiable consent from a parent or lawful guardian and provide age‑appropriate, accessible notices and controls.

 

08. Sharing and disclosures

We may share personal data, strictly on a need‑to‑know basis, with:

    • Data Processors (IT vendors, learning platforms, analytics, secure cloud providers) under written contracts containing DPDP‑compliant obligations.

    • Partners/Schools/Government bodies where necessary for program execution, reporting, or lawful requirements.

    • Professional advisers and auditors for compliance and governance.

    • Authorities when required by applicable law or to protect vital interests.

We do not sell personal data.

 

09. Data retention

We retain personal data only for as long as necessary to fulfill the stated purposes or to meet legal/regulatory obligations, whichever is longer. Once no longer required, data will be securely erased or anonymized per our retention schedule. Purpose‑based retention is a core DPDP principle.

 

10. Security safeguards

We implement reasonable security practices and procedures—administrative, technical, and physical controls—appropriate to the nature of data and risks (e.g., access controls, encryption in transit/at rest where feasible, logging/monitoring, secure development and change management, backups, and vendor due diligence).

 

11. Personal data breaches

If a personal data breach is likely to cause harm, we will notify the Data Protection Board of India and affected individuals within 72 hours of becoming aware, and take remedial measures, as required under the DPDP Rules. We also maintain an incident response process and logs for auditability.

 

12. Your rights

Under the DPDP framework, you have the right to:

    1. Access information about what personal data we process and for what purposes.
    2. Correction and erasure of inaccurate or unnecessary personal data (subject to legal retention requirements).
    3. Grievance redressal through our designated channel(s).
    4. Nominate an individual to exercise rights on your behalf in case of incapacity or death.

To exercise these rights, contact us at info@tryfactaedugf.org. We will respond within timelines prescribed under applicable rules and our internal policy.

 

13. Cookies and similar technologies

Our websites/apps may use cookies or similar tools for security, session management, and analytics. Where legally required, we will obtain consent and provide controls to manage preferences.

 

14. Changes to this policy

We may update this policy to reflect legal, operational, or programmatic changes. Material updates will be communicated through our usual channels (website notice, email, or in‑app). The “Last Updated” date will indicate the latest revision.

 

15. Contact Us

If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us:

Email: info@tryfactaedugf.org

Phone: +91 77430 63088