Respect for privacy and the protection of personal data is a factor of trust, a value that is particularly important to Akhamani, which is committed to respecting the fundamental rights and freedoms of each individual.
The present personal data protection policy reflects the commitments implemented by Akhamani and all its active members in the context of its daily activities for a responsible use of personal data.
Data Protection Officer – DPO
In order to preserve the privacy and protection of personal data, Akhamani has appointed a Data Protection Officer (DPO) in September, 2020.
The DPO is a pledge of trust; a contact specialized in the protection of personal data, responsible for ensuring the preservation of privacy and the proper application of rules for the protection of personal data, the privileged contact of the Commission Nationale Informatique et Libertés (CNIL), and all persons concerned by the collection or processing of personal data.
To contact the DPO: write to “DPO Akhamani 182 rue de Lompret, 59130 Lambersart, FRANCE” or by e-mail at firstname.lastname@example.org.
The DPO keeps the records of the processing activities of Akhamani, which is available to the CNIL if necessary.
Principles applicable to the protection of personal data
Akhamani provides a solution to its customers to process personal data in compliance with applicable laws and regulations, in particular the European General Data Protection Regulation n°2016/679 of 27th of April 2016.
According to the accountability principle, a personal data accountability policy is implemented in the association and compliance is monitored.
Specific, explicit and legitimate purpose of the processing operation
Personal data are stored in our solution for specific purposes, brought to the attention of the persons concerned at the time of first contact by our partners, members and beneficiaries. Such data may not be used subsequently in a manner incompatible with those purposes.
The treatment of the data is legally based on explicit consent. More specifically, the purpose for treatment by Akhmanani are :
- Managing the association memberships;
- Planning of events;
- Management of logistics for the delivery of physical goods/donations;
- Operation and optimization of the Association website;
- Verification, identification, and authentication of data provided by the users;
These data must be processed lawfully, fairly and transparently by our partners, members and beneficiaries.
Akhamani does not collect data relating to health, racial origin, religious or racial beliefs, political opinions or philosophical beliefs. Similarly, it does not collect genetic or biometric data or data concerning the health, sex life or sexual orientation of the person concerned.
Proportion and relevance of data collected
The personal data collected are strictly necessary for the purpose for which they are collected. Akhamani strives to minimize the data collected, to keep them accurate and up to date by facilitating the rights of data subjects.
A personal data is constituted of any information regarding a physical person identified or identifiable (the concerned person). Is deemed identifiable a person which can be identified directly or indirectly, specifically by means of a name, an identification number or a combination of elements specific to its physical, psychological, genetic, psychic, economic, cultural or social identity.
The following personal data may be collected :
- First and last name
- Postal address
- Email address
- Phone number
- Date of Birth
- Tutor identity (for minors)
A DPO : email@example.com, is available for all questions relative to the protection of your personal data.
Limited retention period for personal data
Personal data shall be kept for a limited period which shall not exceed the period necessary for the purposes of collection.
Data retention periods are implemented according to our partners, members and beneficiaries’ needs and vary according to the nature of the data, the purpose of the processing, or legal or regulatory requirements.
Confidentiality / Data security
Information system protection measures are implemented, adapted to the nature of the data processed and the association’s activities.
Appropriate physical, logical and organizational security measures are in place to ensure data confidentiality, including the prevention of unauthorized access.
Akhamani has implemented a procedure for notifying the CNIL and / or individuals concerned of a violation of personal data.
Akhamani also requires any subcontractor to provide appropriate guarantees to ensure the security, protection and confidentiality of personal data. This requirement requires the establishment of contracts, which include for the subcontractor the obligation to respect the content of the European Regulation. These contracts provide for controls and audits to be carried out where necessary.
Personal data may be transferred to countries within or outside the European Union. If this is the case, the persons concerned are precisely informed, and specific measures, for example European contractual clauses, are taken to regulate these transfers.
Lawfulness of the processing
The association’s processing operations are based either on your consent, on the performance of the contract binding us, on compliance with a legal obligation, or on the pursuit of our association’s legitimate interests.
When the treatment of the personal information is based on consent, the association is capable of proving that such consent was given.
Rights of individuals
All necessary means to guarantee the effectiveness of individuals’ rights over their personal data are implemented.
A clear and complete description of the data treatment is provided on all supports and tools collecting personal data. This description is easily accessible and is intended for everyone’s understanding.
According to the regulations relative to personal data protection, owners of this data have the following rights:
- Right to access: to ask for a complete detail of the personal data that has been collected on them.
- Right to rectification: to ask for updates or completion to their personal information.
- Right to erasure: to ask that all their personal data detained by the association be deleted.
- Right to restrict processing: to ask that treatment of their personal data be restricted according to the scenarios planned by the GDPR
- Right to object to processing: to ask that treatment of their personal data be disallowed according to the scenarios planned by the GDPR
- Right to data portability: to ask that all their personal data collected by the association be restituted so they can be transmitted to another party, within certain limitations.
Each request relative to these rights must be sent to firstname.lastname@example.org and accompanied with the photocopy of an official proof of identity, current and signed, and the mention of a valid email address at which the requestor can be contacted by the association. Answer to these requests will be provided within one month from receipt of the request. This delay can be extended by two months based on the complexity of the request or the overall volume of all requests received by the association, if warranted.
Finally, every person has the right to decide the fate of his data after his death.
These rights may be exercised according to the procedures brought to the attention of the persons concerned by our partners, members and beneficiaries, Akhamani will help them to bring the best answer to each client.
Monitoring of the Personal Data Protection Policy
This policy is updated regularly to consider legislative and regulatory changes, and any changes in the organization of Akhamani or in the products and services offered.
In case of new processing or modification of an existing processing that could have an impact on the rights and freedoms of the data subjects, Akhamani will work with its customers to carry out a data protection impact assessment.