Data Protection Policy
Hum aapka personal data GDPR aur Amanah ke Islami usoolon ke mutabiq kaise protect karte hain.
Last updated: February 28, 2026
Data Protection Ka Hamara Commitment
AmalQ aapke personal data ko General Data Protection Regulation (GDPR), applicable data protection laws aur Amanah ke Islami usoolon ke mutabiq protect karne ke liye committed hai. Ye policy aapke rights, hum aapka data kaise process karte hain aur hamare safeguards explain karti hai.
Data Controller Information
Aapke data ka zimmedar kaun hai aur data protection matters ke baare mein hum se kaise contact karein.
Data Controller
AmalQ amalq.org platform ke zariye collected personal data ka data controller hai. Hum aapke personal data ki processing ke purposes aur means determine karte hain.
Data Protection Contact
Tamam data protection inquiries, requests ya complaints ke liye hamari data protection team ko legal@amalq.org par contact karo. Hum tamam data protection requests ka 30 din mein jawab dene ka aim rakhte hain.
Supervisory Authority
Agar aapko lagta hai ke aapke data protection rights violate hue hain to aap ko apni local data protection supervisory authority ke paas complaint file karne ka haq hai.
Processing Ki Lawful Basis
Hum aapka personal data sirf tab process karte hain jab hamare paas aisa karne ki lawful basis ho, jaisa ke GDPR Article 6 ke tahat zaruri hai.
Consent (Art. 6(1)(a))
Marketing emails, newsletter subscriptions aur non-essential cookies aapki explicit consent ki basis par process hote hain, jise aap kisi bhi waqt withdraw kar sakte hain.
Contractual Necessity (Art. 6(1)(b))
Account creation, donation processing, campaign management aur customer support ke liye aap se hamari contractual obligations fulfill karne ke liye aapka data process karna zaruri hai.
Legal Obligation (Art. 6(1)(c))
Tax reporting, anti-money laundering compliance aur legal requests ka jawab dene ke liye humein law ke tahat certain data process karna zaruri hai.
Legitimate Interest (Art. 6(1)(f))
Platform security, fraud prevention, service improvement ke liye analytics aur Islamic compliance maintain karna hamare legitimate interests ke tahat process hota hai, aapke rights ke saath balance rakh kar.
Personal Data Ke Categories
Hum personal data ke ye categories collect aur process karte hain, har ek ka specific purpose aur retention period hai.
Identity Data
Full name, date of birth, government ID (campaign creators ke liye). Account management aur identity verification ke liye use hota hai. Aapke account ki duration plus 6 saal tak retained rehta hai.
Contact Data
Email address, phone number, postal address. Communications, support aur services delivery ke liye use hota hai. Aapke account ki duration tak retained rehta hai.
Financial Data
Payment card tokens (Stripe store karta hai, AmalQ nahi), bank account details (campaign creators ke liye), donation history. Payment processing aur tax reporting ke liye use hota hai. Last transaction ke baad 7 saal tak retained rehta hai.
Technical Data
IP address, browser type, device information, login timestamps, device fingerprint. Security, fraud prevention aur platform optimization ke liye use hota hai. 12 mahine tak retained rehta hai.
Usage Data
Visited pages, used features, campaign interactions, search queries. Analytics aur service improvement ke liye use hota hai. Anonymized form mein 24 mahine tak retained rehta hai.
Preference Data
Language preference, notification settings, Islamic compliance preferences, communication opt-ins. Personalization ke liye use hota hai. Aapke account ki duration tak retained rehta hai.
Data Retention Periods
Hum personal data sirf utni der tak retain karte hain jitni der is purpose ke liye zaruri hai jis ke liye collect kiya gaya, ya jitna law require kare.
Active Accounts
Aapke account ki duration tak data retained rehta hai. Aap kisi bhi waqt deletion ki request kar sakte hain (legal obligations ke subject).
Closed Accounts
Account close hone ke baad zyada tar personal data 30 din mein delete ho jaata hai. Financial records tax aur legal compliance ke liye 7 saal tak rakhe jaate hain.
Campaign Data
Campaign information aur donation records transparency aur audit purposes ke liye campaign complete hone ke baad minimum 7 saal tak rakhe jaate hain.
Data Anonymization
Jahan possible ho, hum data ko delete karne ki bajaye anonymize kar dete hain, jisse hum individual privacy protect karte hue aggregate statistics maintain kar sakte hain.
International Data Transfers
Ek global platform hone ki wajah se aapka data aapke country of residence se bahar transfer aur process ho sakta hai.
Transfer Safeguards
Tamam international data transfers European Commission ki approved Standard Contractual Clauses (SCCs) ya doosre approved transfer mechanisms se protected hain.
Payment Data Transfers
Stripe ke zariye process hone wala payment data Stripe ke data centers mein transfer ho sakta hai. Stripe EU-US Data Privacy Framework certification maintain karta hai.
Hosting Infrastructure
Hamare primary servers Europe mein located hain. Performance optimization ke liye data doosre regions mein cached ya processed ho sakta hai, hamesha appropriate safeguards ke saath.
Aapke Data Protection Rights
GDPR ke tahat aapko apne personal data ke hawale se ye rights haasil hain. Hum tamam requests 30 din mein honor karte hain.
Right of Access (Art. 15)
Hamare paas aapke tamam personal data ki copy request karo, including processing ke purposes, data categories aur recipients.
Right to Rectification (Art. 16)
Kisi bhi inaccurate personal data ki correction request karo. Aap zyada tar information apni account settings se directly update kar sakte hain.
Right to Erasure (Art. 17)
Apne personal data ka deletion request karo jab ye us purpose ke liye zaruri na rahe jis ke liye collect kiya gaya tha, ya jab aap consent withdraw kar lein. Legal retention requirements ke subject.
Right to Restriction (Art. 18)
Processing ki restriction request karo jab tak hum accuracy verify karein, legitimate interests assess karein, ya aapka objection process karein.
Right to Data Portability (Art. 20)
Apna personal data ek structured, commonly used, machine-readable format (JSON ya CSV) mein receive karo aur ise doosre controller ko transmit karo.
Right to Object (Art. 21)
Legitimate interests ya direct marketing purposes par based processing par object karo. Hum processing band kar denge jab tak hamare paas compelling legitimate grounds na hon.
Automated Decision-Making (Art. 22)
Hum sirf automated processing ki basis par aise decisions nahi karte jo aapko significantly affect karein. Fraud detection systems mein kisi bhi adverse decision ke liye human review shamil hai.
Data Breach Notification
Hamare paas personal data breaches detect, report aur investigate karne ke procedures hain.
Breach Detection
Hum potential data breaches detect karne ke liye 24/7 security monitoring systems maintain karte hain. Hamari incident response team kisi bhi alert investigate karne ke liye on call hai.
Authority Notification
Individuals ke liye risk ka imkaan rakhne wali breach ki soorat mein, hum GDPR Article 33 ke tahat 72 ghanton ke andar relevant supervisory authority ko notify karenge.
User Notification
Agar kisi breach se aapke rights aur freedoms ko high risk ho to hum affected users ko bila taakheer email aur platform notification ke zariye notify karenge.
Breach Mitigation
Hum kisi bhi breach ko contain aur mitigate karne ke liye immediate steps lete hain, including systems secure karna, credentials reset karna aur zarurat parne par forensic investigators engage karna.
Children Ka Data
AmalQ jaan boojh kar 16 saal se kam umar bachon ka personal data collect ya process nahi karta.
Age Restriction
Hamara platform 18 saal aur us se zyada umar ke users ke liye hai. Hum jaan boojh kar 16 se kam umar ke individuals ka data collect nahi karte.
Parental Notice
Agar humein pata chale ke humne 16 saal se kam umar ke bachche ka personal data collect kiya hai to hum use fori taur par delete kar denge. Parents ya guardians jinhe aisi collection ka ilm ho foran hum se contact karein.
Policy Updates
Hum apne practices, technology ya legal requirements mein changes reflect karne ke liye ye Data Protection Policy update kar sakte hain.
Change Notification
Is policy mein material changes ki notification email aur hamare platform par ek prominent notice ke zariye effect se kam az kam 30 din pehle di jayegi.
Version History
Is policy ke previous versions request par available hain. Current version date is page ke top par displayed hai.
Data Protection Inquiries
Data protection ke baare mein kisi bhi sawaal ke liye, apne rights exercise karne ke liye, ya data protection concern report karne ke liye hamari data protection team se contact karo. Hum har inquiry seriously lete hain aur 30 din mein respond karne ka aim rakhte hain.
legal@amalq.org
Hum tamam data protection requests ka 30 din mein jawab dete hain