Privacy Policy

St. Jude India Childcare Centres (“St. Judes”, “we”, “us” and “our”) is committed to protecting the privacy and security of your personal data. This privacy policy (“Privacy Policy”) describes the policies and procedures on how your information is collected, stored, processed, used and shared. The terms “you” and “your” refer to the user(s) of St. Judes website. This Privacy Policy forms an integral part of the terms and conditions of St. Judes website available at [https://www.stjudechild.org/privacy-policy.html] and has been prepared in accordance with the provisions of the Information Technology Act, 2000 (“IT Act’) read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”) and the provisions of the General Data Protection Regulation No 2016/679 (“GDPR”).

Definitions

In this Privacy Policy, unless the context otherwise requires:

  • Personal Information” means any information relating to a natural person which, either directly or indirectly, in combination with other information available or likely to be available with us, is capable of identifying such person.
  • Sensitive Personal Data or Information” (“SPDI”) of a person means such personal information which consists of information relating to:
    • password;
    • financial information such as bank account or credit card or debit card or other payment instrument details;
    • physical, physiological and mental health condition;
    • sexual orientation;
    • medical records and history;
    • biometric information;
    • any detail relating to the above Clauses as provided to us for providing service; and
    • any of the information received under any of the above Clauses by us for processing, stored or processed under lawful contract or otherwise
    • Provided that any information that is freely available or accessible in public domain or furnished under the Right to Information Act 2005 or any other law for the time being in force will not be regarded as SPDI.

  • Reference to ‘personal information’ in this Privacy Policy shall include SPDI, wherever applicable.

Information we Collect

We collect information through our website, social media platforms (including Facebook, Instagram, YouTube and Twitter), and from other available online and offline sources. To the extent the information we collect is of a personal nature, as described below, it will be collected on a voluntary basis i.e. you have a choice to provide or withhold such personal information. You are under no obligation to provide us with any personal information while browsing our website.

However, please note that information such as IP address, browser type, mobile device type, pages visited, Media Access Control (MAC) address, screen resolution, operating system name and version, device manufacturer and model, time of visit and/or the duration of the use may be recorded automatically. Collecting browser activities or IP addresses is common practice for purposes such as calculating usage levels and helping diagnose server problems.

Cookies

A cookie is a small text file that requires your consent before it gets stored on your computer hard drive or any other device such as an iPad or a mobile phone. A cookie gets downloaded when you use the internet and does not get deleted when you close the browser window. Cookies are used for statistical analysis purposes, to track the websites you visit, how you interact with the services and tools available on that website, ensure your safety while you browse the internet, tailor advertising that suits your interests and to personalize your web browsing experience. Cookies do not contain any software or any information that could be used to identify you. We use cookies to personalise content, to provide social media features, remember user preferences and settings and to analyse our traffic. We also share information about your use of our site with our social media and analytics partners who may combine it with other information that you may have provided to them or that they may have collected from your use of their services.

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. If you do not accept cookies, you may experience some inconvenience in your use of our website and you may not be able to access some of its features.

Personal Information

Personal information we may collect from you includes:

  • Contact details that you provide to us, including your name, email address, postal address, and phone number. We may collect this information over the phone or email, during a face-to-face conversation, or through online and offline forms such as e-newsletters, surveys, donation forms and through event registration/participation (including volunteering). However, we will only collect your contact details with your consent, which we will obtain through our consent form.
  • Social media details such as [name, phone numbers, email address] provided to us through our social media pages on Facebook, Instagram, YouTube and Twitter. We will only collect basic identification details from social media platforms used by you to access our social media pages.
  • Financial information such as credit card details, net banking details, or other payment related information.* [We use third party payment gateways for processing donations.]
  • Photographs and audio-visual recordings of St. Judes events that you may attend. We will seek your consent in person prior to collecting and/or processing this information.
  • Health related information such as medical records and history, as part of physical documentation required at the time of admission of children into our centres.

Except for credit card and payment related information or unless so requested, we ask that you do not send us, and you do not disclose, any sensitive personal information (e.g., government identification numbers, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, or criminal background) on or through the website or otherwise to us.

You represent that all the information that you provide to us from time to time is and shall be correct, current and updated and that you have all the rights, permissions and consents to provide such information. Your providing the information and our consequent storage, collection, usage, transfer, access or processing of the same shall not be in violation of any third party agreement, laws, judgments, orders or decrees.

KCO Note*: Collection, use, storage, processing, transfer and disclosure of financial information (which is considered as SPDI) would require compliance with several obligations as provided under the SPDI Rules. In this regard, you may refer to our snapshot on the extant data protection laws of India, to understand the several compliance requirements.

How we use Your Data

Any information collected by us will be kept confidential. We do not, and will not, sell your information to third parties.

The information collected by us may be used for a number of purposes connected with our activities including:

  • Sending you news about St. Judes or information regarding events or fundraising activities;
  • responding to inquiries/questions/comments;
  • processing donations upon your request;
  • registering you as a donor, supporter or volunteer upon your request;
  • as part of the physical documentation required at the time of admission of children into our centres;
  • analysing usage and improving our website or social media pages; and/or
  • protecting against fraud or unauthorised transactions and managing risk exposure by identifying potential hackers or unauthorised users.

If you choose to provide us with your payment or credit card information, we will use such information strictly for the purposes for which it was provided.**

KCO Note**: Please refer to KCO Note*

Disclosures Required under Law

Beyond this, we will only share your information if we are required to do so by law. This may include disclosure under applicable law to comply with any legal process or to provide information to aid any investigation including where matters of public safety are involved or to respond to any judicial or quasi-judicial process and provide information to any statutory, legislative or governmental authorities, including laws outside your country of residence, or responding to requests from government authorities, including government authorities outside your country of residence. We fully cooperate with law enforcement agencies in identifying those who use our website for illegal activities and may, in our sole discretion, disclose information to satisfy any applicable laws, regulations, or government requests. Additionally, we reserve the right to voluntarily release any information about users who we believe are engaged in illegal activities, without any court order or summons, if we believe, in our sole discretion, that such disclosure is necessary or appropriate to operate our website or to protect our rights and/or property, or that of our directors, employees, partners, agents.

We will retain your personal information only for the period necessary to fulfil the purposes for which it has been provided, unless a longer retention period is required by law.

Sharing Your Information Outside India

We will not share your information with another entity within or outside India unless such other entity provides the same level of security as is required under law and such information transfer is necessary for the provision of services to the provider of the data. In any event, we will not transfer your information to an entity in another country unless such country is considered ‘adequate’ under the provisions of the GDPR. Even if these conditions are met, we will only share your information with your consent, unless we are required to disclose it by law.***

KCO Note***: Please note that under the SPDI Rules, it has been specified that a body corporate or any person on its behalf may transfer SPDI to any other body corporate or a person in India, or located anywhere across the globe, provided that the transferee ensures the same level of data protection that is adhered to by the body corporate as per the SPDI Rules.

Your Legal Rights

In relation to any personal information you provide to us, you have the following legal rights:

  • The right to access a copy of your information, as well as to be informed of how your information is being used.
  • The right to rectify any inaccuracies in your information.
  • The right to have your personal information erased in certain circumstances.
  • The right to have the processing of your information suspended in certain circumstances, for example if you want us to establish the accuracy of the information we are processing.
  • The right to object to the processing of your information in certain circumstances, for example if you want us to establish the legal basis on which we are processing your information.
  • The right to object to any automated decision-making about you which produces legal effects or otherwise significantly affects you.
  • The right to lodge a complaint with a supervisory authority under the IT Act read with the SPDI Rules or GDPR, as applicable.

You have the right to withdraw your consent (which you provided to process your personal information) at any time. You may withdraw your consent or exercise any of your rights in relation to your personal information by contacting our grievance officer, whose details are listed below. However, this will not affect the validity of any lawful processing of your information until the time when you withdraw your consent. Some of the rights listed above may only be exercised in certain circumstances, and where lawfully permitted, thus we reserve the right to not comply with such a request from you.

Third Party Content and Links

Our website may contain links to third-party websites, applications, or similar technology that are not associated with or over which we have no control. Any access to and use of such linked websites is not governed by this Privacy Policy, but instead, is governed by the privacy statements of those third - party websites. We are not responsible for the information practices or content of these other websites and/or applications.

Security and Protection****

We have implemented technology and policies, with the objective of protecting your information from unauthorised access and improper use, and periodically review the same.

We use internet to collect and process your information, in accordance with the provisions described in this Privacy Policy. Since the internet is a globally accessible platform, your information undergoes transmission on an international level and cannot always be completely insulated from unauthorized use and access. By accepting this Privacy Policy, you consent to our use of the internet to collect, store and transmit your information to and from our servers. In the event any or all of your information is disclosed to any user and/ or unauthorized third party for any reason whatsoever, including without limitation, by reason of an error in transmission, an act or omission committed by any person or for any other reason, St. Judes cannot be held liable or responsible in any capacity/manner whatsoever.

KCO Note****: Section 43-A of the IT Act mandates following of “reasonable security practices and procedures” in relation to SPDI. It shall be considered that a body corporate has implemented such reasonable security practices and procedures, if they implement security practices and standards and have a comprehensive documented information security programme and policies that contain managerial, technical, operational and physical security control measures that are proportionate to the information assets that the body corporate is seeking to protect. The International Standard IS/ISO/IEC 27001 relating to ‘Information Technology-Security Techniques-Information Security Management System–Requirements’ is one of the standards (“Stipulated Standard”) specified under the Rules that may be implemented by the body corporate while handling SPDI. If the body corporate follows any standard apart from the Stipulated Standard for data protection, they are required to get their codes (“Codes”) approved and notified by the Government of India. Any such standard, i.e. Stipulated Standard or Codes, implemented by the body corporate needs to be certified or audited by an independent auditor approved by the Central Government. Further, an audit has to be carried out by such an auditor at least once a year or as and when there is a significant upgradation of processes and computer resources.

Policy Changes

We may occasionally modify and/or update this Privacy Policy and such changes will be posted on this page. If we make any significant changes to this Privacy Policy, we will endeavour to provide you with reasonable notice of such changes, such as via prominent notice on our website or to your email address on record, and where required by applicable law, we will obtain your consent. To the extent permitted under the applicable law, your continued use of our website after we publish or send a notice about our changes to this Privacy Policy shall constitute your consent to the updated Policy.

Automated Decision-Making

We do not envisage that any decisions will be taken about you based solely on automated means. We will notify you in writing if this changes.

Change or Updating Your Data

Should you wish to change, update, modify or correct your information in any way, you may write to us. We endeavour to ensure protection of your information at all times and may require you to furnish additional proof of identity such as a government issued identity card in order to make any changes.

Contact Us

If you have any questions, concerns, or suggestions regarding this Privacy Policy or our practices, you may contact us online, call us at +9122 66663152 or send us an email to contact@stjudechild.org, or write to us at:

St. Jude India ChildCare Centres,
Cotton Green Campus,
Ground Floor, Mumbai Port Trust Colony,
ABC Colony (Rajas Nagar),
Zakaria Bunder Road,
Sewri, Mumbai 400015.

Grievance Redressal*****

Any discrepancies and grievances with respect to processing of your personal information shall be informed to the designated grievance officer as mentioned below:

Name: [Malvika Sah]

Designation: [Communications Manager]

Email ID: [malvika.sah@stjudechild.org]

Last updated: [11 September, 2020]

KCO Note*****: The SPDI Rules provide that a body corporate must address grievances of the information provider within a specified time. For this, the body corporate is required appoint a Grievance Officer to address such grievance within a period of 1 (one) month from receipt of the grievance.