Data Protection Officer
Shrey Aadi Defence Academy is the data fiduciary for student, parent, teacher, and staff information processed through the ExamPulse platform. The Data Protection Officer (DPO) named below is the single point of contact for grievances, data-rights requests, and breach notifications.
Designated DPO
- To be published. Until then, please use the in-app grievance form below.
- Postal address
- Shrey Aadi Defence Academy · Lucknow, Uttar Pradesh, India
- Response window
- Within 7 working days for acknowledgement; up to 30 days for complete resolution.
What you can ask the DPO for
- Access — a copy of personal data we hold about you or your child.
- Correction — fix inaccurate or out-of-date information.
- Erasure — request deletion of personal data (subject to a 30-day grace period and any legal retention obligations).
- Withdrawal of consent — for any specific purpose, e.g. marketing communications, AI-assisted analysis.
- Grievance — escalate any concern about how your data has been handled.
- Breach inquiry — confirm whether a security incident affected your data.
How to file a request
- Sign in to your ExamPulse account so we can verify your identity.
- Navigate to Settings → Privacy & Data and choose the request type.
- The system records your request with a verifiable timestamp and a tracking ID, routes it to the DPO, and sends you a confirmation.
- If you cannot sign in, write to the postal address above with sufficient identification (parent: a copy of your ID + a recent fee receipt for your child; adult student: a copy of your ID).
Erasure (right to be forgotten)
On a verified erasure request we follow this timeline:
| Day | What happens |
|---|---|
| 0 | Request acknowledged in-app; case ID issued; DPO notified. |
| 0–7 | Identity verification completed; scope of data confirmed in writing. |
| 7–30 | Grace period during which the request can be cancelled by the same authenticated party. Account remains usable. |
| 30 | Hard deletion of personal data across primary store, search indices, and backups. A non-PII tombstone (request ID + timestamps) is retained for audit per DPDP §16. |
| 30+ | Confirmation email sent to the requester. The DPO retains the right to delay deletion for active legal or financial holds, with a written explanation. |
Children's data (DPDP §9)
Almost all our students are minors. We process their personal data only after a verifiable parental consent event is recorded against the student's profile. Parents may withdraw consent at any time via the in-app flow or by contacting the DPO. We do not target advertising at children, do not profile children for behavioural advertising, and do not share children's data with third parties beyond the operational vendors listed in the privacy policy.
Escalation to the Data Protection Board
If you are not satisfied with the resolution provided by the DPO within the stated window, you may escalate to the Data Protection Board of India under DPDP §27. The Board's contact details are published at the official Government of India portal. We will share the case file with the Board on request.
Breach notification
In the event of a confirmed personal-data breach affecting your records, we notify the Data Protection Board within 72 hours and you within 72 hours of confirmation, by SMS and email, with the nature of the breach, the data affected, and the steps you should take. Our internal breach runbook is committed to source control and reviewed quarterly by the DPO.