Data Protection Policy
1. Introduction
CARRY is committed to protecting the confidentiality, integrity, and availability of all data collected and processed throughout its charitable and educational initiatives. This policy outlines our commitment to safeguarding data in accordance with relevant data protection laws and regulations.
2. Scope
This policy applies to all employees, volunteers, contractors, and third parties handling or accessing CARRY's data.
​
3. Data Collection and Use
-
Data is collected transparently and lawfully for specific and legitimate purposes.
-
Individuals are informed about the purposes of data collection and their rights regarding their personal information.
-
Only relevant and necessary data for CARRY's initiatives is collected, ensuring its accuracy and currency.
4. Data Security Measures
-
Technical and organizational measures are in place to protect data from unauthorized access, alteration, disclosure, or destruction.
-
Access controls and encryption methods are implemented to safeguard sensitive data.
-
Regular assessments and audits are conducted to identify and address potential vulnerabilities.
​
5. Data Retention and Disposal
-
Data is retained only for the duration necessary to fulfill its intended purpose.
-
Secure procedures for data disposal ensure the permanent deletion or anonymization of data that is no longer needed.
​
6. Data Sharing and Third Parties
-
Data sharing with third parties is limited to necessary instances and conducted in compliance with data protection laws.
-
Contracts and agreements with third parties incorporate data protection and confidentiality clauses.
7. Training and Awareness
-
All personnel receive training on CARRY's data protection policies, procedures, and responsibilities.
-
Ongoing awareness initiatives promote a culture of data protection across the organization.
8. Compliance and Accountability
-
CARRY appoints a designated data protection officer responsible for ensuring compliance with this policy and relevant regulations.
-
Regular policy reviews and updates are conducted to align with changing legal requirements and best practices.
​
9. Reporting and Incident Response
-
Procedures for reporting data breaches or incidents are in place, enabling prompt action to mitigate risks and comply with legal obligations.
​
10. Review and Revision
This policy undergoes periodic review to ensure its effectiveness and alignment with evolving operational practices and regulations.
​