CISCE's Data Privacy Policy for Affiliation App

The Council for the Indian School Certificate Examinations (CISCE) ("CISCE", "we", "us", or "our") is committed to protecting the privacy, confidentiality, and integrity of information processed through this mobile application ("App").

E-Affiliation ("the App") is an official affiliation support application designed for use by authorized school users operating under the Council for the Indian School Certificate Examinations (CISCE) framework.

This Data Privacy Policy explains how information is collected, used, stored, and protected in compliance with CISCE norms and best practices.

1. Purpose and Scope of the Application

The CISCE E-Affiliation Mobile App is designed exclusively for use by authorised CISCE-affiliated schools and designated users to support the school affiliation process through controlled capture and upload of images and videos.

The App:

• Is not a general-purpose application
• Is not intended for public or commercial use
• Does not support advertising, marketing, or analytics-based profiling
• Is intended solely to facilitate secure media submission for CISCE affiliation requirements
• Ensures authenticity and traceability of uploaded data through geotagging and metadata capture

2. Scope and Intended Use

CISCE E-Affiliation Mobile App is intended solely for:

• Capture and upload of photographs and videos required for CISCE affiliation forms
• Synchronisation of uploaded media with the CISCE E-Affiliation Web Portal
• Enabling council inspection, review, and deficiency resolution workflows
• Controlled upload and re-upload of media based on CISCE review and inspection status
• Confidential document related data capture and evidence submission

The App is not intended for general public use or commercial purposes.

3. Geographic Usage Restriction

• E-Affiliation App is geographically limited to countries and regions where CISCE-affiliated schools operate.
• Access and usage are restricted to authorized CISCE institutions and personnel.
• The App is not targeted, promoted, or intended for users outside CISCE-operational countries.
• Data collection and processing are aligned with the fair conduct of CISCE's Affiliation

4. Data Collection

a. Personal Information

Collected strictly for core functionality:

• Email Address - Used for SSO login from school user's Microsoft account

b. Photos and Media

Images captured by the user - Purpose: Capture & Upload school images to get it updated on secured web portal with geotagging.

The app:

• Captures images only upon explicit user action
• Does not access background media
• Does not scan or collect other device photos or videos

c. App Activity

The app captures:

• Login timestamps with geotagging.
• School images/Videos Upload
• Camera access will be required for capturing photos and videos of movement of documents and for verification purposes only. The App will not access the camera without explicit user action.

5. Purpose of Data Use

All collected data is used only for:

• User authentication
• Core Affiliation-related functionality
• Education administration and compliance
• Audit trails and fraud prevention

Data is not used for:

• Advertising or marketing
• User profiling or personalization
• Cross-app or cross-service tracking

6. Data Sharing and Disclosure

Affiliation does not sell, rent, or share user data with third parties. Data access is restricted to:

• Authorized CISCE officials
• Authorized system administrators supporting affiliations operations
• Vetted service providers engaged by CISCE, strictly for operational support and under confidentiality obligations

Disclosure may occur only if required by law or regulatory authorities.

7. Data Storage and Security

• Data is stored on secure, access-controlled servers
• Role-based access control is enforced
• Data is encrypted during transmission
• System activity and access logs are maintained for audit purposes
• Reasonable technical and organizational safeguards are implemented to prevent unauthorized access, misuse, or loss.

8. Data Retention

Data is retained:

• As required by CISCE Affiliation policies
• In accordance with applicable education and regulatory record-retention norms

After the retention period, data is securely archived.

9. User Rights

Authorized users may:

• Request correction of inaccurate information
• Request clarification regarding stored data

Data deletion requests are subject to:

• Affiliation audit requirements
• Legal and regulatory obligations

10. Children's Privacy

• Affiliation app is not intended for students or children.
• It is restricted to authorized school users.
• The App does not collect personal data from children.

11. Data Deletion Requests

Given that this App is used for the fair and secure conduct Affiliation and is involved in tracking the movement of sensitive and confidential School-related information.

11.1 Request Routing

All data deletion requests must be routed through the concerned functionary's School Principal. Requests submitted directly by individual users will not be processed.

The School Principal shall formally submit the request to CISCE through official channels, confirming the identity, role, and justification for the request.

11.2 Review and Processing

Upon receipt of a valid request routed through the School Principal:

• CISCE will review the request in accordance with applicable law, including the Digital Personal Data Protection Act, 2023
• Data not required to be retained for examination integrity, audit, legal, or statutory purposes may be deleted or anonymised within a reasonable timeframe

11.3 Retention of Mandatory Records

CISCE may retain certain data where retention is necessary to:

• Maintain integrity and accountability
• Meet statutory, audit, or legal obligations

All retained data will continue to be protected in accordance with this Privacy Policy.

11.4 No In-App Deletion

Due to the sensitive nature of the App:

• No self-service or automated data deletion is provided within the App
• All deletion requests are processed only through formal, verifiable, and authorised channels

11.5 Account Deletion or Deactivation

Requests for deletion or deactivation of a user account on the App shall be subject to the same controlled and verified process as data deletion.

• Users shall not be permitted to independently delete or deactivate their accounts from within the App
• All account deletion or deactivation requests must be routed through the concerned School Principal and formally submitted to CISCE
• CISCE shall process such requests only after verification of the user's role, completion of affiliations-related responsibilities, and compliance with applicable legal, audit, and statutory retention requirements

Where complete account deletion is not permissible due to integrity, regulatory, or legal considerations, CISCE may restrict, disable, or anonymise the account, as deemed appropriate.

12. Developer Information and Privacy Contact

This App is developed, owned, and operated by the Council for the Indian School Certificate Examinations (CISCE), New Delhi, India.

For any privacy-related inquiries, including matters relating to data protection, data deletion, or account management under this Privacy Policy, users must follow the authorised communication mechanism outlined below.

All privacy-related inquiries shall be routed only through the concerned School Principal and formally submitted to CISCE through official channels, or through the official contact details published on the CISCE website (https://www.cisce.org).

Direct or unverifiable requests from individual users may not be processed, in order to protect examination integrity, confidentiality, and data security.