Data Privacy & Protection Compliance Note

Green EcoLab is committed to safeguarding personal, community, partner, and institutional data collected in the course of its environmental restoration, research, and development activities. The organization applies responsible data governance practices aligned with applicable data protection laws, donor requirements, and international good practice.

1. Policy Commitment

Green EcoLab ensures that all data is collected, processed, stored, and shared in a lawful, transparent, and ethical manner, and used solely for legitimate project, research, monitoring, reporting, and stakeholder‑engagement purposes.

1. Core Data Protection Principles

Green EcoLab adheres to the following data protection principles:

• Lawful and fair processing of data.
• Purpose limitation, with data used only for clearly defined objectives.
• Data minimization, collecting only what is necessary.
• Accuracy and timely updating of records.
• Confidentiality and integrity of data.
• Limited retention, in line with project, contractual, and legal requirements.

1. Data Types

Data handled by Green EcoLab may include, but is not limited to:

• Personal contact information.
• Community consultation and participation data.
• Project and research data.
• Monitoring, evaluation, and learning data.
• Digital communication records (including email and collaboration platforms).

Sensitive data is collected only where essential for defined purposes and, where required, on the basis of informed consent.

1. Consent and Data Use

Where required by law or good practice, informed consent is obtained prior to data collection. Data is not sold or used for commercial marketing purposes. It is shared only with authorized partners, donors, consultants, or service providers under formal agreements and appropriate confidentiality and data‑protection safeguards, or where disclosure is required by law or competent authorities.

1. Data Security

Green EcoLab applies appropriate technical and organizational measures to protect data, including, as relevant:

• Controlled and role-based access to systems and files.
• Secure digital storage and transmission.
• Secure management of physical records, where applicable.
• Restricted handling of data by authorized and trained personnel only.

1. Rights and Safeguards

Individuals have the right to request access to, correction of, or deletion of their personal data, subject to legal, ethical, and contractual obligations and record-keeping requirements. Green EcoLab responds to such requests through its official communication channels and within applicable timeframes.

1. Incident Management

In the event of a suspected or actual data breach, Green EcoLab will:

• Take prompt action to contain and assess the incident.
• Mitigate potential harm to affected individuals and stakeholders.
• Document the incident and corrective measures taken.
• Notify affected parties and relevant authorities where required by applicable law or donor obligations.

1. Compliance and Review

This note reflects Green EcoLab’s commitment to comply with applicable national data protection regulations, relevant donor requirements, and recognized international standards. Data protection practices, including related procedures and staff training, are periodically reviewed and strengthened as needed to respond to evolving legal, technical, and operational requirements