2. Personal Data We Collect
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
3. How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
4. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
5. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
6. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- Request access to your personal data.
- Request correction of your personal data.
- Request the erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). If you are a resident of California, you have certain data protection rights under the California Consumer Privacy Act (CCPA). If you are a resident of the UK, you have certain data protection rights under the UK Data Protection Act.
7. Data Transfers
8. Children's Privacy
Our Service does not address anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
9. Data Breach Notification
In the event that your data is compromised, LunaCharity.org will notify you and competent Supervisory Authorities within 72 hours by email with information about the extent of the breach, affected data and LunaCharity.org’s action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the Service.
10. Third-Party Data Collection
Our Service may include links to third-party websites and applications. You should be aware that these sites are operated independently from us and are governed by their own privacy policies. We are not responsible for the content of these sites, any products or services that may be offered through these sites, or any other use of these sites.
11. Data Protection Impact Assessment (DPIA)
We conduct Data Protection Impact Assessments (DPIAs) as required under GDPR for any high-risk processing activities. These assessments help us to consider the appropriate safeguards to protect your personal data.
12. Privacy by Design and Default
We adhere to the principles of privacy by design and default. This means that we consider privacy at the initial design stages and throughout the complete development process of new products, processes or services that involve processing personal data.
13. Data Subject's Right to Lodge a Complaint
If you have any concerns about our use of your personal data, you have the right to lodge a complaint with the appropriate data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.
14. Third-Party Links
16. Indian Laws
In compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 of India, if you are a person located in India, you are entitled to contractually enforceable rights including the right to review the information provided, correct inaccurate information, and withdraw consent to use of your personal data. If you need to access, correct, amend, or delete personal data that we control, you can do so by contacting us.