Privacy Policy
How we collect, use, and protect your personal data
1. Data Fiduciary Identity
This Privacy Policy is published by Aayushman Vidhya Society (hereinafter referred to as "AVS", "we", "us", or "our"), a registered society under the Rajasthan Societies Registration Act, 1958.
| Legal Name | Aayushman Vidhya Society |
|---|---|
| Registration Number | COOP/2025/JAIPUR/500734 |
| Registered Address | Plot No. B-16, Siddha Aangan Villa, Bagru Khurd, Ajmer Road, Jaipur, Rajasthan 302026, India |
| admin@aayushmanvidhyasociety.org | |
| Website | aayushmanvidhyasociety.org |
Under the Digital Personal Data Protection Act, 2023 (DPDPA 2023), AVS is classified as a Data Fiduciary — an entity that determines the purpose and means of processing personal data.
2. Scope of This Policy
This Privacy Policy applies to all personal data collected through the website aayushmanvidhyasociety.org (including all subdomains and language versions: English, Hindi, and Sanskrit). It describes:
- What personal data we collect and why
- How we process, store, and protect your data
- Your rights as a Data Principal (under Indian law) or Data Subject (under EU law)
- Third-party services that may process your data on our behalf
- How to contact us about your data
This Policy complies with the following legal frameworks:
- Digital Personal Data Protection Act, 2023 (DPDPA 2023, Act No. 22 of 2023) and the Digital Personal Data Protection Rules, 2025
- Information Technology Act, 2000 — Section 43A and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules)
- General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679, applicable to visitors from the European Economic Area (EEA) and the United Kingdom
- ePrivacy Directive 2002/58/EC, as applicable to cookie usage for EU/EEA visitors
3. Consent Notice
Important — Please read carefully.
In accordance with Section 5 of the Digital Personal Data Protection Act, 2023, this serves as your Consent Notice. By voluntarily submitting your personal data through any form on this website (including the contact form, newsletter subscription, or volunteer registration), you give your free, specific, informed, and unambiguous consent to the processing of your personal data for the purposes described in this Policy.
You have the right to withdraw your consent at any time by contacting us at admin@aayushmanvidhyasociety.org. Upon withdrawal, we will cease processing your personal data within a reasonable period, unless retention is required by law.
This notice is provided in accordance with:
- DPDPA 2023, Section 5 — Consent must be preceded or accompanied by a notice
- DPDPA 2023, Section 6 — Consent must be free, specific, informed, and an unambiguous, clear affirmative action
- GDPR, Articles 7 and 13 — Conditions for consent and information to be provided at the time of data collection
Note: Browsing our website and reading articles does not require you to submit any personal data. Personal data is collected only when you actively and voluntarily fill in and submit a form.
4. What Data We Collect
4.1 Data You Provide Directly
We collect personal data only when you voluntarily submit it through one of the following forms:
| Form | Data Collected | Purpose |
|---|---|---|
| Contact Form | Name, email address, subject, message content | Responding to your inquiry |
| Newsletter Subscription | Email address | Sending periodic health education updates |
| Volunteer Registration | Name, email address, phone number, area of interest, qualifications/experience | Processing volunteer applications |
4.2 Data Collected Automatically
When you visit our website, the following data may be collected automatically through our infrastructure provider:
| Data Type | Collected By | Purpose | Personal Data? |
|---|---|---|---|
| Page views and visit frequency | Cloudflare Web Analytics | Understanding website usage to improve content | No — Cloudflare Web Analytics is privacy-first and does not collect personal data, use cookies, or track individual users |
| IP address (transient) | Cloudflare CDN | Content delivery, DDoS protection, security | Processed transiently for security; not stored by AVS |
| Browser type, device type, country | Cloudflare Web Analytics | Aggregated statistics for content improvement | No — aggregated and anonymised; no individual tracking |
4.3 Data We Do NOT Collect
Aayushman Vidhya Society does not collect:
- Passwords — We have no user account system
- Financial or payment data — UPI donations are peer-to-peer transactions; no card numbers, bank details, or payment information passes through our website
- Biometric data — We do not collect fingerprints, facial recognition data, or any biometric information
- Health records — Despite being a health education organisation, we provide educational content only; we do not collect, store, or process any personal health records or medical history
- Location data — We do not access GPS, precise location, or geolocation from your device
- Sensitive Personal Data or Information (SPDI) as defined under the IT (SPDI) Rules 2011 — including passwords, financial information, health conditions, sexual orientation, medical records, and biometric information
5. Purpose of Data Collection
We process your personal data exclusively for the following lawful purposes:
| Data | Purpose | Legal Basis (DPDPA 2023) |
|---|---|---|
| Newsletter email | Sending health education updates, workshop announcements, and impact stories | Consent (Section 6) |
| Contact form data | Responding to your inquiry within a reasonable timeframe | Consent (Section 6) |
| Volunteer form data | Evaluating and coordinating volunteer participation | Consent (Section 6) |
| Website analytics (anonymous) | Improving content, understanding audience needs, measuring impact | Legitimate use — no personal data involved |
We do not use your data for any purpose other than those stated above. We do not engage in profiling, automated decision-making, or targeted advertising.
6. Lawful Basis for Processing (GDPR)
For visitors from the European Economic Area (EEA) and the United Kingdom, we process personal data under the following lawful bases as defined in Article 6(1) of the GDPR:
| Data | Lawful Basis | GDPR Article |
|---|---|---|
| Newsletter email | Consent — explicit opt-in via form submission | Article 6(1)(a) |
| Contact form data | Consent — voluntary submission of inquiry | Article 6(1)(a) |
| Volunteer form data | Consent — voluntary application submission | Article 6(1)(a) |
| Cloudflare security processing | Legitimate interest — website security and DDoS protection | Article 6(1)(f) |
7. Third-Party Services (Data Processors)
We use the following third-party services in the operation of this website. These services may process data on our behalf:
| Service | Provider | Purpose | Data Processed | Privacy Policy |
|---|---|---|---|---|
| Web3Forms | Web3Forms (web3forms.com) | Form submission processing and email delivery | Name, email, message content from submitted forms | web3forms.com/privacy |
| Cloudflare | Cloudflare, Inc. (USA) | Content delivery network (CDN), DNS, DDoS protection, Web Analytics | IP address (transient), anonymised analytics data | cloudflare.com/privacypolicy |
| Google Fonts | Google LLC (USA) | Font delivery for Hindi and Sanskrit text rendering | IP address (via font file request) | policies.google.com/privacy |
| GitHub | GitHub, Inc. (Microsoft, USA) | Source code hosting (private repository) | No user data — source code only | GitHub Privacy Statement |
We do not sell, rent, trade, or otherwise share your personal data with any third party for marketing, advertising, or any other commercial purpose.
8. Data Retention
In accordance with DPDPA 2023, Section 8(7), we retain personal data only for as long as is necessary to fulfil the purpose for which it was collected. Our retention periods are:
| Data Category | Retention Period | After Expiry |
|---|---|---|
| Newsletter email addresses | Until you unsubscribe or request deletion | Permanently deleted within 30 days of request |
| Contact form submissions | 12 months from date of submission | Permanently deleted from email records |
| Volunteer applications | 24 months from date of submission | Permanently deleted from email records |
| Cloudflare analytics data | Anonymised; retained per Cloudflare's policy (up to 30 days for raw data) | Automatically purged by Cloudflare |
Form submissions are delivered to our organisational email (admin@aayushmanvidhyasociety.org) via Web3Forms. We do not maintain a separate database of form submissions. Deletion is performed by removing the relevant emails from our email service.
9. Your Rights
9.1 Rights Under the Digital Personal Data Protection Act, 2023 (Indian Residents)
As a Data Principal under DPDPA 2023, you have the right to:
| Right | Section | Description |
|---|---|---|
| Right to Information | Section 11 | Obtain a summary of your personal data being processed by us, the processing activities undertaken, and the identity of all Data Processors with whom your data has been shared |
| Right to Correction and Erasure | Section 12 | Request correction of inaccurate or misleading personal data, completion of incomplete data, updating of outdated data, and erasure of data no longer necessary for the stated purpose |
| Right to Grievance Redressal | Section 13 | File a complaint with our Grievance Redressal Officer, and if unsatisfied with the response, escalate to the Data Protection Board of India |
| Right to Nominate | Section 14 | Nominate another individual to exercise your rights in the event of your death or incapacity |
9.2 Rights Under GDPR (EEA/UK Residents)
If you are located in the European Economic Area or the United Kingdom, you have the following additional rights under the General Data Protection Regulation:
| Right | GDPR Article | Description |
|---|---|---|
| Right of Access | Article 15 | Obtain confirmation as to whether your data is being processed and a copy of your personal data |
| Right to Rectification | Article 16 | Request correction of inaccurate personal data |
| Right to Erasure | Article 17 | Request deletion of your personal data ("right to be forgotten") when the data is no longer necessary for its original purpose |
| Right to Restriction | Article 18 | Request restriction of processing in certain circumstances |
| Right to Data Portability | Article 20 | Receive your data in a structured, commonly used, and machine-readable format |
| Right to Object | Article 21 | Object to processing based on legitimate interest |
We do not engage in automated decision-making or profiling (GDPR Article 22).
9.3 How to Exercise Your Rights
To exercise any of the rights described above, please contact us:
- Email: admin@aayushmanvidhyasociety.org
- Subject line: "Data Rights Request — [Your Name]"
We will acknowledge your request within 7 days and respond substantively within 30 days. There is no fee for exercising your rights, unless a request is manifestly unfounded, excessive, or repetitive.
If you are unsatisfied with our response, Indian residents may file a complaint with the Data Protection Board of India (once constituted and operational under DPDPA 2023). EEA/UK residents may file a complaint with the supervisory authority in the EU/EEA Member State of their habitual residence.
10. Cookies
Cookies are small text files that websites place on your device to store preferences or enable functionality.
10.1 Cookies Used by This Website
| Cookie Name | Set By | Purpose | Duration | Category |
|---|---|---|---|---|
__cf_bm | Cloudflare | Bot management — distinguishes humans from automated traffic | 30 minutes | Strictly Necessary |
cf_clearance | Cloudflare | Records that a visitor has passed a Cloudflare security challenge | 30 minutes | Strictly Necessary |
10.2 Analytics Without Cookies
We use Cloudflare Web Analytics, which is a privacy-first analytics service. It does not use cookies, does not collect personal data, does not track individual users, and does not use fingerprinting. It measures only aggregate page views, referrers, and browser/device statistics.
10.3 Third-Party Cookies
Google Fonts: Our website loads certain fonts from Google's servers for Hindi and Sanskrit text rendering. Google may set cookies as part of this request. For more information, see Google's cookie policy.
10.4 Managing Cookies
You can manage or delete cookies through your browser settings:
Please note that disabling Cloudflare cookies may cause you to repeatedly see security challenge pages on our website.
11. International Data Transfers
Your data may be processed in countries outside India, including the United States of America, through our third-party service providers:
- Cloudflare, Inc. — headquartered in the USA with a global network of data centres. Cloudflare processes data in the nearest edge location to the visitor (which may be inside India for Indian visitors). Cloudflare maintains Standard Contractual Clauses (SCCs) for EU data transfers and is compliant with applicable data protection regulations.
- Google LLC — font delivery may involve servers outside India. Google maintains Standard Contractual Clauses and participates in the EU-US Data Privacy Framework.
- Web3Forms — form submission data is processed via their infrastructure. Please refer to Web3Forms' privacy policy for their data transfer practices.
AVS does not independently transfer personal data outside India. All international data transfers occur through the third-party services listed above, and are governed by their respective data protection agreements.
12. Children's Data
Aayushman Vidhya Society does not knowingly collect personal data from children under the age of 18.
In accordance with DPDPA 2023, processing the personal data of a child (a person under 18 years of age) requires verifiable consent from a parent or legal guardian. We do not implement age-gating on our forms as our content is educational and freely available; however, persons under 18 are advised not to submit personal data through our forms without the knowledge and consent of a parent or guardian.
If we become aware that a child under 18 has submitted personal data without parental consent, we will delete that data promptly. If you are a parent or guardian and believe your child has provided data to us, please contact us at admin@aayushmanvidhyasociety.org and we will take immediate action.
AVS does not engage in behavioural monitoring, profiling, or targeted advertising directed at children, in compliance with DPDPA 2023.
13. Data Security
In accordance with DPDPA 2023 Section 8(3) and IT Act 2000 Section 43A, we implement reasonable security safeguards to protect personal data against unauthorised access, use, modification, disclosure, or destruction:
- Encryption in transit: All data transmitted between your browser and our website is encrypted using TLS/SSL (HTTPS), enforced via Cloudflare
- DDoS protection: Cloudflare's enterprise-grade DDoS protection shields the website against malicious traffic and attacks
- No server-side database: Our website is statically generated. We do not maintain a database of user submissions. Form data is delivered directly to our email via Web3Forms and is not stored on any server operated by AVS
- Private source code: Website source code is hosted on a private GitHub repository with restricted access
- Access controls: Only authorised officers of AVS have access to the email account that receives form submissions
- No payment data processing: UPI donations are peer-to-peer transactions handled entirely by your UPI application (Google Pay, PhonePe, Paytm, etc.). No financial data touches our website or servers
In the event of a personal data breach, AVS will notify the Data Protection Board of India and affected Data Principals in accordance with DPDPA 2023 Section 8(6) and provide a detailed report within 72 hours as prescribed by the Digital Personal Data Protection Rules, 2025. For EU/EEA residents, notification will also comply with GDPR Article 33.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, third-party services, legal requirements, or regulatory guidance. When we make changes:
- The "Last Updated" date at the top of this page will be revised
- Material changes will be prominently noted on this page
- We will not reduce your rights under this Policy without obtaining your explicit re-consent
We encourage you to review this Policy periodically. Your continued use of the website after any changes constitutes your acceptance of the updated Policy, except where re-consent is required.
15. Grievance Redressal Officer
In accordance with DPDPA 2023 Section 8(8) and IT (SPDI) Rules 2011 Rule 5(9), the following person has been designated as the Grievance Redressal Officer for all matters relating to the processing of personal data:
| Name | Harsh Parmar |
|---|---|
| Designation | Secretary, Aayushman Vidhya Society |
| admin@aayushmanvidhyasociety.org | |
| Address | Plot No. B-16, Siddha Aangan Villa, Bagru Khurd, Ajmer Road, Jaipur, Rajasthan 302026, India |
| Response Time | We will acknowledge your grievance within 7 days and resolve it within 30 days |
If you are not satisfied with the resolution provided by the Grievance Redressal Officer:
- Indian residents: You may file a complaint with the Data Protection Board of India (DPBI), as and when constituted and operational under DPDPA 2023
- EU/EEA residents: You may file a complaint with the supervisory authority in the EU/EEA Member State of your habitual residence, place of work, or the place of the alleged infringement
16. Governing Law & Jurisdiction
This Privacy Policy shall be governed by and construed in accordance with the laws of India, including but not limited to:
- The Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023)
- The Information Technology Act, 2000 and rules made thereunder
- The Rajasthan Societies Registration Act, 1958
Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Jaipur, Rajasthan, India.
For visitors from the European Economic Area, this provision does not affect any mandatory consumer protection laws that may be applicable in your country of residence, nor does it affect your right to file a complaint with a local supervisory authority.
If you have any questions about this Privacy Policy, please contact us at admin@aayushmanvidhyasociety.org or write to us at:
Aayushman Vidhya SocietyPlot No. B-16, Siddha Aangan Villa,
Bagru Khurd, Ajmer Road,
Jaipur, Rajasthan 302026, India