Privacy Policy

This Data Protection and Privacy Policy applies to Indus Hospital

Indus Hospital is committed to protecting and respecting your privacy and security and we believe your personal data is an ‘Amanah’ (Trust) – much like your donations – and are therefore committed to being open and transparent about how we store and use your personal information.

This Privacy Policy outlines how we collect, manage, use and protect your personal information.

Who are we: The Indus Hospital is a registered public company with a license under Section 42 of the Companies Ordinance, 1984.

How do we obtain your personal information: Personal Information is collected from you when interacting with Indus Hospital, for example this could be when you:

  • Support our work by donating
  • Inform us of your fundraising activities
  • Make an enquiry
  • Request information from our support team regarding our projects or your sponsored projects
  • Share your feedback
  • Make a complaint
  • Sign up for an event
  • Register as a volunteer
  • Apply for a job
  • Contact us or become involved with us in any other way not listed above

Information from third parties: We may also receive information about you from third parties if you have given them permission to share this information and indicated that you wish to support Indus Hospital.

What information do we collect: When you communicate with us we may collect ‘personal information’. This may include your name, address, email and telephone numbers. Other personal details may be collected, based on the services sought from Indus Hospital.

How do we use your information: We mainly will use your information for the following purposes:

  • Providing you information about our activities and services
  • Keeping you updated of our fundraising campaigns and events
  • Responding to your enquiries and complaints
  • Providing you with services, products or information you have requested, like project feedback reports
  • Processing your donations
  • Sending you a receipt to confirm your donation (unless requested otherwise)
  • Process a job or volunteering application
  • Staff administration
  • Complying with our legal obligations, policies and procedures
  • Administering records

We may aggregate and anonymise personal information so that it can no longer be linked to any particular person in order for us protect your personal identity. This anonymised data can be used for a variety of purposes (such as recruiting new supporters) or to identify trends or patterns within our existing supporter base. This data helps inform our actions and improve our campaigns, products, services and materials.

Who do we share your information with: We will not sell your details to any third parties, but we may sometimes share your information with our trusted service providers who are authorised to act on our behalf and partner organisations who work on our behalf, or whom we work with in partnership to deliver our projects. We may also use companies to deliver services and process your data on our behalf, including the delivery of postal mail, sending emails and text messages, processing card details and analysing stakeholder trends to assist us in offering better services to our supporters.

These ‘data processors’ will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing strict data protection agreements, on the conditions of confidentiality and security. Only limited information is shared with them, in order for them to deliver their services. We do not allow these organisations to use your data for their own purposes or disclose it to other third parties without our consent and we will take all reasonable care to ensure that they keep your data secure.

We will also comply with legal requests where disclosure is required or permitted by law (for example to government bodies for tax purposes or law enforcement agencies for the prevention and detection of crime, subject to such bodies providing us with a relevant and lawful request in writing).

How we keep your information up to date: Where possible, we try to keep your records up to date using publicly available sources; however, we really appreciate it if you let us know if your contact details change.

How long will we keep your information: We will hold your personal information on our systems for as long as is necessary for the relevant activity.

If you request that we stop sending you marketing materials we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.

How do we protect your information: We ensure that there are appropriate technical controls in place to protect your personal details. For example, our online forms are always encrypted and our network is protected and routinely monitored.

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and volunteers.

We use external companies to collect or process personal data on our behalf (such as Eventbrite). We do comprehensive checks on these companies before we work with them, especially regarding how they manage the personal data they collect on our behalf, or have access to.

Despite all of our precautions, no data transmission over the internet can be guaranteed to be 100% secure. So, while we strive to protect your personal information using strict procedures and security features to prevent unauthorised access, we cannot guarantee the security of any information you disclose to us online, and you must understand that you do so at your own risk. However, any payment card details (such as credit or debit cards) we receive through our website are passed securely to our payment processing providers who meet the required Payment Card Industry (PCI) Security Standards. We do not store your credit or debit card details at all following the completion of your transaction. All card details are securely destroyed once the payment or donation has been processed.

Children’s data: While we do not actively collect information from children (under 18s), we appreciate that our supporters are of all ages. Where appropriate, we will always ask for consent from a parent or guardian to collect information about children. All Indus Hospital events will have clear rules on whether or not children can take part, and the collection of data will be managed in accordance with each individual event, with appropriate safeguards in place.

How do we use cookies: Indus Hospital uses cookies on this website. A cookie is a text file sent by a web server to a web browser and stored by the browser. The text file is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser. We may send a cookie, which may be stored by your browser on your computer’s hard drive. We may use the information we obtain from the cookie in the administration of this website, to improve the website’s usability and for marketing purposes.

We may also use that information to recognise your computer when you visit our website and to personalise our website for you. If you do not wish to receive cookies you can easily modify your web browser to refuse cookies, or to notify you when you receive a new cookie. However, this can have a negative impact on the usability of many websites, including this one. We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies. Google will store this information. Google’s privacy policy is available at https://www.google.com/privacypolicy.html.

Accessing and updating your personal information: You can request access to any information we hold about you by contacting our support team at crd@tih.org.pk.

Your personal preferences and keeping your data accurate is of utmost importance to us. If at any stage you do not want to hear from us or want to update your details you can write to us at crd@tih.org.pk.

Any email we send you will contain information about how to unsubscribe from email marketing communications. During any phone conversation you have with us, please feel free to let us know how you prefer to be contacted.

Changes to Hospital’s Privacy Policy: We may update the terms of this Privacy Policy from time to time. Please do revisit this policy each time you consider giving your personal information to Indus Hospital.

This Privacy Policy was last updated October 2018.