WICSO DATA PROTECTION POLICY ============================== World Islamic Countries Organisation for Scouts and Guides Effective from 1 January 2024 1. INTRODUCTION --------------- WICSO is committed to protecting the privacy and personal data of its members, beneficiaries, staff, partners, and other stakeholders. This policy outlines how WICSO collects, processes, stores, and shares personal data in compliance with applicable data protection laws. 2. DEFINITIONS -------------- - Personal Data: Any information relating to an identified or identifiable natural person - Processing: Any operation performed on personal data, including collection, storage, retrieval, and deletion - Data Subject: The individual whose personal data is being processed - Consent: Freely given, specific, informed, and unambiguous indication of agreement 3. DATA COLLECTION PRINCIPLES ------------------------------ WICSO shall collect personal data only for specified, explicit, and legitimate purposes. Data collection shall be limited to what is necessary for the intended purpose. Data subjects shall be informed of the purpose of data collection at the time of collection. 4. DATA SUBJECT RIGHTS ----------------------- Data subjects have the right to: - Access their personal data held by WICSO - Request correction of inaccurate or incomplete data - Request deletion of data where applicable - Withdraw consent at any time - Lodge a complaint regarding data handling practices 5. DATA SECURITY ----------------- WICSO shall implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security audits. 6. DATA RETENTION ------------------ Personal data shall be retained only for as long as necessary for the purpose for which it was collected, or as required by law. Data no longer needed shall be securely deleted or anonymized. 7. THIRD-PARTY SHARING ----------------------- WICSO shall not share personal data with third parties without the data subject's consent, except where required by law or for legitimate organisational purposes with appropriate safeguards. 8. COMPLIANCE AND ENFORCEMENT ------------------------------ Violations of this policy may result in disciplinary action. Data subjects may report concerns to the WICSO Data Protection Officer at dpo@wicso.org.