Privacy policy

Last updated: March 20, 2025

Welcome to www.sangrah.org, aplatform under the Dharohar Charitable Foundation in Udaipur, India, is dedicated to preserving and propagating India's ancient wisdom. The platform offers a detailed, descriptive catalogue of manuscripts, making them easily accessible to scholars and researchers worldwide. Sangrah collaborates with various libraries to digitise and catalogue manuscripts, ensuring their preservation and accessibility. This initiative allows scholars to search for phrases within texts and view them in context, reducing the risk of physical damage to the original manuscripts This privacy policy outlines how we collect, use, disclose, and protect your personal data when you interact with our website. By using www.sangrah.org, you consent to the collection and use of your information as described in this policy. 

We recognize the importance of safeguarding your personal data and are committed to adhering to all applicable data protection laws and regulations. 

Definitions for the purposes 

• Personal data: Any information that relates to an identified or identifiable individual. This includes, but is not limited to, names, addresses, email addresses, phone numbers, and any other information that can be used to identify a person.
  
  
• Data protection officer (DPO): We have appointed a 'Data Protection Officer’ who is responsible for ensuring that we comply with data protection regulations in the way we collect, store and use your personal information. You should contact the Data Protection Officer if you have any questions about this Privacy Notice or concerns about how we are handling your personal information.
  
  
• Data controller: The entity that determines the purposes and means of processing personal data. For the purposes of this policy, Dharohar is the data controller.
  
  
• Data processor: The entity that processes data on behalf of the data controller. This could include third-party service providers that handle data processing tasks.
  
  
• User: The individual using the service who is the subject of personal data. 
  
  
• Service: The application, website, or any other platform operated by Sangrah.
  
  
• Third-party service providers: External companies or individuals that provide services on behalf of Sangrah, such as analytics, advertising, or payment processing.
  
  

Data protection principles

We will comply with data protection legislation to ensure that your rights are observed and that your personal data is protected in the way it is collected, processed and stored by us and by anyone we share it with. 

Your personal data must be

• Used lawfully, fairly and in a transparent way. 
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes. 
• Relevant to the purposes we have told you about and limited only to those purposes. 
• Accurate and kept up to date. 
• Kept only as long as necessary for the purposes we have told you about. 
• Kept securely
  
  

The information we hold about

• Contact details: Name, Mobile number, Email address, Residential address, country of residence, Institutional Affiliation, Institutional address, Purpose for downloading manuscripts, Nature of research, Full name of research guide, Acknowledgement: Agreement to acknowledge the library in your publication, paper, or thesis (Yes/No).
  
  
• Registration and login information: Registration name, Registration email, Registration password, Registration country, Registration preferred input script: Preferred input script specified during registration. 

Website contact form data: Name, Email, Message content submitted via the form.

Manuscript purchase information: Name (manuscript purchaser), Email ID, Phone number, Address, State, City, Country.

Transaction and financial detail: Transaction amount,  Qfix no., Transaction ID.

How we use your personal information 

We will process your personal information (including sensitive personal category information), in accordance with our obligations under the GDPR and any subsequent data protection legislation. We will only use your personal information when we have a lawful justification for doing so. There are lawful justifications for using your personal data and we will normally use your data in the following circumstances:   

1. Where we have your consent or
2. Where it is necessary for our legitimate interests (or that of a third party) and your interests and fundamental rights do not override our interests  

We must keep a record of the reasons we collect your data and the legal justifications for us collecting, processing, storing and where appropriate, sharing your personal information with third parties. 

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose that is compatible with the original purpose.  

We may process your personal information without your knowledge or consent where the processing is permitted by lawful justification or required by legislation.  

If we need to use your personal information for any other unrelated purpose, we will notify you by updating our privacy policy, and we will seek your consent. 

Data sharing
We require third parties to keep your personal information confidential and secure to protect it in accordance with the law. They are only permitted to process your personal information for the lawful purpose for which it has been shared and in accordance with our instructions.  

We may share your personal information with regulatory bodies or to otherwise comply with legislation.  

Data security
We are committed to protecting your personal data in our custody. We take reasonable steps to ensure appropriate physical, technical and managerial safeguards are in place to protect your personal data from unauthorized access, alteration, transmission and deletion. We work to protect the security of your personal information during transmission by using encryption protocols on a few categories of data. We use access control to meet the growing demands and challenges of security. We ensure that third parties, who provide services to us under appropriate contracts, take appropriate security measures to protect your personal data in line with our policies.

Data retention
We will only retain your personal information for as long as necessary to fulfill the purposes we collect it for, including the purpose of satisfying any legal or regulatory requirements. 

Details of retention periods for different aspects of your personal information are available in the data retention policy.

Data protection rights and user responsibilities

• Right to access
  Right: Individuals have the right to request access to their personal data that is held by Sangrah, including details about how their data is being used.
  
  Responsibility: Individuals must ensure that the request for access is accurate and relevant, providing sufficient information to allow us to locate the data. They must also keep track of their own data and update it as necessary to ensure it is correct.
  
  
• Right to rectification
  Right: Individuals can request corrections to their personal data if it is inaccurate or incomplete.
  
  Responsibility: Individuals should notify Sangrah of any errors or changes in their personal data promptly, providing the correct details for updates. They are responsible for ensuring the data they provide is accurate.
  
  
• Right to erasure (Right to be forgotten)
  Right: Individuals have the right to delete their own personal data when it is no longer needed for the purpose it was collected or if they no longer want it stored.
  
  Responsibility: Individuals must ensure that the data they want to delete is not required for any legal, contractual, or other important reasons. They should also be aware that deleting their data might affect their access to certain services or features.
  
  
• Right to restrict processing
  Right: Individuals have the right to restrict the processing of their personal data under certain conditions, such as when they contest the accuracy of the data.
  
  Responsibility: Individuals must clearly communicate their reasons for restricting processing and understand that some services may be impacted by these restrictions. They should review the processing purposes before making such a request.
  
  
• Right to data portability
  Right: Individuals have the right to obtain and reuse their personal data for their own purposes across different services in a structured, machine-readable format. 
  
  Responsibility: Individuals must ensure that they are requesting data that is portable and that their request aligns with data that has processed based on their consent or contract. They should only request data they are authorized to transfer.
  
  
• Right to object
  Right: Individuals can object to the processing of their personal data, particularly if the data is being used for direct marketing or based on legitimate interests. 
  
  Responsibility: Individuals must be clear about the reasons for their objection and understand that, in some cases, objecting to processing may impact the services provided by Sangrah. They should also be aware of any legal obligations that might override their objection.
  
  
• Right to withdraw consent
  Right: Individuals have the right to withdraw consent for data processing at any time, without affecting the lawfulness of processing carried out before the withdrawal.
  
  Responsibility: Individuals must ensure they withdraw consent only when they no longer wish their data to be processed for the specific purpose. They should also understand that withdrawal of consent may affect their ability to use certain features or services.
  
  
• Right to lodge a complaint
  Right: Individuals can file a complaint with the relevant data protection authority if they believe their rights have been violated. 
  
  Responsibility: Individuals should first try to resolve any concerns with Sangrah by contacting their privacy or support team before lodging a formal complaint. They must also ensure they follow the correct channels when submitting a complaint.
  
  

Changes to this privacy notice 
We reserve the right to update this privacy notice at any time. Any changes will be reflected on this page.

We keep our Privacy policy under regular review to make sure it is up to date and accurate. We recommend that you re-visit this page regularly to check for any updates.

Contact information
You may contact us on any aspect of this privacy statement or for any grievance(s) with respect to your personal data, by filling this form: https://forms.office.com/r/gea6AWD0EX

In case of any questions about our privacy practices or if you believe that we may have inadvertently collected personal data without proper consent, you may also contact us by writing to our Data Protection Officer as per the details provided below:

Designation: Data protection officer
Form link: https://forms.office.com/r/gea6AWD0EX