Preamble
This section describes the confidentiality, privacy, and information handling principles of the Foundation.
This Privacy Policy applies solely to information collected through the Foundation's official website, forms, and communication channels. It does not apply to third-party websites, external platforms, or services linked to or referenced by the Foundation.
The Foundation only collects personal information knowingly and voluntarily provided by individuals.
While the Foundation seeks to apply reasonable safeguards and organizational care in handling submitted information, users must understand that absolute confidentiality or complete protection of submitted information cannot be guaranteed. The Foundation may be the subject of persistent hostile cyber activity, malicious interference, unauthorized access attempts, and other security threats beyond its reasonable control.
Individuals should therefore exercise judgment and discretion in the type and amount of personal information they choose to submit.
By accessing, viewing, using the Foundation's website, or submitting any information through our forms or channels, you acknowledge and accept these risks and consent to the collection, storage, and processing of information in accordance with this Policy.
General Information
For purposes of this Policy:
- Personal data means any information relating to an identified or identifiable person.
- Processing includes collection, storage, organization, review, use, transmission where necessary, retention, and deletion of personal information.
- Data controller is the Derafsh Kaviani Foundation.
- Data processors may include internal team members, volunteers, contractors, payment processors, communication platforms, and operational service providers assisting the Foundation.
Personal Data We May Collect
Depending on your interaction with the Foundation, we may collect:
Membership Applications
- Name
- Preferred alias or public-facing name (if submitted)
- Country / city of residence
- Email address
- Phone number or messaging handle
- Professional background
- Skills / area of expertise
- Interests in participation
- Notes voluntarily submitted
Donations and Support
- Name (where voluntarily provided)
- Email address
- General transaction records
- Donation history
Anonymous donations may be accepted, subject to technical and legal limitations of payment channels.
Important: The Foundation does not directly process or store full payment card details when payments are made through third-party payment processors. Sensitive payment credentials such as card numbers, expiry dates, and security codes are generally handled directly by regulated payment providers such as Stripe under their own privacy and security standards.
Purpose of Processing
Information may be used for:
- Membership administration
- Volunteer coordination
- Reviewing project proposals
- Communication with supporters
- Newsletter distribution
- Operational announcements
- Processing donations
- Recordkeeping and accountability
- Organizational development
- Legal and administrative obligations
The Foundation does not sell personal data.
Disclosure to Third Parties
Information may be shared where reasonably necessary with:
- Authorized internal personnel
- Contractors assisting operations
- Payment processors
- Email/newsletter service providers
- Technical service providers
- Professional advisors
- Partner organizations involved in legitimate collaborative work
- Authorities where legally required
Third parties engaged by the Foundation are expected to maintain appropriate safeguards, but the Foundation cannot guarantee the conduct or security practices of external providers.
Data Retention
Information is retained for as long as reasonably necessary for operational, legal, administrative, or organizational purposes.
Information may be archived, anonymized, or deleted when no longer reasonably required.
Security Awareness and Operational Discretion
Individuals engaging with the Foundation should understand that organizations operating in politically sensitive environments may face surveillance attempts, hostile cyber activity, infiltration efforts, phishing attempts, impersonation, and unauthorized attempts to obtain information.
Accordingly:
- Users should share only information they are comfortable disclosing.
- Sensitive operational details should not be transmitted casually.
- Communication channels may carry risk.
- Individuals should independently practice good digital security habits.
- Use strong passwords and secure devices.
- Be cautious of impersonation attempts claiming to represent the Foundation.
- Verify official communications through recognized Foundation channels.
The Foundation encourages prudent operational discretion from all supporters, contributors, and participants.
Rights of Individuals
Individuals may request to:
- Access information reasonably held about them
- Correct inaccurate information
- Request deletion where appropriate
- Withdraw consent where consent applies
- Ask how their information is used
To make such requests, individuals may reach out to the Foundation through official communication channels.
Copyright
All content published by the Foundation remains the intellectual property of the Foundation unless otherwise stated.
Permission should be obtained before reproducing or redistributing Foundation materials beyond lawful fair use.
Changes to This Policy
The Foundation reserves the right to amend this Privacy Policy at any time in response to operational, legal, or organizational developments.
Updated versions will be published through official Foundation channels.
Continued use of Foundation services constitutes acceptance of revised terms.