Privacy and Data Protection Policy

Introduction

Your Way Inc, is committed to safeguarding the privacy and personal data of all individuals we interact with, including children, families, donors, employees, volunteers, and other stakeholders. This policy outlines our practices regarding the collection, use, storage, and protection of personal data in compliance with applicable data protection laws.

Policy Statement

Your Way Inc, is dedicated to ensuring that personal data is handled responsibly and securely. We value the trust placed in us and are committed to protecting the privacy of all personal information we collect and process.

Scope

This policy applies to all personal data collected, processed, and stored by Your Way Inc., including data related to children, parents or guardians, donors, employees, volunteers, partners, and other stakeholders. It covers all aspects of our operations, including service delivery, fundraising, marketing, and administration.

Data Collection

We collect personal data only for specific, explicit, and legitimate purposes. The types of personal data we may collect include, but are not limited to:

  • Children and Families: Names, dates of birth, contact details, health information, educational information, and other relevant details necessary for service delivery.
  • Donors: Names, contact details, donation history, and payment information.
  • Employees and Volunteers: Names, contact details, employment history, background checks, and other relevant details necessary for human resource management.
  • Partners and Stakeholders: Names, contact details, and relevant organizational information.

Data Use

Personal data is used for the following purposes:

  • Service Delivery: To provide appropriate services and support to children and families.
  • Fundraising and Marketing: To communicate with donors, manage donations, and promote our activities.
  • Human Resources: To manage recruitment, employment, and volunteer activities.
  • Administration: To maintain organizational records and comply with legal obligations.

Data Protection Principles

We adhere to the following data protection principles:

  1. Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and transparently.
  2. Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  3. Data Minimization: Data collection is limited to what is necessary for the purposes for which it is processed.
  4. Accuracy: Personal data is accurate and, where necessary, kept up to date.
  5. Storage Limitation: Personal data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which it is processed.
  6. Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Data Security

We implement appropriate technical and organizational measures to ensure the security of personal data, including:

  • Access Controls: Restricting access to personal data to authorized personnel only.
  • Encryption: Using encryption to protect sensitive information.
  • Regular Audits: Conducting regular audits to ensure data security measures are effective.
  • Training: Providing training to employees and volunteers on data protection best practices.

Data Sharing

We may share personal data with third parties only when necessary and with appropriate safeguards in place, including:

  • Service Providers: Sharing data with third-party service providers who assist us in delivering our services, under strict confidentiality agreements.
  • Legal Obligations: Disclosing data when required by law or to protect the rights, property, or safety of YourWay Inc. or others.
  • Consent: Sharing data with third parties with the explicit consent of the data subject.

Data Subject Rights

Individuals have the following rights regarding their personal data:

  • Access: The right to request access to their personal data.
  • Rectification: The right to request correction of inaccurate or incomplete data.
  • Erasure: The right to request the deletion of their personal data, where applicable.
  • Restriction: The right to request the restriction of data processing under certain conditions.
  • Data Portability: The right to receive their personal data in a structured, commonly used, and machine-readable format.
  • Objection: The right to object to the processing of their personal data under certain conditions.

Data Breach Response

In the event of a data breach, we will:

  • Notification: Notify affected individuals and relevant authorities as required by law.
  • Investigation: Conduct a thorough investigation to determine the cause and extent of the breach.
  • Mitigation: Implement measures to mitigate the impact and prevent future breaches.

Review and Updates

This policy will be reviewed annually and updated as necessary to reflect changes in legislation, organizational practices, and technological advancements.