Privacy Policy of the Foundation for Equal Citizenship (FFEC)

Last Updated: July 23, 2025

I. Our Commitment to Your Privacy

The Foundation for Equal Citizenship (FFEC) is a nonprofit organization dedicated to empowering marginalized communities to build dignified and equitable lives. Our work is built on a foundation of trust with the communities we serve, our dedicated donors, our partners, and our volunteers. This Privacy Policy reflects our fundamental commitment to upholding that trust by handling all personal information with the utmost care, transparency, and respect for individual privacy.

We recognize that data privacy is not merely a matter of legal compliance but an essential component of the dignity and equity we strive to foster. For the individuals and communities we partner with, protecting personal data is a matter of safety, security, and empowerment.1 This policy, therefore, serves as our public pledge to protect the information you share with us, aligning our data practices with our core values. We are committed to collecting only what is necessary, using it responsibly, and safeguarding it with robust security measures, in full accordance with the laws of both the United States and India, where we are registered and operate.3

II. Definitions

To ensure this policy is clear and unambiguous for all our stakeholders, the following terms carry specific meanings derived from applicable legal frameworks, including India’s Digital Personal Data Protection Act, 2023 (DPDPA).

Personal Data: Any data about an individual who is identifiable by or in relation to such data. This includes information that can identify you directly (like your name or email address) or indirectly (like your IP address or donation history). In line with the DPDPA, this policy primarily governs digital personal data, which includes data collected in digital form or collected in a non-digital form and subsequently digitized.5 Examples include, but are not limited to, names, email addresses, phone numbers, financial information, and information related to health, education, or socioeconomic status.7
Data Fiduciary: The entity that, alone or in conjunction with others, determines the purposes and means of the processing of personal data. For the purposes of this policy, the Foundation for Equal Citizenship (FFEC), including its U.S. and Indian entities, is the Data Fiduciary.9
Data Principal: The individual to whom the personal data relates. This includes our donors, program participants, volunteers, staff, and website visitors. This is the term used in the DPDPA and is equivalent to “Data Subject” in other legal frameworks.9
Processing: Any operation or set of operations performed on personal data, including its collection, recording, organization, structuring, storage, adaptation, use, disclosure, dissemination, alignment, restriction, erasure, or destruction.
Consent: Any freely given, specific, informed, unconditional, and unambiguous indication of the Data Principal’s wishes by which they, through a clear affirmative action, signify agreement to the processing of their personal data for a specified purpose.6
Data Processor: Any person who processes personal data on behalf of a Data Fiduciary.9 This includes third-party service providers we engage for functions like payment processing or email distribution.

III. Applicability of This Policy

This Privacy Policy applies to all individuals whose Personal Data FFEC processes, regardless of their location or relationship with us. This includes, but is not limited to:

Donors and Supporters: Individuals and entities who provide financial or in-kind support to our mission.
Program Participants and Beneficiaries: Individuals, families, and communities in India who engage with, participate in, or benefit from our programs in education, healthcare, and livelihoods.
Volunteers, Staff, and Board Members: Individuals who contribute their time, skills, or expertise to FFEC, whether in a paid or unpaid capacity.
Website and Digital Platform Users: Any individual who visits our website(s), uses our mobile applications (if any), interacts with our official social media pages, or communicates with us electronically.

This policy covers Personal Data collected through all our channels, including our website, email communications, social media, and any mobile applications. It also applies to Personal Data collected offline, for example, at events or through paper-based forms, that is subsequently digitized and processed by FFEC.5 This policy does not apply to websites or services operated by third parties that may be linked from our website.

IV. The Personal Data We Collect and Why

FFEC is committed to the principle of data minimization, meaning we only collect Personal Data that is necessary to fulfill our mission, operate our programs effectively, and communicate with our stakeholders.3 We collect information in two primary ways: data you voluntarily provide and data collected automatically through technology.

A. Data You Voluntarily Provide

When you interact with us, you may choose to provide us with Personal Data. This includes:

Donation Information: When you make a donation, we collect information necessary to process the transaction, such as your name, billing address, email address, and phone number. Your full payment card or bank account information is collected and processed by our secure, third-party payment processors. FFEC does not store your complete credit card number or financial account details on our servers.12
Communication Information: If you sign up for our newsletters, event invitations, or other updates, we collect your name and email address to send you these communications.13
Program and Volunteer Information: Individuals applying to volunteer or participate in our programs may be asked to provide their name, contact details, demographic information (such as age and gender), skills, and other information relevant to the specific program or role. For certain programs, this may include sensitive information related to health, education, or socioeconomic status, which is handled with the highest level of care as detailed in Section X of this policy.16
Inquiry Information: When you contact us via email or a contact form on our website, we collect the information you provide to respond to your query.

B. Data We Collect Automatically Through Technology

When you visit our website or interact with our digital platforms, we may automatically collect certain technical information to ensure our site functions correctly, to maintain security, and to improve your experience. This includes:

Usage Data: Your Internet Protocol (IP) address, browser type and version, device characteristics, operating system, the pages of our site that you visit, the time and date of your visit, the time spent on those pages, and the referring URLs.19
Location Data: We may derive your general geographic location (e.g., country or city) from your IP address to understand our audience better. We will not collect precise geolocation data from your mobile device without your explicit, opt-in consent.19
Cookies and Tracking Technologies: We use cookies and similar technologies to help our website function, analyze performance, and personalize your experience. A detailed explanation of our use of these technologies is provided in Section IX.

C. Table 1: Summary of Data Processing Activities

To ensure maximum transparency, the following table summarizes our main data processing activities, the types of data involved, the purpose of processing, and the legal basis we rely upon under applicable laws.10

Category of Data Subject	Types of Personal Data Collected	Primary Purpose of Processing	Legal Basis (under DPDPA & other applicable laws)
Donors	Name, contact information (email, address, phone), payment information (processed by a third party), donation amount and history, communication preferences.	To process donations, issue tax-deductible receipts, send acknowledgments and thank-you letters, provide updates on our work, conduct internal analysis, and comply with financial regulations.	Consent (for ongoing communications); Performance of Contract (to process the donation transaction); Legitimate Uses (for sending acknowledgments and conducting internal analysis); Legal Obligation (for tax and financial record-keeping).
Program Participants	Name, contact information, demographic data (age, gender), and where necessary and with explicit consent, sensitive data related to health, education, or livelihood status.	To deliver program services effectively, assess eligibility, monitor and evaluate program impact, ensure participant safety, and provide anonymized reports to funders on program outcomes.	Explicit Consent (especially for sensitive data and data from minors); Performance of a Service (to provide the requested program benefits).
Volunteers & Staff	Name, contact information, resume/CV, skills, references, and where required, background check information.	To manage the application and selection process, administer volunteer and employment roles, facilitate communication, and fulfill HR and legal obligations.	Performance of Contract (volunteer or employment agreement); Legal Obligation (for employment and tax law compliance).
Website Visitors	IP address, browser and device information, usage data (pages visited, time on site), cookie data.	To operate and secure our website, analyze website traffic to improve user experience and content, and remember user preferences.	Consent (for all non-essential cookies); Legitimate Uses (for website security and essential functionality).

V. Our Legal Basis for Processing Your Data

We are committed to processing your Personal Data lawfully, fairly, and transparently. Our legal basis for processing your data depends on the specific context and purpose of the collection. To ensure compliance across both the United States and India, we adhere to the high standards set by India’s DPDPA, making consent our cornerstone principle.23

Our primary legal bases for processing are:

Consent: We will rely on your explicit consent as our primary legal basis for many of our data processing activities. This includes sending you marketing and fundraising communications, placing non-essential cookies on your device, and, most importantly, collecting any sensitive Personal Data from our program participants. In line with the DPDPA, consent must be freely given, specific, informed, and unambiguous. You have the right to withdraw your consent at any time, and we will make it easy for you to do so.9
Performance of a Contract or Service: We may process your Personal Data when it is necessary to fulfill our obligations under a contract with you or to provide a service you have requested. This includes processing a donation you have made, managing your employment or volunteer agreement with us, or delivering specific program benefits to a participant.12
Legitimate Uses (DPDPA) / Legitimate Interests: We may process Personal Data for certain legitimate purposes that are reasonably expected by you and do not override your fundamental rights and interests. This legal basis is used narrowly and thoughtfully. Examples include:

Sending a transactional communication, such as a thank-you note and tax receipt after a donation.
Conducting internal analysis of our programs and fundraising efforts using aggregated or anonymized data to improve our effectiveness.
Implementing security measures to protect our website, network, and data from threats.
We will not rely on this basis to send marketing communications without your prior consent.6

Legal Obligation: We may be required to process your Personal Data to comply with applicable laws and regulations in the United States or India. This includes maintaining financial records for tax audits as required by the IRS or other legal authorities, or responding to lawful requests from law enforcement.24

By establishing a unified policy that defaults to the stricter, consent-focused standards of the DPDPA, we ensure a high level of protection for all Data Principals and simplify our internal compliance processes across both our U.S. and Indian operations.

VI. How We Share and Disclose Information

Your trust is paramount, and we are committed to being responsible stewards of your information. Our policies on data sharing are designed to protect your privacy while enabling us to carry out our mission effectively.

A. Our Commitment: No Sale or Trade of Personal Data

FFEC will never sell, rent, trade, or lease your Personal Data to any third party for their marketing or fundraising purposes. This is a core tenet of our commitment to our donors, volunteers, and program participants.4

B. Service Providers and Partners

We engage trusted third-party service providers (Data Processors) to perform essential functions on our behalf. These services may include payment processing, email distribution, website hosting, and data analytics. We only share the Personal Data necessary for these providers to perform their designated functions. We conduct due diligence on our vendors and require them, through legally binding contracts, to maintain the confidentiality and security of the data they process for us, to use it only for the purposes for which we have engaged them, and to adhere to data protection standards consistent with this Privacy Policy.1

C. Designated Donations

In cases where a donor makes a contribution specifically designated for one of our local partner organizations in India, we may share the donor’s name and contact information with that specific partner for the purpose of acknowledgment and reporting. We will only do so with the donor’s knowledge and will always provide the option for the donor to remain anonymous, in which case no information will be shared.28

D. Legal and Compliance-Related Disclosures

We may be required to disclose your Personal Data if compelled to do so by law, such as in response to a subpoena, court order, or other valid legal process from a government or law enforcement authority with jurisdiction in either the United States or India. We will only disclose information that is legally required and will seek to protect your privacy to the extent permitted by law.12

E. Business Transfers

In the unlikely event that FFEC undergoes a merger, acquisition, or sale of assets, your Personal Data may be among the assets transferred. Should this occur, we will provide you with prior notice and inform you of any changes to the applicability of this Privacy Policy.19

VII. Data Security, Retention, and International Transfers

We take our responsibility to protect your Personal Data very seriously. We have implemented a framework of technical and organizational measures designed to prevent unauthorized access, use, alteration, or disclosure of your information.

A. Our Security Measures

Our approach to data security is multi-layered and includes the following practices:

Encryption: We use industry-standard encryption technologies to protect your data. Data is encrypted in transit using Secure Sockets Layer (SSL)/Transport Layer Security (TLS) when you interact with our website. Sensitive Personal Data stored in our databases is also encrypted at rest.9
Access Controls: Access to Personal Data within FFEC is strictly limited on a “need-to-know” basis. Staff and volunteers are only granted access to the data necessary to perform their job functions. We use role-based access controls to enforce this principle.9
Secure Vendor Management: We exclusively use payment processors that are compliant with the Payment Card Industry Data Security Standard (PCI-DSS). We also assess the security and privacy practices of all our key third-party service providers.14
Staff Training: We provide regular and mandatory training for all our staff and volunteers on data privacy principles, security best practices, and their responsibilities under this policy. This training covers topics such as recognizing phishing attempts and securely handling sensitive information.3
Incident Response Plan: FFEC maintains a data breach response plan to ensure we can respond swiftly and effectively to any security incident. In the event of a data breach, we will follow our plan, which includes notifying the Data Protection Board of India and affected Data Principals as required by the DPDPA, as well as any applicable authorities in the U.S..5

B. How Long We Keep Your Information (Data Retention)

We adhere to the principle of storage limitation, meaning we retain Personal Data only for as long as it is necessary to fulfill the purposes for which it was collected, or as required by applicable laws and our internal policies.5

Financial and Donor Records: In compliance with IRS regulations in the U.S. and other legal requirements, we retain records of donations and financial transactions for a minimum of seven years.25
Program Participant Data: Data related to program participants is retained for the duration of their involvement in the program and for a defined period thereafter, which is necessary for program evaluation, impact reporting, and compliance with grant agreements. After this period, the data is securely deleted or fully anonymized.9
Communication Lists: If you subscribe to our newsletters, we will retain your contact information until you choose to unsubscribe, at which point it will be promptly removed from our active mailing lists.
Other Data: All other Personal Data is reviewed periodically and securely deleted once it is no longer needed for its stated purpose.

C. International Transfer of Data

As an organization with legal entities and operations in both the United States and India, the transfer of Personal Data between these two countries is necessary for our administrative, programmatic, and fundraising activities.

We are committed to ensuring that all international data transfers are conducted in full compliance with applicable laws, particularly India’s DPDPA.37 When we transfer Personal Data from India to the United States, or vice versa, we ensure that the data receives a level of protection that is equivalent to the standards outlined in this policy. This is achieved through legally binding agreements and data protection clauses between our U.S. and Indian entities.

Your consent to this Privacy Policy, followed by your submission of Personal Data, represents your agreement to such transfers.20 We will not transfer Personal Data to any country that is restricted for transfer by the Government of India.

VIII. Your Privacy Rights and Choices

FFEC is committed to ensuring you have control over your Personal Data. We recognize and uphold the privacy rights granted to individuals under the laws of the jurisdictions in which we operate.

A. Your General Rights (Applicable to All)

Regardless of your location, you have the following rights:

Right to Opt-Out of Communications: You may unsubscribe from our marketing and fundraising email lists at any time by clicking the “unsubscribe” link provided at the bottom of every email we send.12
Right to Control Cookies: You have the right to manage your cookie preferences through our website’s consent banner and your browser settings, as detailed in Section IX.
Right to Anonymity: When making a donation, you have the right to request that your gift be recognized anonymously.

B. Specific Rights for Individuals in India (under the DPDPA)

If you are a Data Principal in India, you are entitled to the following rights under the Digital Personal Data Protection Act, 2023:

Right to Access Information: You have the right to request and receive a summary of the Personal Data we hold about you and the processing activities we undertake.5
Right to Correction and Erasure: You have the right to request the correction of inaccurate or incomplete Personal Data and the erasure of your Personal Data that is no longer necessary for the purpose for which it was processed.5
Right to Grievance Redressal: You have the right to a readily available and effective mechanism for grievance redressal. You can lodge a complaint with us directly, and if you are not satisfied with the resolution, you have the right to file a complaint with the Data Protection Board of India.9
Right to Nominate: You have the unique right to nominate another individual who can exercise these rights on your behalf in the event of your death or incapacity.39

C. Specific Rights for Residents of Certain U.S. States

The United States has a patchwork of state-level privacy laws. While many of these laws, such as the California Consumer Privacy Act (CCPA), provide exemptions for nonprofit organizations, FFEC is committed to upholding a high standard of privacy for all its stakeholders.40

As a matter of good practice and to harmonize our policies globally, FFEC will honor requests from U.S. residents to access or delete their Personal Data to the extent that it is reasonable and feasible to do so. Should our activities ever fall within the scope of a specific state law (for example, through a joint venture with a for-profit entity), we will ensure full compliance with all its requirements.41

D. How to Exercise Your Rights

To exercise any of the rights described above, or if you have any questions or concerns about your privacy, please contact us using the information provided in Section XIII. We will respond to your request in a timely manner and in accordance with applicable law. We may need to verify your identity before processing your request to protect your information from unauthorized access.

IX. Our Use of Cookies and Other Tracking Technologies

To enhance your experience on our website and to gather information about its usage, we use cookies and similar tracking technologies. This section explains what these technologies are and how we use them.

A. What Are Cookies?

Cookies are small text files that are placed on your computer or mobile device when you visit a website. They are widely used to make websites work more efficiently, as well as to provide information to the site owners.

Session Cookies: These are temporary cookies that expire when you close your browser.24
Persistent Cookies: These remain on your device for a set period or until you delete them.24
First-party Cookies: These are set by our website directly.
Third-party Cookies: These are set by a domain other than our website, such as our analytics or advertising partners.42

B. How We Use Cookies

We categorize the cookies we use as follows:

Strictly Necessary Cookies: These cookies are essential for you to browse the website and use its features, such as accessing secure areas or processing donations. These cookies do not require your consent.
Functional Cookies: These cookies allow our website to remember choices you make (such as your language preference) to provide a more personalized experience.24
Performance and Analytics Cookies: These cookies collect information about how you use our website, such as which pages you visit most often. This helps us analyze data about web page traffic and improve our website to better meet user needs. We use services like Google Analytics for this purpose. All data collected is aggregated and anonymized where possible.13
Marketing and Targeting Cookies: These cookies may be used to track the effectiveness of our outreach campaigns or to connect with you on other platforms like social media. We will be transparent about their use and will only deploy them with your explicit consent.19

C. Your Choices and Consent

We respect your right to privacy. For all cookies that are not “Strictly Necessary,” we will obtain your explicit, opt-in consent before placing them on your device. When you first visit our website, you will be presented with a cookie consent banner that allows you to:

Accept all cookies.
Reject all non-essential cookies.
Customize your preferences for each category of cookie.

You can also control and manage cookies through your web browser’s settings. Please note that if you choose to block or delete cookies, some parts of our website may not function properly.11

D. Commitment to Privacy-Respecting Technology

FFEC is committed to leveraging technology in a way that respects user privacy. We will periodically review our use of analytics and other third-party tools and will seek to adopt more privacy-preserving alternatives as they become available and viable for our organization.11

X. Protecting the Privacy of Children and Program Participants

FFEC has a special duty of care when processing the Personal Data of children and the sensitive information of our program participants. This section outlines our heightened commitments in these areas.

A. Data from Children

We are committed to protecting the privacy of children. Our policies are designed to comply with India’s DPDPA, which defines a child as an individual under 18 years of age, and the U.S. Children’s Online Privacy Protection Act (COPPA), which applies to children under 13.

General Policy: Our website, marketing, and fundraising activities are not directed at children, and we do not knowingly collect Personal Data from children for these purposes.
Program-Related Data: We recognize that our education and community programs in India may involve the processing of Personal Data from children (individuals under 18). In such cases, we will:

Obtain verifiable consent from a parent or legal guardian before collecting any Personal Data from a child.9
Ensure that the processing of such data is done in a manner that is verifiably safe and not detrimental to the well-being of the child.
Limit the collection of data to only what is necessary for the child’s participation in the program.

B. Data from Program Participants (Beneficiaries)

We understand that the Personal Data we collect from the communities we serve in India can be highly sensitive. We are committed to an ethical approach that goes beyond mere legal compliance.

Informed Consent Plus: When collecting data from program participants, we are committed to a process of “Informed Consent Plus.” This means we will not only obtain consent but will ensure the process is culturally appropriate, accessible (using clear and simple language, potentially in local dialects), and transparent. We will clearly explain why the data is being collected, how it will be used to benefit the participant and the program, and what their rights are.2
Strict Purpose Limitation and Data Segregation: Personal Data collected from program participants for the purpose of service delivery is strictly firewalled from our fundraising and marketing databases. This data will only be used for program administration, monitoring and evaluation, and impact assessment. It will never be used to solicit donations from beneficiaries.
Anonymization for Reporting: When we report on our program outcomes to funders, partners, or the public, we will always use aggregated and anonymized data. We will take rigorous steps to ensure that no individual can be identified from the reports we publish, thereby protecting the privacy and dignity of the people we serve.1

XI. Links to External Websites

Our website may contain links to other websites that are not operated by FFEC. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.13

XII. Updates to This Privacy Policy

The landscape of data privacy law is constantly evolving. FFEC reserves the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page, and we will update the “Last Updated” date at the top of the policy. For material changes, we will provide a more prominent notice, such as through a notification on our website or via email to our subscribers. Your continued use of our services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised policy.13

XIII. How to Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, or if you wish to exercise any of your privacy rights, please contact our designated Data Protection Officer.

To ensure compliance with the DPDPA, which may require a Data Protection Officer to be based in India for certain entities, and to provide accessible points of contact for all our stakeholders, please direct your inquiries to:

Email (for all privacy-related matters):

privacy@ffec.org

Mailing Address (United States):

Foundation for Equal Citizenship

United States

Mailing Address (India):