Safeguarding Your Information with Transparency, Integrity, and Unwavering Commitment to Data Security
At the Blessed Day Relief Foundation (BDRF), we recognize that privacy is a fundamental human right and that the trust you place in us when sharing your personal information is a sacred responsibility. Our comprehensive Privacy Policy and Data Protection Notice outlines our unwavering commitment to safeguarding your data through industry-leading security measures, transparent processing practices, and strict adherence to international data protection standards.
Clear communication about how we collect and use your information
Advanced encryption and robust protection measures for all data
Full responsibility for the protection and proper handling of your data
Honoring your privacy rights and individual data preferences
Understanding Our Commitment to Your Privacy
This comprehensive Privacy Policy and Data Protection Notice serves as the foundational document that explains in clear, accessible language how the Blessed Day Relief Foundation (BDRF) collects, processes, stores, transmits, and protects personal data entrusted to us by our donors, beneficiaries, volunteers, partners, and all other stakeholders who interact with our organization through any channel or platform.
Our policy has been meticulously crafted to ensure full compliance with applicable data protection laws and regulations across all jurisdictions in which we operate, including but not limited to the General Data Protection Regulation (GDPR) for European stakeholders, the California Consumer Privacy Act (CCPA), the Personal Data Protection Act (PDPA), and other regional and national data protection frameworks. Beyond mere legal compliance, this policy reflects our organizational values and our deep-seated belief that protecting personal information is not just a legal obligation but a moral imperative that underpins the trust-based relationships essential to our humanitarian mission.
This Privacy Policy aims to provide complete transparency regarding our data practices, empower you with knowledge about your privacy rights, establish clear guidelines for data handling throughout our organization, demonstrate our commitment to maintaining the highest standards of data protection, and serve as a binding commitment that governs all data processing activities undertaken by BDRF and its authorized representatives.
Understanding what information we gather and why it's essential for our operations
This category encompasses fundamental identifying information that allows us to recognize and communicate with you as an individual. It includes your full legal name, date of birth, gender, nationality, government-issued identification numbers where legally required, passport details for international programs, and any other information necessary to verify your identity and maintain accurate records of our interactions and relationships.
We collect comprehensive contact information to facilitate effective communication regarding our programs, donations, and services. This includes your residential and mailing addresses, primary and secondary email addresses, telephone numbers including mobile and landline, preferred communication channels, language preferences, and emergency contact information where relevant to your participation in our programs or volunteer activities.
Financial data is collected exclusively for processing donations and disbursing aid. This includes bank account details for direct transfers, credit and debit card information processed securely through PCI-DSS compliant third-party payment gateways, digital wallet identifiers, and transaction histories. We emphasize that full payment card details are never stored on our servers but are handled exclusively by our certified payment processors.
When you submit materials through our platforms, we collect and store user-generated content including text submissions such as testimonials and feedback, photographs and images documenting program impact, video content for awareness campaigns, supporting documents for beneficiary applications, and any other media files you voluntarily provide. All uploaded content remains under your ownership while granting BDRF appropriate usage rights.
We maintain comprehensive records of your interactions with our organization, including complete donation history with amounts, dates, and designated purposes, event registrations and attendance records, volunteer hour logs, newsletter subscription preferences, website browsing behavior through cookies and analytics, application and device information, IP addresses, and timestamps of all platform interactions to improve our services.
In limited circumstances related to our humanitarian programs, we may collect sensitive personal data including health information for medical assistance programs, religious or philosophical beliefs where relevant to cultural sensitivity in aid delivery, ethnic origin for demographic reporting required by funding bodies, and disability status for accessibility accommodations. Such data is collected only with explicit consent and enhanced protections.
The Legal Foundations Governing Our Data Use
The Blessed Day Relief Foundation processes personal data only when we have a valid legal basis to do so. Our commitment to lawful processing ensures that every piece of information we handle serves a legitimate purpose that is clearly communicated and properly authorized. Below, we outline the comprehensive legal foundations that govern our data processing activities across all operational areas.
The primary basis for processing your data is the necessity of fulfilling our contractual obligations to you and delivering the services you have requested. This includes processing donations to ensure funds reach intended beneficiaries, administering beneficiary applications and determining eligibility for assistance programs, managing volunteer registrations and coordinating volunteer activities, maintaining donor accounts and providing access to giving history, sending transactional communications such as donation receipts, program updates, and service notifications, and enabling the core functionality of our digital platforms.
As a registered non-profit organization operating across multiple jurisdictions, we are subject to extensive legal and regulatory requirements that necessitate certain data processing activities. These include maintaining financial records for tax and audit purposes as required by charity regulators, complying with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations, fulfilling reporting obligations to government agencies and funding bodies, responding to lawful requests from law enforcement and judicial authorities, adhering to employment and volunteer management regulations, and meeting our obligations under applicable data protection legislation.
Protecting the integrity of charitable funds and preventing misuse of our platforms represents both a legal obligation and a legitimate organizational interest that benefits all stakeholders. Our fraud prevention activities include monitoring donation patterns for suspicious activity, verifying beneficiary identities and eligibility claims, conducting internal audits of financial transactions and program delivery, investigating reports of misconduct or policy violations, maintaining secure audit trails for all significant data processing activities, and implementing technological safeguards against unauthorized access and data breaches.
Facilitating meaningful connections between those who give and those who receive is central to our mission. Where donors and beneficiaries have provided consent, we process data to enable direct communication channels while maintaining appropriate privacy protections, share impact stories and updates that demonstrate how donations have made a difference, coordinate sponsorship programs that create ongoing relationships between supporters and beneficiaries, and provide personalized acknowledgments that recognize donor contributions while respecting beneficiary dignity.
For any data processing that falls outside the categories above, we will seek your explicit, informed consent before proceeding. This includes marketing communications, publication of testimonials or images, participation in research studies, and any other optional data use. You have the right to withdraw consent at any time, and we will promptly cease the relevant processing upon receiving your withdrawal request.
Multi-layered security infrastructure designed to safeguard your information at every stage
All data is stored on enterprise-grade servers housed in SOC 2 Type II certified data centers with 24/7 physical security. We employ AES-256 encryption for data at rest and TLS 1.3 for data in transit, ensuring your information remains protected throughout its lifecycle. Regular penetration testing and vulnerability assessments verify the effectiveness of our encryption protocols.
We implement role-based access control (RBAC) ensuring that personal data is accessible only to authorized personnel who require it for legitimate business purposes. Multi-factor authentication (MFA) is mandatory for all system access, and we maintain detailed access logs that are regularly audited. Personnel undergo background checks and sign confidentiality agreements before receiving data access privileges.
Financial transactions are processed exclusively through PCI-DSS Level 1 certified payment processors, the highest level of payment security certification available. Credit card details and sensitive financial information are tokenized and never stored on our systems. Our payment infrastructure undergoes quarterly security assessments and maintains continuous compliance monitoring.
Our security framework is subject to continuous evaluation through internal audits, external penetration testing by certified ethical hackers, and comprehensive risk assessments. We conduct annual security reviews aligned with ISO 27001 standards, maintain an incident response plan that is regularly tested, and provide ongoing security awareness training to all staff members.
Encrypted transmission
Security verification
AES-256 encryption
Role-based permissions
Continuous audit
Who We Share Information With and Under What Circumstances
The Blessed Day Relief Foundation maintains an absolute, unconditional policy against selling, renting, or trading personal data to any third party for commercial purposes. Your information is a trust we hold sacred, not a commodity to be monetized. This commitment is non-negotiable and applies to all categories of data we collect.
While we are committed to protecting your privacy, certain operational necessities require limited sharing of information with carefully vetted third parties who assist us in fulfilling our mission. Each sharing arrangement is governed by strict contractual obligations that ensure your data receives the same level of protection it receives within our organization.
To securely process your financial transactions, we share necessary payment information with PCI-DSS certified payment processors. These providers receive only the minimum data required to complete transactions and are contractually bound to use this information solely for payment processing purposes. They are prohibited from storing, selling, or using your data for any other purpose and must maintain security standards that meet or exceed our own requirements.
As a registered charitable organization, we are subject to oversight by charity regulators, tax authorities, and other government bodies. We may be legally required to share certain information with these entities for purposes including regulatory compliance audits, tax reporting and verification, anti-money laundering investigations, responses to lawful subpoenas or court orders, and mandatory reporting obligations. We will always seek to minimize the scope of such disclosures while fully complying with our legal obligations.
We engage trusted third-party service providers who assist with essential operational functions including cloud hosting and data storage, email communication platforms, customer relationship management systems, analytics and website optimization, professional services such as legal and accounting, and IT support and cybersecurity services. All service providers are bound by comprehensive data processing agreements that mandate strict confidentiality, purpose limitation, and security obligations aligned with this policy.
In limited circumstances where collaboration enhances our ability to deliver humanitarian aid, we may share relevant information with vetted partner NGOs, implementing partners in the field, and co-funding organizations. Such sharing occurs only with your consent where required, under formal partnership agreements with privacy protections, on a need-to-know basis with minimum necessary disclosure, and with full transparency regarding the purposes and recipients of shared data.
Empowering you with control over your personal information
You have the fundamental right to request a complete copy of all personal data we hold about you. Upon receiving a verified request, we will provide you with a comprehensive report detailing the categories of data we process, the sources from which it was obtained, the purposes for which it is used, the recipients with whom it has been shared, and the anticipated retention period. This information will be provided in a commonly used, machine-readable format free of charge within the legally mandated timeframe.
Accuracy of personal data is essential to our operations and your interests. You have the right to request correction of any inaccurate personal data we hold about you, as well as the completion of incomplete data. We are committed to maintaining the accuracy of your information and will promptly update our records upon verification of the correct information. We will also notify any third parties with whom we have shared inaccurate data of the necessary corrections.
Also known as the "right to be forgotten," you may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent on which processing was based, when you object to processing and there are no overriding legitimate grounds, when data has been unlawfully processed, or when erasure is required to comply with a legal obligation. Please note that this right is subject to certain limitations where we have ongoing legal obligations or legitimate interests in retaining specific data.
You may request that we limit the processing of your personal data in certain circumstances, including when you contest the accuracy of the data while we verify it, when processing is unlawful but you prefer restriction over erasure, when we no longer need the data but you require it for legal claims, or when you have objected to processing pending verification of our legitimate grounds. During the restriction period, we will store but not actively process your data except with your consent.
Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may also request that we transmit this data directly to another controller where technically feasible. This right enables you to move, copy, or transfer your data easily between different services or platforms.
Where we process your personal data based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal, but we will cease the relevant processing promptly upon receiving your request. You may withdraw consent through your account settings, by contacting our Data Protection Officer, or by following unsubscribe instructions in our communications.
To exercise any of these rights, please submit a written request to our Data Protection Officer. We will verify your identity before processing any request and respond within the legally required timeframe. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.
Email: info@blesseddayrelieffoundation.com
Response Time: Within 30 days
All requests are handled confidentially
How Long We Keep Your Information and Why
The Blessed Day Relief Foundation adheres to the principle of data minimization, which mandates that personal data should not be retained for longer than necessary to fulfill the purposes for which it was collected. Our retention periods are carefully calibrated to balance operational requirements, legal obligations, and your privacy interests.
Data essential to ongoing service delivery, active donor relationships, and current beneficiary programs is retained for the duration of those relationships. This includes account information, preference settings, and communication histories that enable us to provide personalized service and maintain continuity in our interactions with you.
Certain categories of data must be retained for specific periods mandated by law. Financial transaction records are typically retained for seven years to comply with tax regulations and audit requirements. Records related to charitable programs may be retained longer to demonstrate regulatory compliance and for historical reporting to governing bodies.
To maintain accountability and enable retrospective audits, we retain audit logs, consent records, and compliance documentation for periods sufficient to satisfy regulatory expectations and support any potential legal proceedings. These records are essential for demonstrating our adherence to data protection principles.
When personal data reaches the end of its retention period, it is securely disposed of using industry-standard methods. Electronic data is permanently deleted using secure overwrite procedures, while physical documents are cross-shredded or incinerated. Disposal activities are logged and subject to periodic audit to ensure compliance with our data destruction protocols.
Detailed information about retention periods for specific data categories is available upon request. We regularly review our retention schedule to ensure it remains aligned with legal requirements, industry best practices, and the evolving needs of our operations. You may request information about the retention period applicable to your data by contacting our Data Protection Officer.
Keeping you informed about changes to our privacy practices
This Privacy Policy may be updated periodically to reflect changes in our practices, technologies, legal requirements, or organizational structure. We encourage you to review this policy regularly to stay informed about how we protect your data.
When we make material changes to this policy that affect how we handle your personal data, we will provide prominent notice through multiple channels. This may include email notifications to registered users, prominent banners on our website, in-app notifications where applicable, and direct communication for changes affecting specific user groups.
For significant changes, we will provide notice at least thirty days before the new policy takes effect, giving you adequate time to review the changes and, if necessary, exercise your rights under the current policy. Minor clarifications or updates that do not materially affect your rights may be implemented with shorter notice periods.
We maintain a complete version history of this Privacy Policy, including the date of each revision and a summary of changes made. Previous versions remain accessible through our website archive, and you may request copies of historical policies by contacting our Data Protection Officer.
Current Version: 2.0
Effective Date: 1st January, 2026
Last Reviewed: December 2025