Enrolment for new students is now open

Enrol Now
login

Data Protection & GDPR Compliance Policy for Aani Academy

  1. Introduction Aani Academy is committed to ensuring the protection of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how we collect, process, store, and protect personal data, ensuring transparency and security in all operations.
  1. ScopeThis policy applies to all personal data collected from students, parents, staff, and any third parties interacting with Aani Academy.
  1. Internal Data Handling Procedures
  • All personal data is processed lawfully, fairly, and transparently.
  • Data collection is limited to what is necessary for educational and administrative purposes.
  • Staff handling personal data must complete data protection training and follow secure data handling procedures.
  • Personal data is accessed only by authorized personnel with a legitimate need.
  1. How Data Access Requests Are Handled
  • Parents, students (if age-appropriate), and staff may request access to their personal data.
  • Data Subject Access Requests (DSAR) should be submitted in writing to Info@aanistudio.com.
  • Aani Academy will respond within one monthof receiving the request.

If additional verification is required, the response time may be extended by up to two month

  1. Secure Storage & Data Protection Measures
  • Personal data is stored securely on encrypted servers and cloud-based systems compliant with UK GDPR standards.
  • Access to personal data is restricted to authorized personnel using secure login credentials.
  • Any physical records (if applicable) are stored in locked cabinets with restricted access.
  • Regular audits and security reviews are conducted to ensure compliance with data protection regulations.
  1. Data Retention & Deletion Policies
  • Personal data is retained only for as long as necessary to fulfill educational, legal, or regulatory obligations.
  • Student records are securely deleted after 6 years of inactivity, in accordance with data protection and safeguarding guidelines.
  • Parents and students can request the deletion of personal data by submitting a request to Info@aanistudio.com.
  • Any data deletion request will be assessed against legal requirements before approval.
  1. Data Breach Protocols
  • In the event of a data breach, Aani Academy will assess the risk and take immediate action to contain and mitigate the breach.
  • Any data breaches that pose a risk to individuals’ rights and freedoms will be reported to the Information Commissioner’s Office (ICO) within 72 hours.
  • Affected individuals will be notified if the breach poses a high risk to their data security.
  1. Third-Party Data Sharing
  • Personal data is not shared with third parties unless required for educational purposes, legal obligations, or with explicit consent.
  • All third-party service providers handling personal data (e.g., payment processors, cloud storage providers) must comply with UK GDPR.
  1. Policy Review & Compliance
  • This policy is reviewed annually or as required by changes in data protection regulations.
  • All staff and stakeholders must adhere to this policy to ensure compliance with UK GDPR.

 

For any questions or data-related requests, please contact Info@aanistudio.com.