Privacy Policy

Privacy Policy

1. Introduction and Scope

This Privacy Policy describes how Margdata Trust collects, uses, stores, protects, and processes personal information obtained through https://margdata.in/ and related services. We are committed to complying with applicable Indian data protection laws, including the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

By using our website, registering as a Member, or providing your personal information to us, you expressly consent to the data practices described in this policy. If you do not agree with our privacy practices, please do not use our website or services.

2. Information We Collect

2.1 Personal Data

When you register as a Member or interact with our website, we collect various types of personal information necessary for providing our services:

Category	Data Types	Purpose
Identity Information	Full name, date of birth, age, gender, nationality, photograph	Member verification and eligibility assessment
Contact Information	Email address, mobile phone number, residential address, city, state, postal code	Communication and service delivery
Demographic Data	Occupation, education level, income range, family details, marital status	Profile management and analytics
Nominee Details	Nominee name, relationship, contact information, identification documents	Beneficiary designation and claim processing
Health Information	Serious health conditions, medical history (if voluntarily disclosed)	Eligibility assessment and benefit administration
Financial Data	Transaction details, payment methods, contribution records, bank account information	Sahyog management and financial tracking
Identification Documents	Aadhaar number, PAN card, voter ID, passport, driving license	Identity verification and KYC compliance
Communication Records	Emails, messages, chat logs, phone call records, feedback forms	Customer support and record keeping

2.2 Non-Personal Data

We automatically collect certain non-identifiable information when you visit our website to improve user experience and optimize our services:

• Technical Information: Browser type and version, language settings, time zone settings, browser plug-in types and versions, platform
• Device Information: Device type (computer, mobile, tablet), operating system and version, screen resolution, device identifiers, hardware model
• Network Information: IP address, internet service provider (ISP), approximate geographic location (city/region level), connection type
• Usage Information: Pages visited, time spent on pages, navigation paths, links clicked, scroll depth, bounce rate, exit pages
• Referral Information: Referring website or source of traffic, search terms used, campaign parameters, UTM codes
• Log Data: Date and time of visits, access logs, error logs, performance metrics, server response times
• Interaction Data: Form submissions, button clicks, downloads, video views, social media interactions

2.3 Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience and gather usage analytics. Cookies are small text files stored on your device that help us remember your preferences and improve functionality.

Types of cookies we use:

• Essential Cookies: Required for basic website functionality including login, security features, form submission, and session management. These cannot be disabled without affecting core functionality.
• Performance Cookies: Help us understand how visitors use our site through analytics tools like Google Analytics. These cookies collect aggregated, anonymized data about page views, traffic sources, and user behavior.
• Functionality Cookies: Remember your preferences and settings such as language selection, region, display options, and customization choices to enhance your experience.
• Targeting/Advertising Cookies: Track your browsing activity to show relevant content and advertisements. These may be set by our advertising partners.

You may configure your browser to refuse cookies, but this may limit some features of our website. Most browsers allow you to manage cookie preferences in their settings menu. By continuing to use our site without changing your cookie settings, you consent to our use of cookies as described in this policy.

3. How We Use Your Information

We use the information we collect for the following legitimate purposes in accordance with applicable law:

• Membership Management: To process and maintain your membership registration, verify eligibility criteria, authenticate your identity, and manage your account information throughout your membership lifecycle.
• Communication: To send Sahyog notifications, updates, announcements, newsletters, event invitations, and important information about Trust activities. We may contact you via email, SMS, WhatsApp, or phone calls.
• Verification & Authentication: To verify your identity using government-issued documents, authenticate account access, prevent fraud and unauthorized access, and ensure only eligible users access our services.
• Operational Management: To administer daily Trust operations, process Sahyog claims, manage benefit distributions, coordinate community support activities, and maintain accurate records.
• Website Improvement: To enhance user experience, improve website functionality, optimize performance, fix bugs, develop new features, and ensure compatibility across devices.
• Analytics & Research: To understand user behavior, preferences, and website traffic patterns through aggregated and anonymized data. This helps us make informed decisions about service improvements.
• Legal Compliance: To comply with applicable laws, regulations, court orders, legal obligations, tax requirements, and government requests for information.
• Security & Fraud Prevention: To protect against unauthorized access, detect and prevent fraud, identify security threats, investigate suspicious activities, and prevent misuse of our services.
• Customer Support: To respond to your inquiries, resolve technical issues, provide assistance with account management, address complaints, and improve our support services.
• Marketing & Outreach: To inform you about Trust programs, events, initiatives, volunteer opportunities, and community activities. You can opt-out of marketing communications at any time.
• Record Keeping: To maintain accurate records for administrative purposes, historical documentation, legal requirements, audit trails, and institutional memory.
• Statistical Analysis: To conduct research, generate reports, analyze trends, measure program effectiveness, and assess community impact.
• Payment Processing: To process Sahyog contributions, manage financial transactions, issue receipts, and maintain transaction records.

4. Data Sharing and Disclosure

We may share your personal information in the following limited circumstances:

4.1 Service Providers and Partners

• Communication Services: Email service providers (e.g., Gmail, SendGrid), SMS gateways, WhatsApp Business API providers, and notification services for sending updates and alerts to Members.
• Payment Processors: Payment gateway providers, bank partners, and financial service providers for processing Sahyog contributions. These providers have their own privacy policies and security measures.
• Technology Partners: Web hosting providers (server hosting), cloud storage services (data backup and storage), IT infrastructure vendors, software service providers, and database management services.
• Analytics Providers: Google Analytics and similar services for website analytics and performance monitoring. These services collect anonymized data about website usage.
• Security Services: Cybersecurity firms, fraud detection services, and identity verification providers to protect against threats and verify user identities.
• Professional Advisors: Legal consultants, auditors, accountants, and other professional advisors who need access to information in the course of providing services to the Trust.
• All service providers are carefully vetted and contractually obligated to maintain confidentiality, use data only for specified purposes, and implement appropriate security measures.

4.2 Legal Requirements and Authorities

We may disclose your personal information when required by law or to protect our rights and interests:

• When required by law, regulation, court order, subpoena, warrant, or other legal process
• To comply with government investigations, regulatory requirements, or official requests from law enforcement agencies
• To protect the rights, property, safety, or security of Margdata Trust, our Members, staff, or the public
• To enforce our Terms and Conditions, investigate potential violations, or take action against prohibited activities
• To prevent, detect, or investigate fraud, security breaches, cyberattacks, or other illegal activities
• To respond to emergency situations involving threats to personal safety or public health
• To comply with tax obligations, financial reporting requirements, or regulatory audits

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, asset sale, or other business transition, your personal information may be transferred to the successor organization as part of the transaction. In such cases, your data will remain subject to the same privacy protections, and we will notify you of any ownership changes.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so. This includes situations where you authorize us to share your information with specific organizations or for particular purposes. You can withdraw your consent at any time by contacting us.

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot be used to identify you personally. This includes statistical information, trend reports, demographic summaries, and research data used for improving services or sharing insights with partners and the public.

5. Data Security Measures

We implement comprehensive technical, physical, and organizational safeguards to protect your personal data from unauthorized access, loss, misuse, alteration, disclosure, or destruction:

5.1 Technical Security Measures

• Encryption: All data transmission is protected using SSL/TLS encryption (HTTPS). Sensitive personal data is encrypted at rest using industry-standard encryption algorithms (AES-256).
• Secure Servers: Data is stored on secure servers protected by firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and regular security patches.
• Access Controls: Role-based access control (RBAC) ensures only authorized personnel can access personal data on a need-to-know basis. Multi-factor authentication (MFA) is required for administrative access.
• Regular Updates: All software, systems, and security tools are kept up-to-date with the latest security patches and vulnerability fixes.
• Vulnerability Management: We conduct regular security audits, penetration testing, and vulnerability assessments to identify and address potential weaknesses.
• Data Backup: Regular encrypted backups are performed and stored in secure, geographically distributed locations to ensure data recovery in case of system failures.
• Network Security: Network segmentation, virtual private networks (VPNs), and secure protocols protect data during transmission and storage.
• Monitoring: 24/7 security monitoring, logging, and alerting systems detect suspicious activities and potential security incidents in real-time.

5.2 Organizational Security Measures

• Limited Access: Only authorized personnel have access to personal data on a strict need-to-know basis. Access permissions are regularly reviewed and updated.
• Employee Training: Regular security awareness and privacy training for all staff members who handle personal data. Ongoing education about data protection best practices.
• Confidentiality Agreements: All staff, contractors, and service providers sign confidentiality and data protection agreements before accessing any personal information.
• Incident Response: Documented procedures for responding to security incidents, data breaches, and privacy violations. Incident response team trained to handle emergencies.
• Vendor Management: Third-party vendors undergo security assessments and are required to maintain appropriate data protection standards.
• Data Minimization: We collect only the minimum amount of personal data necessary for our stated purposes and delete data when no longer needed.
• Privacy by Design: Privacy and security considerations are integrated into all new systems, processes, and initiatives from the design stage.
• Regular Audits: Periodic internal and external audits to ensure compliance with privacy policies and security standards.

5.3 Physical Security Measures

• Secure Facilities: Physical access to servers and data storage facilities is restricted with badge access, security personnel, and surveillance systems.
• Document Security: Physical documents containing personal data are stored in locked cabinets with restricted access.
• Disposal Procedures: Secure destruction of physical documents and electronic media containing personal data using shredding and data wiping.

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance functionality, personalize your experience, and track usage analytics. Understanding and managing these technologies helps you control your privacy.

6.1 Managing Cookie Preferences

You can control and manage cookies in several ways:

• Browser Settings: Most modern browsers allow you to refuse cookies, delete existing cookies, or be notified when cookies are set through the browser settings menu (usually under Privacy or Security settings).
• Opt-Out Tools: Use browser extensions or privacy tools like Privacy Badger, Ghostery, or uBlock Origin to block tracking cookies and third-party trackers.
• Google Analytics: Opt-out of Google Analytics tracking using Google's official opt-out browser add-on available at https://tools.google.com/dlpage/gaoptout
• Do Not Track: Some browsers offer "Do Not Track" (DNT) signals. Note that not all websites honor these signals, and there is no universal standard.
• Mobile Devices: On mobile devices, you can reset your advertising identifier or limit ad tracking in device settings.

Important Note: Disabling cookies may affect website functionality. Some essential features may not work properly without cookies enabled. We recommend allowing essential cookies while blocking optional tracking cookies.

6.2 Cookie Duration

• Session Cookies: Temporary cookies that expire when you close your browser. Used for essential functions like maintaining your login session.
• Persistent Cookies: Remain on your device for a set period (days, months, or years) or until you manually delete them. Used for remembering preferences and settings.

7. Third-Party Links and Services

Our website may contain links to external websites, social media platforms, or third-party services. Margdata Trust is not responsible for the privacy practices or content of these external sites.

When you click on a third-party link and leave our website, you are subject to that organization's privacy policy and terms of service. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Common third-party services we may link to or integrate with:

• Social Media Platforms: Facebook, Telegram, Instagram, YouTube - governed by their respective privacy policies
• Payment Gateways: Razorpay, PayU, Paytm, or other payment service providers - each has its own privacy and security policies
• Government Verification Services: Aadhaar authentication (UIDAI), PAN verification (Income Tax Department), DigiLocker
• Communication Platforms: WhatsApp Business API, email services, SMS providers
• Google Services: Google Maps, Google Translate, Google Analytics, YouTube embeds
• Cloud Services: Cloud storage providers and infrastructure services

We encourage you to review the privacy policies of any third-party websites you visit or services you use. We select third-party partners carefully but cannot guarantee their privacy practices.

8. Data Retention Policy

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

8.1 Retention Periods

Data Type	Retention Period	Reason
Active Member Data	Duration of membership + 7 years	Operational needs, legal compliance, historical records
Inactive Member Data	3 years after inactivity	Allow for reactivation, compliance requirements
Financial Transaction Records	10 years	Tax compliance, audit requirements, legal obligations
Communication Records	3-5 years	Customer support, dispute resolution, quality assurance
Website Analytics Data	26 months (anonymized)	Performance analysis, trend identification
Security Logs	1-3 years	Security monitoring, incident investigation
Marketing Communications	Until opt-out + 30 days	Compliance with unsubscribe requests
Legal Documentation	Permanent	Legal compliance, organizational history

8.2 Data Deletion

When personal data is no longer needed, we securely delete or anonymize it:

• Secure Deletion: Electronic data is permanently deleted using secure data wiping methods that prevent recovery.
• Anonymization: Some data may be anonymized for statistical or research purposes, removing all personally identifiable information.
• Backup Retention: Data in backups may persist for up to 90 days after deletion from active systems before being permanently removed.
• Legal Holds: Data subject to legal holds, litigation, or regulatory investigations is retained until the matter is resolved.

9. Your Privacy Rights

You have certain rights regarding your personal data. We are committed to facilitating the exercise of these rights in accordance with applicable Indian data protection laws.

9.1 Rights You Can Exercise

• Right to Access: You have the right to request access to your personal data we hold. We will provide you with a copy of your data in a commonly used electronic format within 30 days of your verified request.
• Right to Correction: You can request correction of inaccurate or incomplete personal data. You may update most information directly through your account settings or by contacting us.
• Right to Deletion: You may request deletion of your personal data, subject to certain legal and operational limitations. We may retain some data as required by law or for legitimate business purposes.
• Right to Restrict Processing: You can request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another organization.
• Right to Withdraw Consent: Where we process your data based on consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.
• Right to Object: You can object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.
• Right to Opt-Out: You can opt-out of marketing communications at any time by clicking the unsubscribe link in emails or contacting us directly.
• Right to Lodge a Complaint: You have the right to file a complaint with a supervisory authority if you believe your privacy rights have been violated.

9.2 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in Section 12. You will need to:

• Submit a written request via email to margdatatrust2025@gmail.com with subject line "Privacy Rights Request"
• Provide sufficient information to verify your identity (name, email, phone number, member ID if applicable)
• Clearly specify which right you wish to exercise and what action you want us to take
• Allow up to 30 days for us to process your request (we may extend this by 60 days for complex requests)

We will respond to all verified requests free of charge. In some cases, we may charge a reasonable fee if requests are manifestly unfounded, excessive, or repetitive.

10. Children's Privacy Protection

Our services are intended for individuals aged 18 years and above. We do not knowingly collect personal information from children under 18 years of age.

• Our membership eligibility requires applicants to be between 18 and 55 years of age
• We do not knowingly solicit or collect personal data from anyone under 18
• If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete that information
• Parents or guardians who believe we may have collected information from a child should contact us immediately at margdatatrust2025@gmail.com
• Nominee information may include minors, but nominees under 18 must have a legal guardian to receive benefits

11. International Data Transfers

Margdata Trust is based in India and primarily serves Indian citizens. Your personal data is stored and processed in India on servers located within Indian territory.

• Primary Storage: All personal data is stored on servers located in India and subject to Indian data protection laws
• Third-Party Services: Some service providers we use may store or process data outside India (e.g., cloud services, email providers, analytics tools)
• Safeguards: When data is transferred internationally, we ensure appropriate safeguards are in place, such as:
  • Standard contractual clauses approved by regulatory authorities
  • Service providers certified under recognized privacy frameworks
  • Adequate data protection measures equivalent to Indian standards
• Cross-Border Transfers: We minimize cross-border data transfers and only use them when necessary for service delivery or operational purposes

12. Updates to Privacy Policy

We may modify, update, or amend this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations.

• Notification: We will notify you of significant changes through email, website announcements, or notifications in your account
• Effective Date: Changes become effective on the date specified in the updated policy
• Review Period: For material changes affecting your rights, we will provide at least 30 days' notice before the changes take effect
• Continued Use: Your continued use of our services after the effective date constitutes acceptance of the updated policy
• Version History: We maintain a record of previous policy versions available upon request
• Your Responsibility: We encourage you to review this policy periodically to stay informed about how we protect your information

The current version of this policy is always available at https://margdata.in/privacy-policy with the effective date clearly displayed.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, Please contact US