1.0 1. Introduction
Welcome to the School Safety Assurance
International (SSAI) GDPR Compliance Policy. SSAI is committed to
protecting your privacy and ensuring that all personal data is collected,
processed, and stored lawfully, transparently, and securely. This policy
outlines how SSAI, as a SaaS and cloud-based platform, complies with the General
Data Protection Regulation (GDPR) and the Digital Personal Data
Protection (DPDP) Act, 2023.
By using our services, you agree to the
terms outlined in this policy. If you have any questions, please contact our Data
Protection Officer (DPO) at info@school-safety.org.
2. Who We Are
SSAI provides SaaS-based solutions for School
Safety Audits and Certifications to educational institutions. As a Data
Controller, SSAI determines the purposes and means of processing personal
data provided by users. We are committed to ensuring compliance with all
applicable data protection laws.
3. Personal Data We Collect
3.1 Data You Provide
We collect personal data directly from you
when you:
- Use
our SaaS platform to request quotes, register for services, or access
certifications.
- Contact
us via email, phone, or social media.
- Register
for events, newsletters, or seminars.
- Apply
for job vacancies.
Examples of personal data collected:
- Name,
email address, phone number, and job title.
- Payment
details for subscription services.
- Identification
documents for verification purposes.
3.2 Data We Collect Automatically
When you use our SaaS platform, we may
collect:
- Online
Identifiers: IP addresses, browser types,
and device information.
- Cookies:
For analytics, performance tracking, and user experience improvements.
(Refer to our Cookies Policy for more
details.)
3.3 Data from Third Parties
We may receive personal data from:
- Business
partners, subcontractors, and analytics providers.
- Marketing
lists purchased from external vendors.
- Referrals
from existing clients.
3.4 Special Categories of Data
In limited cases, we may process sensitive
data, such as:
- Health
data (e.g., for reasonable adjustments during recruitment).
- Data
related to criminal or civil offenses (e.g., for compliance or legal
purposes).
Sensitive data is processed only when necessary and with explicit consent
or a lawful basis.
4. Legal Basis for Processing
We process personal data under the
following lawful bases:
- Performance
of a Contract: To deliver
services as per your agreement with SSAI.
- Legitimate
Interests: For fraud prevention, service
improvement, and marketing.
- Legal
Obligations: To comply with tax,
regulatory, and legal requirements.
- Consent:
For specific purposes, such as marketing communications or processing
sensitive data. You can withdraw consent at any time.
5. How We Use Personal Data
We use personal data to:
- Provide
and improve our SaaS platform and services.
- Respond
to inquiries and provide customer support.
- Process
payments and manage subscriptions.
- Conduct
audits, certifications, and compliance checks.
- Send
marketing communications (with your consent).
- Ensure
the security of our platform and prevent fraud.
6. Data Sharing and International
Transfers
6.1 Data Sharing
We may share personal data with:
- Service
Providers: For hosting, payment
processing, and IT support.
- Regulatory
Authorities: To comply with legal
obligations.
- Business
Partners: For joint service delivery
(with appropriate agreements in place).
6.2 International Transfers
If personal data is transferred outside
the European Economic Area (EEA) or India, we ensure:
- The
recipient country has an Adequacy Decision from the European
Commission.
- Standard
Contractual Clauses (SCCs) or other lawful mechanisms are in place.
We do not sell personal data to third
parties.
7. Data Security
SSAI employs robust security measures to
protect personal data, including:
- Encryption:
All data is encrypted at rest (AES-256) and in transit (TLS 1.2 or
higher).
- Access
Controls: Role-based access control
(RBAC) and multi-factor authentication (MFA) are enforced.
- Monitoring:
Continuous monitoring of cloud infrastructure for threats.
- ISO
27001 Certification: Our systems and
processes are certified to meet global security standards.
We also have an Incident Response Team
to address data breaches promptly.
8. Data Retention
We retain personal data only as long as
necessary for the purposes outlined in this policy or as required by law.
Examples:
- Service
Data: Retained for 7 years after the end
of the contract.
- Recruitment
Data: Retained for 6 months for
unsuccessful candidates.
- Legal
Data: Retained for the duration of legal
proceedings and 7 years thereafter.
Data is securely deleted or anonymized
when no longer required, in line with our Data Disposal Policy.
9. Your Data Privacy Rights
As a data subject, you have the following
rights:
- Right
to Access: Request a copy of your
personal data.
- Right
to Rectification: Correct inaccurate
or incomplete data.
- Right
to Erasure: Request deletion of your data
("right to be forgotten").
- Right
to Restrict Processing: Limit how your
data is processed.
- Right
to Data Portability: Transfer your data
to another controller.
- Right
to Object: Object to processing based on
legitimate interests or for marketing purposes.
- Rights
Related to Automated Decision-Making:
SSAI does not use automated decision-making.
To exercise your rights, contact our Data
Protection Officer (DPO) at info@school-safety.org.
10. Cookies and Online Tracking
We use cookies to:
- Analyze
website traffic and user behavior.
- Improve
platform performance and user experience.
- Deliver
targeted marketing (with your consent).
For more details, refer to our Cookies Policy.
11. Queries and Complaints
If you have questions or concerns about
this policy or how we handle your data, contact our Data Protection Officer
(DPO):
Email:
info@school-safety.org
Address:
Suite # 58, Arihant Industrial Premises,
Off Link Road, Goregaon (W),
Mumbai – 400 090, Maharashtra, India.
If you are unsatisfied with our response,
you can lodge a complaint with your local data protection authority.
12. Updates to This Policy
This policy is reviewed regularly to
ensure compliance with evolving regulations and industry standards. The latest
version is always available on our website.