Data Protection Policy – Al Aman Fund for the Future of Orphans

Scope

Applies to all:

– Data collected, stored, or processed by the Fund.

– Employees, volunteers, contractors, and third parties handling Fund data.

– Digital and physical data management tools.

– Lawfulness & Transparency – Data is processed for clear, lawful purposes.

– Minimization – Only relevant data is collected.

– Accuracy – Data must be up to date and correct.

– Retention Limits – Data is retained only as long as needed.

– Security – Data is protected from loss, access, or misuse.

– Accountability – The Fund is responsible for compliance.

– Personal: Names, contact details, national ID, etc.

– Financial: Donation records, bank info, receipts.

– Employment: CVs, certificates, payroll data.

– Beneficiary: Education, social status, needs assessments.

– Access information about their data use.

– Request updates or corrections.

– Request deletion (unless legally required to retain).

– Object to unauthorized or marketing-related use.

– Technical: Encryption, firewalls, secure backups.

– Physical: Locked storage, access control.

– Administrative: Limited access, staff training.

– No data shared without a confidentiality agreement.

– Legal sharing permitted only under regulatory obligations.

– Must be reported within 24 hours to Internal Audit & Compliance.

– Mitigation steps and notifications will follow as needed.

– Retention periods based on data type and legal requirements.

– Secure deletion/disposal when no longer needed.

– Refer to official Data Retention Schedule for details.