Privacy Policy

At Burhan Institute of Research, we respect your privacy and are committed to protecting your personal data. This privacy policy explains what information we collect, how we use it, and your rights under applicable data protection laws, including the General Data Protection Regulation (GDPR).

1. Data Controller

Burhan Institute of Research is the data controller responsible for your personal information. For privacy-related inquiries, please contact us using our contact form.

2. Information We Collect

We collect and process the following types of personal data:

Contact Information

• Email address and name when you subscribe to our newsletter
• Name and contact details when you submit a contact form
• Event registration information including preferences you share
• Donation information processed through our payment providers

Email Engagement Data

• Email opens: We use tracking pixels to measure when you open our emails
• Link clicks: We track which links you click in our emails using tracked URLs
• Email client information: We collect your device type and email client (via user agent)
• Purpose: This helps us improve email content, timing, and relevance

Technical Data

• IP address (for security and analytics purposes)
• Browser type and version
• Device type (desktop, mobile, tablet)
• Page views and site navigation patterns
• Time zone and location (approximate, based on IP address)

3. Legal Basis for Processing

Under GDPR, we process your data based on the following legal grounds:

• Consent (Article 6(1)(a)): When you subscribe to our newsletter or opt-in to communications
• Legitimate interests (Article 6(1)(f)): Website analytics, email performance tracking, and improving our services
• Contract performance (Article 6(1)(b)): Processing event registrations and donations you request
• Legal obligations (Article 6(1)(c)): Maintaining financial records as required by law

4. How We Use Your Information

• To send newsletters, event announcements, and updates you've opted into
• To process donations and send receipts through our payment providers
• To respond to your inquiries submitted through contact forms
• To analyze email engagement and improve our communication effectiveness
• To maintain website security and prevent fraud
• To understand how visitors use our website and improve user experience
• To comply with legal obligations and protect our rights

5. Email Tracking Technologies

What We Track

• Open rates: Using invisible tracking pixels (1x1 transparent images)
• Click rates: Using tracked redirect links
• Device and email client: To optimize email formatting
• Time of engagement: To determine optimal sending times

How to Opt Out of Email Tracking

• Disable automatic image loading in your email client settings
• Use privacy-focused email services that block tracking pixels
• Unsubscribe from our emails using the link at the bottom of each message

6. Cookies and Similar Technologies

Our website uses the following types of cookies:

• Essential cookies: Required for website functionality and security (session management, authentication)
• Analytics cookies: Help us understand how visitors use our website (e.g., Google Analytics)
• Preference cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that blocking essential cookies may affect website functionality.

7. Third-Party Services

We share limited data with trusted third-party services to operate our website and communications. We do not sell your personal information.

• Brevo: Email delivery and tracking service (Privacy Policy)
• Vercel: Website hosting and content delivery (Privacy Policy)
• Neon: Database hosting (Privacy Policy)
• Payment processors: Stripe or similar services for donation processing (subject to their privacy policies)

8. Data Retention

We retain your personal data for the following periods:

• Newsletter subscribers: Until you unsubscribe, plus 30 days for processing
• Email analytics: Retained indefinitely in aggregate form for performance analysis
• Event registrations: Event date plus 1 year
• Contact form submissions: Up to 2 years or until resolved
• Website analytics: 26 months (Google Analytics default)
• Donation records: 7 years (legal requirement for financial records)

9. Your Rights Under GDPR

If you are in the EU/EEA, UK, or other jurisdictions with similar data protection laws, you have the following rights:

• Right to access (Article 15): Request a copy of your personal data we hold
• Right to rectification (Article 16): Correct inaccurate or incomplete data
• Right to erasure (Article 17): Request deletion of your data ("right to be forgotten")
• Right to restrict processing (Article 18): Limit how we use your data
• Right to data portability (Article 20): Receive your data in a structured, machine-readable format
• Right to object (Article 21): Object to processing based on legitimate interests
• Rights related to automated decision-making (Article 22): We do not use automated decision-making or profiling

10. How to Exercise Your Rights

To exercise any of your data protection rights:

• Use our contact form
• Click the "Unsubscribe" link in any email (for newsletter opt-out)
• Visit our unsubscribe page

We will respond to your request within 30 days. We may request additional information to verify your identity before processing certain requests.

11. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers are located. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for certain countries
• Service providers certified under recognized frameworks

12. Children's Privacy

Our website and services are not directed at children under 16 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately so we can delete it.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit (HTTPS/TLS)
• Secure database storage with access controls
• Regular security assessments and updates
• Strict access controls for personnel
• Secure authentication for admin systems

14. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify subscribers via email if changes significantly affect their rights
• Post a notice on our website homepage for 30 days

Continued use of our website and services after changes constitutes acceptance of the updated policy.

15. Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113

In the EU, you can find your national data protection authority at:EDPB Members