Privacy Policy
Last updated: June 2025 ·
Effective for: Gita Niketan Awasiya Vidyalaya KKR — NCC Unit Portal
This policy governs the collection, use, storage, and protection of personal data on this platform,
in compliance with applicable Indian laws.
1. Legal Framework
This Privacy Policy is drafted in compliance with:
- Information Technology Act, 2000 (as amended in 2008) — Sections 43A and 72A
- IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 — issued under Section 87(2)(ob) of the IT Act
- Digital Personal Data Protection Act, 2023 (DPDP Act) — India's comprehensive data protection law
- NCC Act, 1948 — governing the National Cadet Corps operations
Being an educational institution portal involving minors (school students), this platform also adheres to enhanced protections for children's data as outlined in Section 9 of the DPDP Act, 2023.
2. Data Controller / Data Fiduciary
Gita Niketan Awasiya Vidyalaya, KKR
NCC Unit — Army Wing & Air Wing
This institution acts as the Data Fiduciary as defined under Section 2(i) of the DPDP Act, 2023, and the Body Corporate as defined under the SPDI Rules, 2011.
3. Personal Data We Collect
We collect the following categories of personal data:
| Data Category | Specific Fields | Who Provides |
|---|
| Identity Data | Full name, NCC Roll/Registration No. | Cadet & ANO |
| Contact Data | Email address, emergency contact number | Cadet & ANO |
| Biographic Data | Date of birth, gender | Cadet & ANO |
| Sensitive Personal Data * | Blood group | Cadet & ANO |
| Location/Address Data | Residential address | Cadet |
| Biometric/Image Data * | Profile photograph (face photo) | Cadet & ANO |
| Academic Data | Class/Grade, NCC Wing | Cadet (set by ANO) |
| Professional Data | Rank, Service No., Qualification, Date of Joining | ANO only |
| Device Data | Browser push notification token (FCM token) | Auto-collected |
| Documents | Uploaded files (ID proof, medical, academic, NCC certificates) | Cadet |
* Blood group and photographs constitute Sensitive Personal Data or Information (SPDI) under Rule 3 of the SPDI Rules, 2011.
4. Purpose of Data Collection
Data is collected exclusively for the following purposes:
- Maintaining digital NCC cadet records as mandated by NCC administrative requirements
- Enabling ANO to manage, verify, and communicate with cadets in their wing
- Facilitating secure document storage and retrieval for NCC-related paperwork
- Sending announcements, updates, and notifications from ANO to cadets
- Authenticating users and maintaining account security
- Emergency identification (blood group, emergency contact)
We do not use your data for advertising, profiling, or commercial purposes.
5. Lawful Basis for Processing
Under the DPDP Act 2023, processing is based on:
- Consent — Users voluntarily register and provide their data (Section 6, DPDP Act)
- Legitimate Use — Processing necessary for NCC administrative purposes
- Legal Obligation — Maintaining records as required under the NCC Act, 1948
Special provision for minors: As per Section 9 of the DPDP Act, 2023, for cadets who are minors (under 18 years), processing of personal data requires verifiable parental or guardian consent. By registering a minor cadet on this platform, the institution confirms that appropriate consent has been obtained.
6. Data Storage & Third-Party Processors
Your data is stored using the following services:
| Service | Provider | Data Stored | Location |
|---|
| Firebase Authentication | Google LLC (USA) | Email, password hash, UID | Google servers (may include India) |
| Firebase Firestore | Google LLC (USA) | Profile data, updates, notifications | Google Cloud (asia-south1 recommended) |
| Google Drive | Google LLC (USA) | Photos, documents, ANO attachments | Google servers |
As per Rule 4 of the SPDI Rules, 2011, and Section 16 of the DPDP Act, 2023, cross-border transfer of data to countries outside India is permissible subject to adequate data protection. Google LLC maintains ISO 27001 certified data centres and complies with applicable standards.
7. Data Retention
- Cadet profile data is retained for the duration of the cadet's enrolment and for 3 years thereafter for record-keeping purposes
- ANO profile data is retained for the duration of their service at the institution
- Documents uploaded to Google Drive are retained until deleted by the cadet or ANO
- Push notification tokens are deleted automatically when invalid
- Upon request for account deletion, data will be erased within 30 days
8. Data Sharing & Disclosure
We do not sell, rent, or trade personal data. Data may be shared only in these circumstances:
- Within the institution: ANO can view NCC details (roll number, grade, blood group) and documents of cadets in their wing only
- Legal requirement: If required by Indian courts, law enforcement, or government authorities under applicable law
- NCC Directorate: Aggregate or specific cadet data may be shared with the NCC Directorate as part of mandatory reporting obligations under the NCC Act, 1948
- Emergency: Emergency contact details may be accessed in life-threatening situations
9. Your Rights as a Data Principal
Under the DPDP Act, 2023 (Sections 11–14), you have the following rights:
- Right to Access (Section 11): Request a summary of your personal data held by us
- Right to Correction (Section 12): Request correction of inaccurate or incomplete data
- Right to Erasure (Section 12): Request deletion of your personal data
- Right to Grievance Redressal (Section 13): Raise a complaint about data processing
- Right to Nominate (Section 14): Nominate a person to exercise rights on your behalf in case of death or incapacity
- Right to Withdraw Consent (Section 6): Withdraw consent at any time; this will result in account deactivation
To exercise any of these rights, contact the institution's Data Grievance Officer (see Section 12 below).
10. Security Measures
As required under Section 8(5) of the DPDP Act and Rule 8 of the SPDI Rules, we implement:
- Encrypted data transmission (HTTPS/TLS for all communications)
- Firebase Authentication with email verification for access control
- Role-based access control (Cadets cannot access other cadets' data; ANO can only access their wing)
- Firestore Security Rules restricting field-level write access
- Google Drive private storage (documents not publicly accessible)
- Periodic review of access permissions and security rules
11. Cookies & Tracking
This portal uses:
- Firebase Authentication session cookies — strictly necessary for login functionality, no tracking purpose
- Service Worker cache — for offline functionality (PWA), stores only static site files locally
- No third-party advertising or analytics cookies
12. Grievance Officer
As required under Rule 5(9) of the SPDI Rules, 2011 and Section 13 of the DPDP Act, 2023, a Grievance Officer has been designated:
Grievance Officer: Principal / Designated NCC Officer
Institution: Gita Niketan Awasiya Vidyalaya, KKR
Contact: [Institution email/phone to be added]
Response time: Within 30 days of receiving the complaint, as mandated by Rule 5(9) of the SPDI Rules, 2011.
13. Changes to This Policy
We reserve the right to update this Privacy Policy. Users will be notified of material changes via an announcement on the portal. Continued use of the portal after changes constitutes acceptance of the revised policy.
