Privacy Policy

This Privacy Policy sets out the principles and practices governing the collection, processing, storage, disclosure, retention, and protection of personal data by aLphabet International School (hereinafter referred to as “the School”). The School processes personal data strictly in accordance with applicable Indian laws, including but not limited to the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, associated rules, and, where applicable, international standards such as the General Data Protection Regulation (GDPR). The lawful bases for processing include consent, contractual necessity, compliance with legal obligations, protection of vital interests, performance of a public or educational function, and legitimate institutional interests.

For the purposes of this Policy: “Personal Data” means any data about an identifiable individual. “Sensitive Personal Data” includes health data, special educational needs, biometric data, and safeguarding records. “Data Subject” refers to any individual whose personal data is processed. “Processing” includes collection, recording, storage, use, disclosure, transfer, and deletion.

The School may collect, process, and retain the following categories: 3.1 Student Data (Identification details, academic records, assessment outcomes, Attendance, disciplinary, behavioural, and wellbeing records, Health, medical, counselling, and safeguarding information, Language acquisition and learning support documentation), 3.2 Parent/Guardian Data (Contact, identification, and relationship details, Financial, billing, and payment information, Communication records), 3.3 Staff and Contractor Data (Employment records, qualifications, background verification, Performance, appraisal, and training records), 3.4 Digital and Surveillance Data (Login credentials, system usage logs, CCTV footage, access control data, Transport GPS and safety monitoring data).

Personal data is processed solely for legitimate institutional purposes, including but not limited to: Delivery and administration of educational programmes, Student safety, safeguarding, and welfare, Academic assessment, reporting, and certification, Regulatory compliance, accreditation, and audits, Operational management and institutional improvement.

Where consent is required, it shall be obtained explicitly from parents/guardians or the data subject. Withdrawal of consent must be submitted in writing and may be subject to legal and operational constraints.

The School implements comprehensive safeguards including: Encrypted digital storage and secure servers, Role-based access controls, Google Workspace and Apple MDM security protocols, Regular audits, penetration testing, and staff training.

Personal data is retained only for the duration necessary to fulfil its purpose or meet statutory requirements. Upon expiry, data is securely archived or permanently deleted in accordance with institutional retention schedules.

Data may be shared with authorized educational partners, service providers, regulatory bodies, or legal authorities strictly on a need-to-know basis and subject to confidentiality agreements. International transfers occur only where adequate safeguards are in place.

Data subjects may request access, rectification, erasure, restriction, or objection to processing, subject to legal limitations. Requests must be submitted to the designated Data Protection Officer.

In the event of a data breach, the School shall initiate immediate containment measures, conduct an internal investigation, notify affected parties where required, and report to relevant authorities in compliance with law.