Data Collection Matrix
| Data Type | Source | Purpose | Retention |
|---|---|---|---|
| Volunteer Applications | Online Forms | Screening/Training | 3 years post-activity |
| Meal Statistics | Anonymous Surveys | Program Evaluation | 5 years |
| Donor Information | Payment Processors | IRS Compliance | 7 years |
| Equipment Training Records | In-Person Sign-In | OSHA Compliance | 10 years |
Special Data Categories
A. Protected Health Information
Collected only for:
- ADA accommodations
- Special diet documentation
Stored separately with: - AES-256 encryption
- Biometric access controls
- Annual HIPAA audits
B. Payment Data
Processed through:
- PCI-DSS compliant gateways
- Tokenization for recurring donations
- No direct storage of CVV codes
User Rights Procedure
- Submit written request to [Designated Email]
- Provide two forms of ID verification
- Allow 30 days for processing
- Appeal rights through [State] Attorney General’s office
International Data Transfers
- EU-US Data Privacy Framework compliant
- Standard Contractual Clauses for other regions