PRIVACY POLICY

Ikigai Portfolio Private Limited Privacy and Data Protection Policy

Effective Date: 1st January, 2022

Introduction

Ikigai Portfolio Private Limited values the privacy and security of all information it collects, including personal data of individuals and sensitive data from client organisations, including NGO partners. This Privacy and Data Protection Policy outlines how we collect, use, store, protect, and share personal information and client organisation data, ensuring compliance with applicable privacy regulations, data protection laws, and confidentiality standards.

Scope of the Policy

This policy applies to:

• Personal Data: Any information related to an identified or identifiable individual (data subject), including donors, visitors to web and digital platforms, clients, customers, employees, or other individuals.
• Client Organisation Data: Confidential information, trade secrets, and other sensitive non-personal data provided by client organisations or created during the course of our services.

Information We Collect

2.1 Personal Data

We may collect personal data directly from individuals, including but not limited to:

• Identification Data: Name, address, email, phone number, photograph, government issued ID number and tax identification number.
• Financial Data: Payment information (e.g., credit card or bank account details). 
• Technical Data: IP addresses, browser types, device identifiers, and usage data.
• Employment Data: For employees and contractors, we may also collect data necessary for employment purposes (e.g., social security number, employment history).

2.2 Client Organisation Data

We collect data from client organisations, including NGO partners, that may include:

• Business Information: Operational, financial, accounting, HR, MIS policies, manuals and processes, strategies, product information, internal reports, project data and reports, financial and pricing data, funding details, communication and action from government, regulatory and judicial/legal authorities and marketing data.
• Confidential Data: Trade secrets, intellectual property, agenda, minutes and proceedings of board, management and staff meetings, audit and impact assessment reports and findings, internal policies and memos, agreements and contracts with external stakeholders, communication with and reports to external stakeholders, and proprietary information.
• Technical and Logistical Information: System and process documentation, IT architecture details, and other technical specifications.

How We Use the Information

3.1 Use of Personal Data

We use personal data for the following purposes:

• To provide, operate, and improve our services.
• To process transactions and send billing information
• To communicate with individuals about their accounts, transactions, updates, offers, support or inquiries.
• To comply with legal obligations and resolve disputes.
• To improve customer service and provide personalised experiences.

3.2 Use of Client Organisation Data

We use client organisation data exclusively for:

• Providing and enhancing our services to the client.
• Performing specific functions as outlined in client agreements.
• Performing due diligence of partner NGOs by way of rating, periodic audits and assessments to help donors make informed choices and for partner NGOs to strengthen and enhance their capacities. (While specific confidential and sensitive data points and information will not be shared and disclosed publicly and/or with donors, assessment scores and analysis may be generated using such data points and information). 
• Ensuring data security, confidentiality, and compliance with applicable industry standards.
• Support business operations and decision-making
• Comply with legal obligations and protect our legal rights

Legal Basis for Processing Personal Data

We process personal data based on:

• Consent: Where individuals have given explicit consent.
• Contractual Obligations: Necessary to fulfil a contract or agreement.
• Legitimate Interests: Including business interests, provided they do not override individual rights.
• Legal Compliance: To fulfil legal obligations and regulatory requirements.

Data Sharing and Disclosure

5.1 Sharing Personal Data

We do not sell personal data. However, we may share personal data:

• With service providers assisting in operations (subject to data protection agreements).
• For legal reasons, such as to comply with subpoenas, legal processes, or regulatory requirements.

      5.2 Sharing Client Organisation Data

We maintain the strict confidentiality of client organisation data. Data will only be shared if:

• Authorised by the client organisation under contractual agreements.
• Required by law, where we will notify the client when possible.

Data Security and Protection

6.1 Security Measures

We implement industry-standard security measures to protect personal and organisational data, including encryption, access controls, regular security audits, and secure storage practices.

Personal and organisational data collected through our platform is encrypted using 256-bit AES (Advanced Encryption Standard) technology.

All personal and organisational information stored in Ikigai portfolio’s database is protected with a secured login with authentication, assignment of a unique ID to each person with computer access, regular pass code changes, and user IDs are deactivated or terminated as needed.

Our hosting data server provides data protection meeting PCI DSS (Payment Card Industry Data Security Standard), encrypted communication via SSL (Secure Sockets Layer) technology, intrusion detection for all devices and network nodes, state-of-the-art firewall infrastructure that detects malicious application attacks, virus protection, network load balancing devices via Citrix, and patch management, security and vulnerability monitoring and tracking, and SQL server attack protection via applications to detect SQL Injection and Cross Site Scripting Attacks.

6.2 Confidentiality Obligations

All employees, contractors, and third-party service providers are bound by strict confidentiality agreements regarding personal and organisational data.

Retention of Data

We retain personal and client organisation data only as long as necessary for the purposes outlined in this policy or as required by law.

Rights of Individuals

Individuals have the following rights concerning their personal data:

• Access: The right to access personal data we hold.
• Correction: The right to correct inaccuracies in personal data.
• Deletion: The right to request deletion of personal data.
• Restriction and Objection: The right to restrict or object to certain data processing.
• Portability: The right to receive personal data in a structured, commonly used format.

To exercise any of these rights, please contact us at contact@ikigaiportfolio.com. 

Compliance with Privacy Regulations

Ikigai Portfolio Private Limited is committed to complying with applicable privacy laws, including GDPR, CCPA, and other local data protection regulations. Our data practices, including those in this policy, ensure adherence to these standards for both personal and client organisation data.

Changes to this Policy

We may update this Privacy and Data Protection Policy periodically to reflect changes in our practices, legal requirements, or other factors. Any updates will be communicated to clients and individuals as required by law.

Contact Us

For questions, concerns, or requests related to this policy, please contact us at:

Ikigai Portfolio Private Limited

E-44/3, Ground Floor, Okhla Industrial Area Phase II, 

New Delhi - 110020

Email: contact@ikigaiportfolio.com

Phone: +91 8130437139