1 PURPOSE
The purpose of this policy is to affirm the commitment of the Society of Ex-Budhanilkantha Students (SEBS) towards ensuring the protection and security of data collected from its members. SEBS is committed to protecting all personal information and being transparent about what information we hold. The document explain how SEBS handles and uses personal data we collect about our alumni and our past, current, and future supporters, including donors, volunteers, participants in membership groups that we run, and attendees at events that we organize.
SEBS is a member-serving, not-for-profit, non-governmental organization registered in Nepal. Established in 1982, SEBS is recognized as the official association of Budhanilkantha School (BNKS) alumni. The mission of SEBS is to work in the best interest of its members, the alma mater – BNKS, and the community. SEBS fosters collaboration, cooperation, and unity among its members, and supports BNKS to advance its goals. In addition, SEBS has effectively executed various community service projects and development initiatives, and disaster relief efforts to serve the people of Nepal.
In this context, SEBS aims at developing a better understanding of our alumni and supporters in order to effectively keep in touch with its members, apprise members and well-wishers of our activities and developments, provide services to its members, and identify ways in which SEBS and its members can provide financial and in-kind support to each other.
2 SCOPE
2.1 IN SCOPE
This policy applies to all SEBS member data collected for the purpose of creating an alumni database. Therefore, it applies to servers, databases, and IT systems that handle such data, including any device that is regularly used for email, web access, or other work-related tasks.
The data includes all members of SEBS.2.2 Out of Scope
Information that is classified as public is not subject to this policy.
3 Policy
3.1 GENERAL
SEBS holds information relating to its members. Information is understood as all the data the member has voluntarily shared with SEBS.
- SEBS does not collect data from any other sources apart from what is voluntarily provided by each member.
- Communications to members may be sent by post, telephone, or electronic means (principally by email), depending on the contact details we hold, the consent that the member has provided, and the preferences expressed by the member about the types of communications they wish to receive.
- SEBS will always respect a request by the member to stop processing their personal data, and in addition their statutory rights are set out below.
- Based on the above, SEBS shares data with its alumni members in order to be able to communicate and provide support to its members and supporters in a coordinated manner. SEBS maintains other electronic and paper records.
- Members, by signing in the consent form, authorize SEBS to use their data. In case, member decides to ‘opt-out’ of the system, a formal notification must be sent to the executive committee. Once approved, the particular member’s data will be ‘hidden’ from the system. The data will not be physically erased.
- Members will have access to our database as outlined in the next section.
3.2 ACCESS CONTROL AUTHORIZATION
- All members of SEBS will have access to the data elements except marked as ‘confidential’ in Appendix 1. The access to alumni member data will be made available to all members for general accessibility.
- Member Information Data will be made available through SEBS’ official online portal, www.sebs.org.np. The data can be further accessed from other sites and portals as authorized by the Ex-Comm.
- The data in the system will be handled by the dedicated IT member appointed by the Ex Com.
- BNKS and other partner entities will have access to the data as individual members with no special privileges in addition to those enjoyed by individual members.
- Only the President, the General Secretary, and member(s) of the Ex Com authorized by the Ex Com will have access to the complete dataset.
3.3 DATA PROTECTION
SEBS ensures we have appropriate data sharing agreements in place before sharing your personal data.
- SEBS will not sell your personal data to third parties under any circumstances.
- SEBS will facilitate communication between individual alumni, but in doing so will not release personal contact details without prior permission.
3.4 USER RESPONSIBILITY
- All members of the organization have the right to ask for access to, or rectification or erasure of their data, restrict processing (pending correction or deletion), object to communications or direct marketing, ask for the transfer of their data electronically to a third party (data portability).
- Any incident of data misuse should be immediately reported to the authorized person appointed by SEBS Ex Com for investigation.
3.5 DATA PROTECTION
SEBS will take the following measures to ensure data protection:
- Physical security
- Keys to the server room will be kept secure.
- Record of everyone who has access to the server room will be maintained at all times.
- Event logs
- All user account logins will be recorded.
- System configuration changes will be recorded.
- All event log data will be securely backed up.
- System and Database Audits
- Security audits will be performed every six-month to ensure system security is maintained at all times. These audits will include:
- System User Account Security
- System Password Security
- System Access Control Authorization
- User Level Database Password
- User Level Database Privileges
- Regularity of Security Update Patches
- System and Database Configurations
- Should SEBS decide to use third-party service to host the data, all data protection facilities provided by the party will be applicable, including encryption and key management, threat detection and monitoring, management of identities and permissions amongst other services provided by the third party.
- Security audits will be performed every six-month to ensure system security is maintained at all times. These audits will include:
- Data Subject Rights
- Data subject has the right to know who, when and for what purpose his/her information was accessed. This will be built in the database portal.
3.6 DATA BREACH AND COMPLAINT FILING
A “personal data breach” is construed as any unauthorized or accidental disclosure of, acquisition of, sharing of, use of, alteration of, destruction of, or loss of access to personal data that compromises the confidentiality, integrity, or availability of personal data.
In case a member feels that their data has been accessed by parties other than authorized,
- Member should immediately report the misuse to SEBS Data Officer designated by the SEBS Ex-Comm.
- Upon receipt of a notice, SEBS will initiate an investigation to determine the scale of the breach.
- The reasons for the breach will be analyzed and appropriate action will be initiated under applicable laws.
3.7 DATA PROTECTION OF DECEASED MEMBERS
- Upon receiving a formal notification of death of a member, after due verification process, all the data pertaining to that member in the database will be flagged as “Deceased”.
3.8 MONITORING AND REVIEW
- This policy will be monitored regularly and reviewed at least once every two years.
NOTE: SEBS reserves the right to change, modify, or otherwise amend this policy at its sole discretion and at any time as it deems circumstances warrant. Any such changes will be communicated to its members via email addresses on record and will be posted on the SEBS website.
APPENDIX 1
MEMBER INFO SHEET
Of all the data collected from members, data elements marked YES in the confidential column will be kept confidential (i.e. data will not be accessible to members other those designated by the Executive committee).
| SN | PERSONAL INFO 1 | CONFIDENTIAL? |
|---|---|---|
| 1. | Roll No | NO |
| 2. | First Name | NO |
| 3. | Middle Name | NO |
| 4. | Last Name | NO |
| 5. | Gender | NO |
| 6. | Address (when admitted to BNKS) | YES |
| 7. | YES | |
| 8. | Phone | YES |
| 9. | Blood Group | YES |
| 10. | Able to Donate? | YES |
| SCHOOL INFO | ||
| 1. | BNKS Enrolled Year | NO |
| 2. | BNKS Graduated Year | NO |
| 3. | BNKS Enrolled Class | NO |
| 4. | BNKS Graduated Class | NO |
| PERSONAL INFO 2 – ADDRESS | ||
| 1. | City | YES |
| 2. | State | NO |
| 3. | Zip/Postal Code | YES |
| 4. | Country | NO |
| PROFESSIONAL INFO 1 – Education | ||
| 1. | Education Level | YES |
| 2. | Field of Study | NO |
| 3. | Expertise Field | YES |
| 4. | Areas of Interest | NO |
| 5. | Institution | NO |
| 6. | Degree | NO |
| 7. | Graduated Year | NO |
| PROFESSIONAL INFO 2 – Work | ||
| 1. | Current Organization | YES |
| 2. | Designation | NO |
| 3. | Field of Work | YES |
| 4. | Work Phone | YES |
| 5. | Work Email | YES |
| 6. | City | YES |
| 7. | State | YES |
| 8. | Zip/Postal Code | YES |
| 9. | Country | YES |
| 10. | Past Organization | YES |
| 11. | Past Field of Work | YES |
| ADDITIONAL INFO | ||
| 1. | Would you be able to host senior students (9-12) for a one-day externship? | YES |
| 2. | Would you be able to host senior students/alums for an internship? | YES |
| 3. | Would you be willing to speak with students and alums for informational interviews (e.g., about college application, career advice)? | YES |
| 4. | Would you like to share your contact information with BNKS students and Alums if needed? | YES |
| 5. | If Yes, what is your preference of mode of contact? | YES |
| 6. | Are there any other ways in which you would like to support SEBS/BNKS? | YES |
| 7. | What kind of support would you like to receive from SEBS? | YES |
| 8. | Did or do any of your children attend BNKS? | YES |