Privacy Policy

The Bhutan Nepal Foundation ("BNF," "Foundation," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, retain, and safeguard information obtained through our website located at bhutannepalfoundation.org (the "Website"), including any subdomains, mobile applications, and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, please do not access or use our Services. We reserve the right to modify this Privacy Policy at any time, and such modifications shall be effective immediately upon posting. Your continued use of the Services following any modifications constitutes your acceptance of such modifications.

This Privacy Policy applies to all visitors, users, members, donors, volunteers, and others who access or use our Services ("Users").

1. Information We Collect

1.1 Personal Information

We may collect personally identifiable information ("Personal Information") that you voluntarily provide to us when you:

• Register for membership or create an account
• Submit contact forms or inquiry requests
• Subscribe to newsletters or mailing lists
• Register for events, conferences, or programs
• Make donations or membership contributions
• Submit volunteer applications
• Request publications or resources
• Participate in surveys, contests, or promotions
• Communicate with us via email, phone, or social media

The types of Personal Information we may collect include, but are not limited to:

• Identity Information: First name, last name, middle name, title, date of birth, gender, nationality, citizenship status, photograph, and signature
• Contact Information: Email address, postal address (including street address, city, state/province, postal code, and country), telephone number (home, mobile, and work), fax number, and social media handles
• Professional Information: Occupation, employer name, job title, professional affiliations, educational background, and credentials
• Financial Information: Payment card details, bank account information, billing address, transaction history, and donation records
• Account Information: Username, password, account preferences, and communication preferences
• Demographic Information: Age, ethnicity, language preferences, religious affiliation (where voluntarily provided), and country of origin
• Connection Information: Your relationship to the Bhutanese community, diaspora status, family connections, and reasons for engagement with the Foundation
• Communication Content: Messages, feedback, comments, questions, and other content you provide in communications with us

1.2 Automatically Collected Information

When you access or use our Services, we automatically collect certain information about your device, browsing actions, and usage patterns, including:

• Device Information: Device type, operating system and version, browser type and version, device identifiers (including UDID, advertising ID, and device fingerprint), screen resolution, and hardware model
• Connection Information: Internet Protocol (IP) address, Internet Service Provider (ISP), mobile carrier, connection speed, and network type
• Location Information: Geographic location derived from IP address, GPS coordinates (if enabled), time zone, and regional settings
• Usage Information: Pages visited, links clicked, time spent on pages, referring URL, exit pages, date and time of visits, frequency of visits, and navigation paths
• Interaction Data: Scroll depth, mouse movements, click patterns, form interactions, download activity, and video viewing behavior
• Search Data: Search queries entered on our Website and search results accessed

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms when you interact with our social media accounts or use social login features
• Payment processors and financial institutions when you make transactions
• Analytics providers and advertising networks
• Public databases and publicly available sources
• Partner organizations, event co-hosts, and affiliates
• Referrals from other members or supporters

2. How We Collect Information

We collect information through the following methods:

• Direct Collection: Information you provide directly when filling out forms, creating accounts, making payments, or communicating with us
• Automated Collection: Information collected automatically through cookies, web beacons, pixels, server logs, and similar technologies
• Third-Party Collection: Information received from third-party service providers, partners, and publicly available sources
• Offline Collection: Information collected during in-person events, phone conversations, paper forms, and postal correspondence

3. Use of Information

We use the information we collect for the following purposes:

3.1 Service Delivery and Operations

• Processing membership applications and managing member accounts
• Processing donations and financial transactions
• Registering users for events, programs, and activities
• Providing access to resources, publications, and archives
• Facilitating accommodation and tour bookings
• Managing volunteer applications and coordination
• Responding to inquiries, requests, and support needs

3.2 Communication

• Sending transactional emails (confirmations, receipts, updates)
• Distributing newsletters, announcements, and updates
• Providing information about events, programs, and opportunities
• Sending membership renewal reminders and updates
• Responding to feedback, questions, and complaints
• Conducting surveys and collecting feedback

3.3 Analytics and Improvement

• Analyzing usage patterns and trends to improve our Services
• Measuring the effectiveness of our communications and outreach
• Understanding user preferences and behavior
• Developing new features, services, and content
• Conducting research and statistical analysis

3.4 Legal and Compliance

• Complying with applicable laws, regulations, and legal processes
• Enforcing our Terms of Use and other agreements
• Protecting our rights, privacy, safety, and property
• Detecting, preventing, and addressing fraud, security, or technical issues
• Maintaining appropriate records for audit and compliance purposes

4. Disclosure of Information

We may share your information in the following circumstances:

• Service Providers: With third-party vendors, contractors, and service providers who perform services on our behalf (see Section 5)
• Affiliates and Partners: With affiliated organizations, partner institutions, and event co-hosts for legitimate operational purposes
• Legal Requirements: When required by law, subpoena, court order, or other legal process, or to protect our legal rights
• Business Transfers: In connection with any merger, acquisition, reorganization, or sale of assets, subject to appropriate confidentiality obligations
• Consent: With your explicit consent or at your direction
• Aggregated Data: We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you

We do not sell, rent, or lease your Personal Information to third parties for their marketing purposes without your explicit consent.

5. Third-Party Service Providers

We engage various third-party service providers to help us operate our Services. These providers may have access to your Personal Information solely for the purpose of performing services on our behalf and are contractually obligated to protect your information. Our service providers include:

5.1 Email and Communication Services

Resend — We use Resend (resend.com) for transactional email delivery. When you provide your email address, it may be processed by Resend to deliver:

• Account verification and password reset emails
• Membership confirmation and renewal notices
• Event registration confirmations
• Donation receipts and acknowledgments
• Contact form response notifications
• Newsletter and marketing communications (with consent)

Resend may collect and process your email address, email content, delivery status, open rates, click-through data, and related metadata. Our Resend email servers are located in Tokyo, Japan. For more information, please review Resend's privacy policy at resend.com/legal/privacy-policy.

5.2 Hosting and Infrastructure

Self-Hosted Infrastructure — Our website is self-hosted across multiple Virtual Private Servers (VPSs) managed by our development partner. These servers collect standard server logs, including IP addresses, request timestamps, and performance data. The hosting infrastructure is maintained in accordance with industry-standard security practices to ensure data privacy and security.

5.3 Content Management

WordPress — We use WordPress as a headless CMS for content management. Content data is processed through WordPress APIs and may be subject to WordPress.com's privacy policy at automattic.com/privacy.

5.4 Analytics Services

We may use analytics services such as Google Analytics, Plausible Analytics, or similar tools to understand how visitors use our Website. These services may collect IP addresses, browser information, device data, pages visited, time on site, and user interactions. Analytics data may be processed in accordance with each provider's respective privacy policies.

5.5 Payment Processors

For online donations and membership payments, we may use third-party payment processors such as Stripe, PayPal, or similar services. These processors collect and process financial information (credit card numbers, bank account details, billing addresses) directly and are PCI-DSS compliant. We do not store complete payment card information on our servers.

5.6 Social Media Platforms

When you interact with our social media presence on platforms such as Facebook, YouTube, Twitter/X, LinkedIn, or Instagram, those interactions are governed by the respective platform's privacy policies. Social media plugins and widgets on our Website may collect information about your browser and activities.

5.7 Other Service Providers

We may also engage providers for customer support, cloud storage, database management, security services, marketing automation, survey tools, and other operational functions. All such providers are required to maintain appropriate security measures and use your information only as necessary to provide services to us.

6. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect and store information about your interactions with our Services.

6.1 Types of Cookies

• Essential Cookies: Required for basic website functionality, security, and authentication. Cannot be disabled without affecting site operation.
• Performance Cookies: Collect information about how visitors use our Website, including pages visited and error messages encountered.
• Functionality Cookies: Remember your preferences and settings, such as language and region.
• Analytics Cookies: Help us understand website traffic and user behavior to improve our Services.
• Marketing Cookies: Track visitors across websites to display relevant advertisements (if applicable).

6.2 Managing Cookies

Most web browsers allow you to control cookies through browser settings. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Website may become inaccessible or not function properly.

6.3 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Because there is no accepted standard for how to respond to DNT signals, our Website does not currently respond to DNT browser signals.

7. Data Retention

We retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Retention periods vary depending on the type of information and purpose:

• Membership Records: Retained for the duration of membership plus seven (7) years thereafter for legal and tax compliance
• Donation Records: Retained for a minimum of seven (7) years for tax and audit purposes
• Event Registration: Retained for three (3) years after the event
• Communication Records: Retained for three (3) years from the date of communication
• Website Analytics: Retained for twenty-six (26) months
• Email Marketing Data: Retained until you unsubscribe, plus two (2) years for compliance records

When information is no longer required, we will securely delete or anonymize it in accordance with applicable laws and our data retention policies.

8. Data Security

We implement appropriate technical and organizational security measures designed to protect your Personal Information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Secure authentication mechanisms and access controls
• Regular security assessments and vulnerability testing
• Employee training on data protection and security practices
• Physical security measures for facilities housing data
• Incident response and breach notification procedures

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

9. International Data Transfers

The Bhutan Nepal Foundation is headquartered in Nepal. Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where our service providers may be located. These countries may have data protection laws that differ from the laws of your country.

When we transfer Personal Information internationally, we take appropriate steps to ensure that your information receives an adequate level of protection, including:

• Standard contractual clauses approved by relevant authorities
• Binding corporate rules for intra-group transfers
• Certification schemes and codes of conduct
• Adequacy decisions where available

By using our Services, you consent to the transfer of your information to countries outside your country of residence, including countries that may not provide the same level of data protection.

10. Your Rights and Choices

Depending on your location and applicable laws, you may have certain rights regarding your Personal Information:

• Access: Request access to the Personal Information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your Personal Information, subject to legal retention requirements
• Portability: Request a copy of your data in a structured, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests or for direct marketing purposes
• Withdraw Consent: Withdraw consent where processing is based on consent, without affecting prior lawful processing

Email Communications: You may opt out of receiving promotional emails by clicking the "unsubscribe" link in any promotional email or by contacting us directly. Note that you may continue to receive transactional emails related to your account or transactions.

To exercise any of these rights, please contact us using the information provided in Section 14. We may need to verify your identity before processing your request. We will respond to your request within the timeframe required by applicable law.

11. Children's Privacy

Our Services are not directed to children under the age of 16 (or such other age as may be specified by applicable law). We do not knowingly collect Personal Information from children under 16. If you are a parent or guardian and believe that your child has provided us with Personal Information without your consent, please contact us immediately. If we become aware that we have collected Personal Information from a child under 16, we will take steps to delete such information from our records.

12. External Links

Our Website may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the content, privacy practices, or security of any third-party websites or services.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this Privacy Policy
• Post the revised Privacy Policy on our Website
• Notify you by email or through a prominent notice on our Website (for material changes)

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: