Last Updated: [16.05.2023]

At Rise Fund Global (“RFG,” “we,” “our,” or “us”), we are committed to respecting and protecting the privacy of all individuals and organizations who engage with our services. This Privacy Policy (“Policy”) outlines how we collect, process, store, use, and share personal data, as well as the rights and choices you have regarding your information.

This Policy applies to all users, applicants, beneficiaries, donors, staff, partners, and third parties who interact with RFG through our official website https://risefundglobal.org, communications channels, digital platforms, or program activities.

By accessing or using our services, you consent to the practices described in this Policy.

1. Purpose of this Policy

The purpose of this Privacy Policy is to:

1. Clearly explain what information we collect and why.
2. Describe how we protect your data in compliance with international privacy laws such as:
   • General Data Protection Regulation (GDPR) (EU)
   • Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)
   • California Consumer Privacy Act (CCPA) (USA)
   • Other relevant regional privacy frameworks.
3. Provide transparency about our data-sharing practices.
4. Reassure users that their information will never be sold, misused, or shared with unauthorized parties.
5. Outline how individuals can exercise their privacy rights.

2. Scope

This Policy applies to:

• Individual applicants for funding or services.
• Organizational applicants, NGOs, and community-based groups.
• Donors and sponsors.
• Volunteers, staff, and contractors.
• Users of our website and digital services.
• Whistleblowers, fraud reporters, and other third parties.

This Policy does not apply to:

• External websites linked on our platform.
• Third-party services governed by their own privacy terms.
• Anonymous, aggregated datasets used for statistical analysis.

3. Information We Collect

We collect personal, organizational, and technical data to ensure fair program administration, compliance with law, and prevention of fraud. The categories include:

3.1 Personal Identifiers

• Full name, gender, date of birth
• Nationality and residency status
• Government-issued identification (passport, national ID, refugee card)
• Contact information (email, phone, address)

3.2 Financial Information

• Bank account details for grant disbursement
• Mobile money account registration
• PayPal, Payoneer, or other digital wallet credentials
• Transaction history related to grant activities

3.3 Demographic and Biographical Data

• Educational background
• Employment or vocational history
• Household composition (for need assessments)
• Community affiliation or leadership role

3.4 Organizational Information

• Legal incorporation or registration documents
• Financial statements and annual reports
• Project budgets and proposals
• Letters of endorsement or recognition

3.5 Technical Data

• IP address, browser type, device information
• Login timestamps and geolocation metadata
• Cookies, session identifiers, and analytics tags

3.6 Sensitive Data (Special Category)

• Refugee or asylum status
• Health-related needs for vulnerable applicants
• Political or conflict-related displacement status

Sensitive data is collected only where strictly necessary and with explicit consent.

4. How We Collect Data

We collect data through:

1. Application Forms — completed online at https://risefundglobal.org.
2. Uploaded Documentation — scanned IDs, legal documents, project files.
3. Direct Communication — phone calls, video verification, email exchanges.
4. Automated Technologies — cookies, analytics, and fraud-detection tools.
5. Third-Party Verification — banks, government agencies, NGOs, or local councils.

5. Why We Collect Data

Data is collected for the following purposes:

• To verify applicant eligibility and authenticity.
• To prevent fraud, scams, and infiltration by rebel or terrorist organizations.
• To conduct Know Your Customer (KYC) and due diligence checks.
• To comply with international anti-money laundering (AML) and counter-terrorism financing (CTF) regulations.
• To process grant disbursements securely.
• To evaluate project feasibility, sustainability, and community benefit.
• To generate anonymized reports for donors, regulators, and monitoring bodies.
• To communicate updates, cycle notifications, and program results.

6. Legal Basis for Processing

We process personal data under the following lawful bases:

• Consent: Applicants provide consent when submitting forms.
• Contractual Necessity: Data is required to fulfill grant agreements.
• Legal Obligation: Compliance with AML, taxation, and humanitarian law.
• Legitimate Interest: Fraud prevention, monitoring, and impact evaluation.
• Vital Interest: Protecting vulnerable individuals in crisis or displacement contexts.

7. Data Storage and Retention

• Personal data is stored securely on encrypted servers located in Canada and/or jurisdictions with adequate legal protections.
• Access is restricted to authorized RFG staff on a need-to-know basis.
• Documents are retained for a period of 7 years unless a longer period is required by law or donor agreements.
• After retention periods expire, data is safely deleted or anonymized.

8. Data Security Measures

We implement strict safeguards to protect data, including:

• End-to-end encryption of sensitive files.
• Secure Sockets Layer (SSL) technology for all website transactions.
• Multi-factor authentication for staff access.
• Regular vulnerability assessments and penetration testing.
• Monitoring for unauthorized logins or suspicious activity.
• Physical security for data centers, including biometric access.

9. Sharing and Disclosure of Data

We will never sell or rent personal information. However, data may be shared with trusted parties under controlled conditions:

1. Disbursement Partners — banks, money transfer services, and mobile money operators.
2. Verification Authorities — government bodies, NGOs, or embassies.
3. Donor Agencies — only anonymized, aggregated reports unless individual reporting is required by funding conditions.
4. Legal Authorities — when compelled by law or investigation.
5. Fraud-Prevention Networks — where cross-referencing of applicants is necessary to block abuse.

All partners must sign confidentiality and data protection agreements.

10. Cookies and Online Tracking

We use cookies and similar technologies for:

• Website functionality (login, navigation, language preferences).
• Analytics (Google Analytics or equivalent tools).
• Fraud detection and geolocation validation.

Users can control cookie settings in their browser. Opting out may limit site functionality.

11. International Data Transfers

As a global organization, data may be transferred outside the country of origin.
Safeguards include:

• Standard Contractual Clauses (SCCs) under GDPR.
• Hosting in countries with adequate privacy protection.
• Encryption for data in transit and at rest.

12. Children’s Privacy

Our services are not intended for children under 16 without verified guardian consent. We do not knowingly collect data from minors below legal age thresholds.

13. Fraud Prevention, AML & CTF Safeguards

To maintain financial integrity, RFG employs:

• Background checks against global watchlists (OFAC, UN sanctions lists).
• Screening for politically exposed persons (PEPs).
• Monitoring unusual transaction patterns.
• Collaboration with international regulators to prevent misuse of funds.

Applicants linked to fraud, money laundering, extremist networks, or organized crime will be reported to authorities.

14. Your Rights

Depending on your jurisdiction, you may exercise the following rights:

• Access: Request a copy of your data.
• Correction: Rectify inaccurate information.
• Erasure: Request deletion (“right to be forgotten”).
• Restriction: Limit processing under certain conditions.
• Portability: Receive data in machine-readable format.
• Objection: Opt out of certain processing activities.
• Consent Withdrawal: Withdraw consent without affecting prior processing.

To exercise rights, email privacy@risefundglobal.org with proof of identity.

15. Communications and Notifications

By applying or engaging with RFG, you consent to receiving:

• Program updates and cycle notifications.
• Compliance or verification requests.
• Security alerts in case of data breaches.

Users can opt out of non-essential marketing emails, but cannot opt out of critical compliance or security communications.

16. Data Breach Procedures

In the event of a data breach:

• Impacted users will be notified within 72 hours (GDPR standard).
• Incident details, mitigation steps, and next actions will be provided.
• Relevant authorities will be informed as required by law.

17. Third-Party Links

Our website may link to external platforms. RFG is not responsible for the privacy practices of third-party websites. Users are encouraged to review those privacy policies independently.

18. Amendments to this Policy

RFG reserves the right to update this Policy at any time. The “Last Updated” date will reflect the most recent revision. Continued use of our services constitutes acceptance of the revised Policy.

19. Governing Law

This Policy shall be governed by and interpreted under the laws of Ontario, Canada, alongside relevant international data protection regulations.

20. Contact Information

For questions, rights requests, or complaints:

• Privacy Inquiries: privacy@risefundglobal.org
• General Support: support@risefundglobal.org
• Fraud Reporting: fraud@risefundglobal.org
• Legal Matters: legal@risefundglobal.org