hcr Data Protection Policy

1. Introduction

Humanity Care Relief (HCR) is committed to protecting the personal data of its beneficiaries, donors, employees, volunteers, and partners in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). This policy outlines the principles and procedures HCR follows to ensure the privacy and security of personal data.

2. Scope

This policy applies to all personal data processed by HCR, including but not limited to data related to donors, beneficiaries, employees, volunteers, and partners. It covers data in all formats, including electronic and paper records.

3. Definitions

Personal Data: Any information relating to an identified or identifiable natural person.
Data Subject: The identified or identifiable person to whom the personal data relates.
Data Controller: The organization (HCR) that determines the purposes and means of processing personal data.
Data Processor: Any person or organization that processes data on behalf of the Data Controller.
Processing: Any operation performed on personal data, including collection, storage, use, and destruction.

4. Data Protection Principles

HCR adheres to the following principles as outlined by the UK GDPR:

1.
Lawfulness, Fairness, and Transparency: Personal data must be processed lawfully, fairly, and transparently.
2.
Purpose Limitation: Data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
3.
Data Minimization: Data collected must be adequate, relevant, and limited to what is necessary for the intended purpose.
4.
Accuracy: Personal data must be accurate and kept up to date. Inaccurate data must be rectified or erased without delay.
5.
Storage Limitation: Data must be kept in a form that permits the identification of data subjects for no longer than necessary.
6.
Integrity and Confidentiality: Personal data must be processed securely to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.

5. Legal Basis for Data Processing

HCR processes personal data based on one or more of the following legal grounds:

    Consent: Where explicit consent has been obtained from the data subject.
    Contractual Necessity: Where data processing is necessary for the performance of a contract.
    Legal Obligation: To comply with legal obligations.
    Vital Interests: To protect the vital interests of the data subject or another person.
    Legitimate Interests: Where processing is necessary for the legitimate interests of HCR, provided these interests are not overridden by the rights and freedoms of the data subject.

    6. Data Subject Rights

    Data subjects have the following rights under the UK GDPR:

      1.
      Right to be Informed: About the collection and use of their personal data.
      2.
      Right of Access: To obtain a copy of their personal data and information about how it is processed.
      3.
      Right to Rectification: To have inaccurate personal data corrected.
      4.
      Right to Erasure: To have personal data erased, also known as the ‘right to be forgotten.
      5.
      Right to Restrict Processing: To restrict the processing of their personal data in certain circumstances.
      6.
      Right to Data Portability: To receive their data in a commonly used format and transfer it to another controller.
      7.
      Right to Object: To object to the processing of their personal data in certain circumstances.
      8.
      Rights Related to Automated Decision Making and Profiling: Not to be subject to decisions based solely on automated processing.

      7. Data Security

      HCR implements appropriate technical and organizational measures to ensure the security of personal data. This includes:

        Access Control: Limiting access to personal data to authorized personnel only.
        Encryption: Using encryption methods to protect data during storage and transmission.
        Data Anonymization and Pseudonymisation: Where appropriate, to enhance privacy protection.
        Regular Security Assessments: Conducting regular assessments to identify and mitigate risks.
        Legitimate Interests: Where processing is necessary for the legitimate interests of HCR, provided these interests are not overridden by the rights and freedoms of the data subject.

        8. Data Breach Notification

        In the event of a data breach that poses a risk to the rights and freedoms of individuals, HCR will:

          1.
          Notify the Information Commissioner’s Office (ICO): Within 72 hours of becoming aware of the breach, if required.
          2.
          Inform Affected Data Subjects: If the breach is likely to result in a high risk to their rights and freedoms.

          9. Data Processing Agreements

          HCR will ensure that data processing agreements are in place with all third-party data processors, requiring them to comply with the UK GDPR and ensuring the security of personal data.

          10. Data Retention

          HCR will retain personal data only for as long as necessary for the purposes for which it was collected. Retention periods will be determined based on legal, regulatory, and operational requirements.

          11. Training and Awareness

          HCR will provide regular training to employees and volunteers on data protection principles and practices to ensure compliance with this policy and relevant legislation.

          12. Review and Updates

          This policy will be reviewed annually or as necessary to ensure compliance with legal and regulatory requirements. Updates will be communicated to all relevant stakeholders.

          13. Contact Information

          For questions or concerns regarding this policy or data protection at HCR, please contact:

          Data Protection Officer
          Humanity Care Relief
          Usman Dar

          Save Lives with Your Sadaqah & Zakat

          We are a UK-based international relief and development charity. Inspired by Islamic teachings of empathy, generosity, and selflessness, we focus on alleviating poverty and suffering across the world. We operate a 100% Zakat Policy, which means every single penny of your Zakat will go to the victims of poverty, wars, and natural disasters.

          Before you support our Food Appeal, Water Appeal, Gaza Emergency Appeal, Syria Emergency Appeal, Pakistan Floods Appeal, or any Emergency Appeal, remember to make the intention that you are donating for the sake of Allah first and helping your fellow Muslim brothers and sisters second. This is very important because as Muslims, whatever act of worship we do, we do it for the sake of Allah.

          Along with our emergency appeals, we are working on some amazing projects which will, Insha’Allah, bring prosperity to many Muslim homes from around the world. Donate your Sadaqah and Zakat to our projects like Build a Masjid, Livelihoods for the Poor, Sponsor a Widow, Sponsor an Orphan, Sponsor a Nikah, Donate a Sewing Machine, or help educate the Ummah by donating towards education projects, Sponsoring a Hafiz, Sponsoring a Child in Education, or supporting young people in university and Islamic education. Donate with confidence, Insha’Allah, every penny of your donation is your Amanah, and we will try our best to spend it on people who are in need.

          Every year, we as Muslims celebrate two seasons the most: one, Ramadan, and two, the first ten days of Dhul Hijjah. During these blessed days, we put all our efforts into pleasing Allah سُبْحَانَهُ وَتَعَالَى by performing good deeds. Here at HCR, we provide you with the platform to perform an important act of worship: charity. In Ramadan, you can donate to the Ramadan Food Appeal, and Ramadan Zakat Appeal, Donate Your Fidyah, Donate Your Fitrana, and Pay Your Kaffarah for Breaking Oath or Breaking Fast, especially during the blessed nights of Laylatul Qadr. In Dhul Hijjah, we are here to help fulfil your duty of performing Qurbani. Whichever cause you choose, choose it with confidence. Insha’Allah.