Welcome to Spark Edutech
Certified by Kerala Government Enterprise
Centres details: All over Kerala
Head Office: Spark Edutech, Nadakkal, Aduthala P.O. Kollam, Kerala 691579
Welcome to Spark Edutech
Certified by Kerala Government Enterprise
Centres details: All over Kerala
Head Office: Spark Edutech, Nadakkal, Aduthala P.O. Kollam, Kerala 691579
Quick Contact:
Follow Us:
Apply Now
Quick Contact:
Follow Us:
Apply Now
SPARK EDUTECHData Protection Policy

Data Protection Policy

logo-08 logo-06

Data Protection Policy

The purpose of this policy is to ensure compliance with the Data Protection Act (DPA) 2018 which govern any processing of information about individuals and the rights those individuals have relating to this information. This legislation covers all personal information held in both electronic form and manual form. This policy applies to to all personal data held and processed by the organization. This includes data held in any system or format, whether electronic or hard copy.

Adherence to this policy is mandatory for all employees whether permanent, fixed term or temporary, reviewers, any third-party representatives or sub-contractors. agency workers, volunteers, interns and agents engaged with the organisation.

Data Protection Principles

The data protection principles state that personal data should be:

  • Processed lawfully, fairly and in a transparent manner in relation to individuals
  • Collected for specified, explicit and legitimate purposes and not further processed in manner that is incompatible with those purposes.
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Accurate and, where necessary, kept up to date. Every reasonable step must be takento ensure that personal data that are inaccurate, having
    regard to the purposes for which they are processed, are erased or rectified .
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  • Data processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful
    processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. 

This policy ensures processing of all personal data to be safe, secure and transparent. We have procedures in place to enable data subjects to exercise their rights:

  • The rights of individuals are protected with regards to the processing of personal information
  • We develop, implement and maintain a data protection policy, in compliance with the data protection laws.
  • Complaints Procedure and Data Incident Reporting policy guides for identifying, investigating, reviewing and reporting any breaches or complaints about data protection
  • We store and destroy all personal information in accordance with our Information Retention policy
  • Any information provided to an individual in relation to personal data held or used about them, with be provided in a concise, transparent,
    intelligible and easily accessible form, using clear and plain language
  • We maintain records of processing activities

Data Governance

Data Storage

Information and records relating to data subjects will be stored securely and will only be accessible to authorized employees. Information will be stored for only in accordance with the required statute.

Data Retention

Data pertaining to trainers, learners, stakeholders will be retained for a period of two years following their departure. This includes but is not limited to personal information, employment records, and relevant communications. Such data will be securely stored in compliance with applicable data protection regulations.

After the retention period, all retained data will be promptly and securely disposed of in accordance with the  company’s data retention and destruction
procedures. Access to retained data will be restricted for legitimate business purposes or legal requirements.

Data Accuracy

Data subjects are requested to notify the organisation if and when changes are made in the information provided.

Training

Staff awareness programme ensuring that new and existing employees, trainers, learners, clients are trained and supported in to discharge their data protection
responsibilities.

  • Training covering data protection, records management information security and cyber  security that is delivered
  • Regular awareness updates and alerts to any information security risks
  • 1:1 support session when necessary
  • Access to data protection and information security policies, procedures checklists and supporting documents

Data Storage and Deactivation for Exit Employees

  • All employees, trainers, learners and stakeholders must adhere to the data storage and deactivation protocol upon relieving from the organisation.
  • Exit employees required to securely transfer all company-related data from personal devices to designated storage platforms.
  • Any physical storage devices containing company information must be returned to the IT department for data wiping or disposal.
  • Email accounts and access credentials must be surrendered and will be deactivated to prevent unauthorized access
  • Collaboration tools and shared drives must be cleared of any personal or sensitive information before departure.
  • Exit employees must cooperate with IT personnel to ensure proper data removal from all devices and platforms.
  • Failure to comply with data storage and deactivation procedures may result in legal consequences.
  • The company reserves the right to monitor and audit compliance with this policy to safeguard sensitive information.
  • By acknowledging this policy, exit employees agree to abide by its terms and protect the integrity and confidentiality of company data even after departure.

 

Penalties for Non-Compliance

It is the responsibility of all, employees, trainers, learners, clients, vendors, consultants and stakeholders to: 

  • Ensure that they collect, store and process personal data in accordance with  ‘data protection laws’ and comply with data protection policy. Store contacts in approved and managed systems and not held in duplicate copies elsewhere
  • Not attempt to gain access to information that it is not necessary for them to hold, know or process.
  • Ensure that any personal data obtained is accurate and relevant to thepurpose for which it is required.

Policy Review

This policy will be updated on a yearly basis or as necessary to reflect best practice, relevant case law, and to ensure compliance with any changes or amendments to Data Protection legislation. Updates and communications regarding reviews will be shared through relevant means of communication.

Governing law

This Data Protection Policy shall be governed by and construed in accordance with the laws of India, including applicable data protection and information technology laws. Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts at Kollam, Kerala.

Effective Date: 10/01/2026 Next Review Date: 05/01/2027 Version: 1.0
Approved By: Senior Management, Spark Edutech