Data Security

Data Protection Policy

Our commitment to protecting your personal data

Effective: February 2026

Our Commitment

The Lanka Dementia & Alzheimer Association (LDAA) is committed to protecting the personal data of all individuals whose information we process. This policy outlines our approach to data protection and compliance with applicable data protection laws.

Data Protection Principles

⚖️

Lawfulness & Fairness

Data is processed lawfully, fairly, and transparently

🎯

Purpose Limitation

Data collected for specified, explicit purposes only

📊

Data Minimization

Only necessary data is collected and processed

Accuracy

Data is kept accurate and up to date

Storage Limitation

Data retained only as long as necessary

🔒

Security

Appropriate measures to protect data integrity

Scope of This Policy

This policy applies to all personal data processed by LDAA, including data of members, donors, volunteers, event participants, and website visitors. It covers data collected through our website, events, membership applications, and any other interactions.

Legal Basis for Processing

We process personal data on the following legal grounds:

  • Consent: When you have given clear consent for processing
  • Contract: When processing is necessary to fulfill our obligations
  • Legal Obligation: When required by law
  • Legitimate Interest: When in our legitimate interests and not overridden by your rights

Security Measures

We implement appropriate technical and organizational measures including:

🔐 Encryption of data in transit and at rest
🔑 Access controls and authentication
🛡️ Regular security assessments
📋 Staff training on data protection
💾 Regular backups and recovery procedures
📝 Incident response protocols

Data Subject Rights

Individuals have the following rights regarding their personal data:

Right of Access
Right to Rectification
Right to Erasure
Right to Restrict Processing
Right to Data Portability
Right to Object

Data Breach Procedures

In the event of a personal data breach, we will notify affected individuals and relevant authorities as required by law, typically within 72 hours of becoming aware of the breach. We maintain incident response procedures to ensure swift and appropriate action.

Data Protection Officer

For any questions about this policy or to exercise your data protection rights, contact our Data Protection Officer:

Email: info@lankadementiaassociation.lk
Phone: +94 112 223 508
Address: 179f Avissawella Rd, Pannipitiya 10230

Policy Approved: January 2024 | Last Reviewed: February 2026