1.0              1. Introduction

Welcome to the School Safety Assurance International (SSAI) GDPR Compliance Policy. SSAI is committed to protecting your privacy and ensuring that all personal data is collected, processed, and stored lawfully, transparently, and securely. This policy outlines how SSAI, as a SaaS and cloud-based platform, complies with the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection (DPDP) Act, 2023.

By using our services, you agree to the terms outlined in this policy. If you have any questions, please contact our Data Protection Officer (DPO) at info@school-safety.org.

2. Who We Are

SSAI provides SaaS-based solutions for School Safety Audits and Certifications to educational institutions. As a Data Controller, SSAI determines the purposes and means of processing personal data provided by users. We are committed to ensuring compliance with all applicable data protection laws.

3. Personal Data We Collect

3.1 Data You Provide

We collect personal data directly from you when you:

  • Use our SaaS platform to request quotes, register for services, or access certifications.
  • Contact us via email, phone, or social media.
  • Register for events, newsletters, or seminars.
  • Apply for job vacancies.

Examples of personal data collected:

  • Name, email address, phone number, and job title.
  • Payment details for subscription services.
  • Identification documents for verification purposes.

3.2 Data We Collect Automatically

When you use our SaaS platform, we may collect:

  • Online Identifiers: IP addresses, browser types, and device information.
  • Cookies: For analytics, performance tracking, and user experience improvements. (Refer to our Cookies Policy for more details.)

3.3 Data from Third Parties

We may receive personal data from:

  • Business partners, subcontractors, and analytics providers.
  • Marketing lists purchased from external vendors.
  • Referrals from existing clients.

3.4 Special Categories of Data

In limited cases, we may process sensitive data, such as:

  • Health data (e.g., for reasonable adjustments during recruitment).
  • Data related to criminal or civil offenses (e.g., for compliance or legal purposes).
    Sensitive data is processed only when necessary and with explicit consent or a lawful basis.

4. Legal Basis for Processing

We process personal data under the following lawful bases:

  1. Performance of a Contract: To deliver services as per your agreement with SSAI.
  2. Legitimate Interests: For fraud prevention, service improvement, and marketing.
  3. Legal Obligations: To comply with tax, regulatory, and legal requirements.
  4. Consent: For specific purposes, such as marketing communications or processing sensitive data. You can withdraw consent at any time.

5. How We Use Personal Data

We use personal data to:

  • Provide and improve our SaaS platform and services.
  • Respond to inquiries and provide customer support.
  • Process payments and manage subscriptions.
  • Conduct audits, certifications, and compliance checks.
  • Send marketing communications (with your consent).
  • Ensure the security of our platform and prevent fraud.

6. Data Sharing and International Transfers

6.1 Data Sharing

We may share personal data with:

  • Service Providers: For hosting, payment processing, and IT support.
  • Regulatory Authorities: To comply with legal obligations.
  • Business Partners: For joint service delivery (with appropriate agreements in place).

6.2 International Transfers

If personal data is transferred outside the European Economic Area (EEA) or India, we ensure:

  • The recipient country has an Adequacy Decision from the European Commission.
  • Standard Contractual Clauses (SCCs) or other lawful mechanisms are in place.

We do not sell personal data to third parties.

7. Data Security

SSAI employs robust security measures to protect personal data, including:

  • Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2 or higher).
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA) are enforced.
  • Monitoring: Continuous monitoring of cloud infrastructure for threats.
  • ISO 27001 Certification: Our systems and processes are certified to meet global security standards.

We also have an Incident Response Team to address data breaches promptly.

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law. Examples:

  • Service Data: Retained for 7 years after the end of the contract.
  • Recruitment Data: Retained for 6 months for unsuccessful candidates.
  • Legal Data: Retained for the duration of legal proceedings and 7 years thereafter.

Data is securely deleted or anonymized when no longer required, in line with our Data Disposal Policy.

9. Your Data Privacy Rights

As a data subject, you have the following rights:

  1. Right to Access: Request a copy of your personal data.
  2. Right to Rectification: Correct inaccurate or incomplete data.
  3. Right to Erasure: Request deletion of your data ("right to be forgotten").
  4. Right to Restrict Processing: Limit how your data is processed.
  5. Right to Data Portability: Transfer your data to another controller.
  6. Right to Object: Object to processing based on legitimate interests or for marketing purposes.
  7. Rights Related to Automated Decision-Making: SSAI does not use automated decision-making.

To exercise your rights, contact our Data Protection Officer (DPO) at info@school-safety.org.

10. Cookies and Online Tracking

We use cookies to:

  • Analyze website traffic and user behavior.
  • Improve platform performance and user experience.
  • Deliver targeted marketing (with your consent).

For more details, refer to our Cookies Policy.

11. Queries and Complaints

If you have questions or concerns about this policy or how we handle your data, contact our Data Protection Officer (DPO):

Email: info@school-safety.org
Address:
Suite # 58, Arihant Industrial Premises,
Off Link Road, Goregaon (W),
Mumbai – 400 090, Maharashtra, India.

If you are unsatisfied with our response, you can lodge a complaint with your local data protection authority.

12. Updates to This Policy

This policy is reviewed regularly to ensure compliance with evolving regulations and industry standards. The latest version is always available on our website.