Privacy Policy

THAAP (Trust for History, Art & Architecture of Pakistan)
Website: https://thaap.org.pk/
Email: info@thaap.org
Physical Address: 43-G, Gulberg-III, Lahore

INTRODUCTION

THAAP (“we”, “us”, “our”) is a non-profit, non-governmental organization dedicated to the restoration, documentation, and promotion of Pakistan’s cultural heritage, including architectural conservation, historical research, and educational services.

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains:

What information we collect.

How we use, store, and share it.

Your legal rights under Pakistani law and internationally recognized standards.

LEGAL FRAMEWORK & COMPLIANCE

THAAP operates in accordance with:

Constitution of Pakistan – Right to privacy (Article 14).

Prevention of Electronic Crimes Act (PECA) 2016 – Data protection obligations for digital platforms.

Pakistan Data Protection Bill 2023 (as may be enacted) – Principles of lawful processing, consent, and data security.

Trusts Act 1882 – Governance of non-profit trust data handling.

Punjab Local Government & Heritage Preservation Acts (where applicable).

General Data Protection Regulation (GDPR) – Where we engage EU-based donors/researchers.

INFORMATION WE COLLECT

A. Personal Data You Provide
Donors/Supporters: Name, CNIC (optional), email, postal address, phone number, donation history, tax exemption details.

Service Users (e.g., heritage consultancy, research requests): Name, affiliation, project details, billing info.

Event/Workshop Participants: Registration details, professional background, photographs (with consent).

Volunteers/Interns: CV, qualifications, ID copy (for security clearances on heritage sites).

B. Automatically Collected Data (via website)
IP address, browser type, device info, referring pages, time stamps.

Cookies – see Section 8.

C. Sensitive Data (Processed only with explicit consent)
Health info (for on-site restoration activities requiring physical fitness).

Religious/ethnic background (only for grant compliance regarding cultural representation).

HOW WE USE YOUR INFORMATION

We use personal data solely for non-profit heritage restoration and related services:

To process donations, issue tax receipts (under Income Tax Ordinance 2001).

To manage heritage site restoration projects, workshops, and public awareness campaigns.

To respond to service inquiries (e.g., heritage assessment reports).

To comply with legal obligations (e.g., anti-money laundering checks on large donations).

To improve website functionality and security.

Legal bases: Contract (for services), legitimate interest (heritage promotion), consent (for photos/marketing), legal obligation (tax/financial reporting).

DATA SHARING & DISCLOSURE
We do not sell your personal data. Limited sharing occurs only with:

Government bodies (e.g., Department of Archaeology & Museums, FBR) as required by law.

Service providers (secure payment gateways, cloud hosting – all under data processing agreements).

Heritage partners (universities, UNESCO) for collaborative restoration – only aggregated/non-identifiable data unless consent given.

Legal authorities under valid court order or PECA 2016 compliance.

DATA RETENTION

Donor records: 7 years (Pakistani tax audit requirements).

Service contracts: 5 years after project completion.

Volunteer/Intern records: 2 years after engagement ends.

Website logs: 12 months, then anonymized.

Photographs/event media: Retained indefinitely for archival/heritage documentation unless you request deletion.

DATA SECURITY

We implement physical, technical, and administrative safeguards appropriate for a non-profit, including:

SSL encryption on thaap.org.pk.

Restricted access to donor databases (password-protected, role-based).

Regular malware scanning and backups.

Staff training on PECA & data privacy.

However, no internet transmission is 100% secure – you share data at your own risk.

COOKIES & TRACKING TECHNOLOGIES

Our website uses essential cookies (session, security) and optional analytics cookies (via privacy-friendly services like Matomo or self-hosted analytics).

You can disable cookies via browser settings; some features may break.

No third-party advertising cookies are used.

YOUR RIGHTS (Under Pakistani Law & Best Practice)
You have the right to:

Access – Request a copy of your data (free once per year).

Correction – Fix inaccurate or incomplete data.

Erasure – Request deletion (unless legal retention applies).

Object – To processing for direct marketing or public interest activities.

Withdraw consent – For optional data uses (e.g., event photos).

To exercise rights, contact our Data Protection Focal Person at:
privacy@thaap.org.pk or postal address above. Response time: 30 days.

CHILDREN’S PRIVACY
Our heritage education programs may involve children under 18 only with parental/guardian consent provided via physical forms. We do not knowingly collect children’s data online.
INTERNATIONAL DATA TRANSFERS
We primarily store data on servers located in Pakistan (e.g., local hosting via PTCL or reputable local data centers). If we use international tools (e.g., Mailchimp for newsletters), we ensure GDPR-equivalent safeguards (SCCs).
THIRD-PARTY LINKS
Our website may link to heritage partners, government portals, or donors’ sites. THAAP is not responsible for their privacy practices – review their policies separately.
CHANGES TO THIS PRIVACY POLICY
We may update this policy to reflect legal changes or new services. The “Last Updated” date will change. Significant changes will be notified via a banner on thaap.org.pk or email to registered users.
GRIEVANCE REDRESSAL (Under PECA 2016)
If you have a complaint regarding data handling:

If unresolved within 30 days, you may approach:

Pakistan Data Protection Authority (once formally established).

Federal Investigation Agency (FIA) – Cyber Crime Wing for PECA violations.

CONTACT US
For all privacy-related matters:
THAAP – Data Protection Focal Person
Email: info@thaap.org
Phone: (042) 35847651
Mail: 43-G, Gulberg-III, Lahore