GDPR
GDPR Compliance
Nisaab360 is committed to responsible data handling and privacy protection.
This GDPR Compliance statement explains how Nisaab360 approaches personal data where the General Data Protection Regulation (GDPR) may apply.
Nisaab360 is primarily built for educational institutions and is provided only after approval, agreement, or permission from the project owner.
1. Our Role
When an educational institution uses Nisaab360, the institution will generally act as the Data Controller.
This means the institution is responsible for deciding:
- What personal data is collected or entered into the platform.
- Why the personal data is collected and processed.
- How the personal data is used.
- Who is authorized to access the data.
- How long the data should be retained.
- When data should be corrected, restricted, exported, or deleted.
Where Nisaab360 processes personal data on behalf of an institution, Nisaab360 will generally act as the Data Processor.
This means Nisaab360 provides the platform and processes information based on:
- The institution's use of the service.
- The features enabled for the institution.
- The institution's authorized instructions.
- The applicable agreement between the institution and Nisaab360.
- Legitimate technical and operational requirements necessary to provide the service.
The exact legal roles of the institution and Nisaab360 may depend on the specific circumstances and applicable law.
2. Institution Responsibility
Institutions are responsible for ensuring that personal, academic, and administrative data is collected, entered, updated, accessed, and used lawfully.
This may include data related to:
Institutions are responsible for:
- Having an appropriate lawful basis for processing personal data.
- Providing required privacy information to relevant individuals where applicable.
- Ensuring that only necessary information is entered into the platform.
- Providing access only to authorized users.
- Keeping institution-managed records reasonably accurate and up to date.
- Handling data protection requests related to institution-controlled information.
- Complying with applicable privacy and data protection requirements.
Students, parents, guardians, teachers, staff members, or other users who want to access, correct, restrict, export, or delete institution-managed records should contact their institution administration first.
3. Data Minimization
Nisaab360 is designed to collect and process information necessary to provide academic, administrative, communication, security, and platform-related features.
Depending on the institution and enabled features, data may be used to support:
- User authentication
- Account management
- Dashboards
- Student and staff management
- Attendance
We aim to avoid collecting personal information that is not reasonably necessary for the platform's intended functions.
Nisaab360 does not sell personal, academic, or institution data to advertisers or unrelated third parties.
4. Lawful and Limited Use
Personal data processed through Nisaab360 should be used only for legitimate, authorized, and appropriate purposes.
These purposes may include:
- Educational activities
- Academic administration
- Institution management
- Communication between authorized users
- Account management
- Security and fraud prevention
- Technical support
- Platform maintenance
- Compliance with applicable requirements
The platform is not intended for:
- Unrelated commercial tracking
- Unauthorized profiling
- Unauthorized advertising use
- Misuse of student or staff information
- Unauthorized access to personal data
- Processing data for purposes unrelated to the institution's legitimate use of the platform
Institutions and authorized users are responsible for ensuring that their use of personal data has an appropriate legal basis where required.
5. User Rights
Where the GDPR or similar privacy laws apply, individuals may have certain rights regarding their personal data.
Depending on the circumstances and applicable law, these rights may include:
Because most academic and institution-related data is controlled by the institution, users should first submit requests concerning institution-managed records to their institution.
Requests may be subject to:
- Identity verification
- Applicable legal requirements
- Institution policies
- Valid exemptions
- Technical and operational limitations permitted by law
6. Data Security
Nisaab360 uses technical and organizational security practices intended to help protect personal data from:
- Unauthorized access
- Loss
- Misuse
- Alteration
- Unauthorized disclosure
- Improper access to restricted information
Security measures may include:
- User authentication
- Role-based access control
- Protected routes and services
- Secure password handling
- Controlled administrative access
- Access restrictions
- Security monitoring
- Audit-related records where applicable
- Secure communication practices
- Software and dependency maintenance
Access to personal and academic information is restricted according to:
- User roles
- Assigned permissions
- Institution structure
- Authorized responsibilities
No digital system can guarantee absolute security. However, Nisaab360 is designed with responsible data handling and security in mind.
7. Data Retention and Deletion
Personal data may be retained for as long as reasonably necessary to:
- Provide services to the institution.
- Maintain required academic and administrative records.
- Support active accounts and platform functionality.
- Meet security and operational requirements.
- Resolve disputes or technical issues.
- Comply with applicable legal obligations.
- Fulfill applicable institution agreements.
Data retention may depend on:
- The institution's requirements
- The type of information
- Legal responsibilities
- Operational needs
- Security requirements
- The agreement with the institution
When personal data is no longer required, deletion, anonymization, or restriction may be handled according to:
- Institution instructions
- Applicable agreements
- Technical feasibility
- Operational requirements
- Applicable law
8. Data Sharing and Subprocessors
Nisaab360 may use trusted third-party service providers or subprocessors to support the operation of the platform.
These services may include:
- Cloud hosting
- Data storage
- Infrastructure services
- Notification delivery
- Email delivery
- Security-related services
- Technical monitoring
- Other services necessary for platform operation
Where such service providers process personal data, the information should be limited to what is reasonably necessary for the relevant service.
Nisaab360 does not sell institution, academic, or personal data.
Where required and applicable, appropriate arrangements may be used with service providers that process personal data on behalf of Nisaab360.
9. Data Breach Response
If a personal data breach or serious security incident is suspected, Nisaab360 may take appropriate steps to investigate and respond.
These actions may include:
- Investigating suspicious activity
- Reviewing relevant security or audit records
- Restricting affected accounts or access
- Revoking affected sessions or credentials
- Applying security fixes
- Limiting affected platform functionality
- Taking reasonable measures to reduce further risk
- Informing relevant institution contacts where appropriate
Where the GDPR applies and Nisaab360 acts as a Data Processor, Nisaab360 will aim to support the relevant institution in meeting applicable data breach responsibilities.
The institution, as Data Controller where applicable, may be responsible for determining whether notification to:
- A supervisory authority
- Affected individuals
- Other relevant parties
is required under applicable law.
10. International Data Processing
Nisaab360 may be accessed by institutions and users from different locations.
Depending on the technical services and infrastructure used, personal data may be:
- Stored in another country or region.
- Processed through cloud infrastructure located outside the user's local area.
- Processed by technical service providers operating internationally.
Where GDPR requirements apply to international transfers of personal data, appropriate safeguards may be required depending on:
- The location of the data.
- The location of the service provider.
- The nature of the processing.
- Applicable legal requirements.
Institutions should review their own legal and regulatory requirements before using the platform for regulated or restricted data.
11. Data Protection by Design
Nisaab360 aims to consider privacy and data protection when designing and operating platform features.
Relevant practices may include:
- Role-based access controls
- Limiting access according to user responsibilities
- Protecting authenticated routes and services
- Collecting information relevant to platform functionality
- Restricting administrative access
- Maintaining appropriate security controls
- Reviewing platform features and technical practices as the service develops
Institutions should also configure and use the platform in a way that supports appropriate privacy and data protection practices.
12. Private Property and Authorized Use
Nisaab360 is private property.
The platform may only be used by:
- Approved institutions
- Authorized administrators
- Authorized teachers
- Authorized staff members
- Authorized students
- Other users who have been granted valid access
The following activities are not permitted without authorization:
- Unauthorized access
- Copying the platform
- Reselling the platform
- Unauthorized modification
- Reverse engineering
- Redistribution
- Misuse of personal or academic data
- Unauthorized commercial use
- Attempts to bypass security or access controls
13. Changes to This GDPR Compliance Statement
This GDPR Compliance statement may be updated from time to time.
Updates may reflect changes in:
- Platform features
- Data processing practices
- Security practices
- Technical infrastructure
- Service providers
- Legal or regulatory requirements
- Institution agreements
- Platform operations
The latest version will be made available through the website, app, or another appropriate platform location.
14. GDPR and Privacy Contact
For GDPR-related questions, privacy requests, institution onboarding, or data protection inquiries, contact:
- Email: Workwithhussnainahmad@gmail.com
- Website: appsbyhussnain.vercel.app
