Back to Home

Official Privacy Policy

CFAC National Arts Olympiad

Effective Date: July 2026

1. Definitions & Interpretation

Unless the context otherwise requires, the following expressions shall have the meanings assigned below:

"CFAC" means the Contemporary Foundation for Art and Craft, the parent not-for-profit organisation promoting art and cultural education.

"CNAOEC" means the CFAC National Arts Olympiad Executive Council, an independent executive body constituted exclusively for planning, administering, conducting, evaluating and managing the National Arts Olympiad and all related operational, financial and administrative functions.

"Olympiad" means the CFAC National Arts Olympiad organised by CNAOEC. "Participant" means any student registered for participation in the Olympiad.

"Parent/Legal Guardian" means the individual legally authorised to provide consent on behalf of a participant who has not attained the age of eighteen (18) years.

"Olympiad Centre" means any school, institution, academy or organisation duly authorised by CNAOEC to conduct or facilitate the Olympiad.

"Personal Data" shall have the meaning assigned under the Digital Personal Data Protection Act, 2023, and includes any data relating to an identified or identifiable individual.

"Processing" shall include collection, recording, storage, organisation, adaptation, retrieval, use, disclosure, sharing, transmission, retention, deletion or any other operation performed on Personal Data.

"Platform" means the official CFAC website, mobile application, registration portal and other authorised digital systems through which the Olympiad is administered.

"Applicable Law" means all laws, rules, regulations and governmental directions applicable within the Republic of India, including the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000.

Unless the context otherwise requires, words importing the singular include the plural and vice versa, and references to one gender include all genders.

2. Organisational Structure and Responsibility

The Contemporary Foundation for Art and Craft ("CFAC") is the parent not-for-profit organisation promoting art and cultural education.

The CFAC National Arts Olympiad Executive Council ("CNAOEC") functions as an independent executive body constituted exclusively for the administration, management, execution, evaluation and operation of the National Arts Olympiad.

Unless expressly stated otherwise, all registrations, operational decisions, examinations, evaluations, participant management, financial transactions, grievance handling, data processing and other activities relating to the National Arts Olympiad are undertaken by CNAOEC in accordance with its governing framework.

References to "CFAC" in this Privacy Policy primarily identify the parent organisation and brand under which the Olympiad is conducted and shall not, by themselves, alter the operational responsibilities specifically assigned to CNAOEC.

3. Introduction

CNAOEC is committed to protecting the privacy of every Participant, Parent or Legal Guardian, Olympiad Centre, Coordinator, Jury Member, volunteer and other authorised users of the Platform.

This Privacy Policy explains the manner in which Personal Data is collected, processed, used, disclosed, retained and protected while administering the National Arts Olympiad.

This Policy is intended to comply with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and other applicable laws relating to data protection and electronic records.

By accessing the Platform, submitting information, registering for the Olympiad, or otherwise interacting with CNAOEC through the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your Personal Data to the extent permitted under Applicable Law.

Where the Participant is below eighteen (18) years of age, all processing of Personal Data shall be based upon verifiable consent provided by the Parent or Legal Guardian in accordance with Applicable Law.

4. Scope of this Privacy Policy

This Privacy Policy applies to Personal Data collected through:

  • the official CFAC website;
  • the My CFAC mobile application;
  • the official Olympiad registration portal;
  • authorised Olympiad Centres;
  • official communications made through email, telephone, WhatsApp or other approved digital channels; and
  • any other official digital or physical process connected with the administration of the National Arts Olympiad.

This Policy applies to Participants, Parents or Legal Guardians, Olympiad Centres, Coordinators, Jury Members, volunteers, authorised representatives and all other individuals whose Personal Data is processed in connection with the Olympiad.

5. Categories of Information We Collect

In accordance with the principle of data minimisation, CNAOEC collects only such Personal Data as is reasonably necessary for registration, verification, administration, evaluation, communication, legal compliance and other legitimate purposes connected with the Olympiad.

Depending upon the nature of participation, the categories of information collected may include:

A. Participant Information

  • Full name;
  • Date of birth;
  • Age;
  • Class or grade;
  • Gender (where voluntarily provided);
  • School or institution details;
  • Residential address;
  • Contact information;
  • Student photograph;
  • Artwork submissions;
  • Performance audio or video recordings;
  • Performance reports;
  • Competition results.

B. Parent or Legal Guardian Information

  • Full name;
  • Relationship with the Participant;
  • Contact number;
  • Email address;
  • Address;
  • OTP verification records;
  • Digital consent records;
  • IP address;
  • Device information;
  • Timestamp of consent.

C. Identity Verification Information

Where identity verification is required, CNAOEC may collect a government-issued identity document solely for identity or age verification purposes.

Such verification may be performed through automated OCR technology or other verification mechanisms adopted by CNAOEC.

Identity document images shall not be retained beyond the period reasonably required to complete the verification process unless retention is required by Applicable Law or pursuant to a lawful governmental direction.

6. Purpose and Lawful Basis of Processing

CNAOEC processes Personal Data only for lawful, specific and legitimate purposes connected with the administration of the National Arts Olympiad.

Personal Data shall not be processed for purposes that are incompatible with those stated in this Privacy Policy unless otherwise permitted under Applicable Law.

Subject to the Digital Personal Data Protection Act, 2023 and other applicable laws, Personal Data may be processed for one or more of the following purposes:

6.1 Registration and Participant Administration

To receive, verify and process Olympiad registrations, create participant records, allocate participant categories and age groups, generate registration confirmations, issue Entry Passes or Admit Cards, and administer the Olympiad.

6.2 Identity and Eligibility Verification

To verify the identity, age, eligibility and authority of Participants, Parents or Legal Guardians, Olympiad Centres, Coordinators, Jury Members and other authorised users.

Identity verification may include automated OCR-based extraction of limited demographic information from identity documents solely for verification purposes.

6.3 Conduct of the Olympiad

To facilitate the planning, administration and execution of the Olympiad, including examination scheduling, performance recording, artwork submission, evaluation, moderation, publication of results, preparation of Performance Reports, certificate generation and prize administration.

6.4 Communication

To communicate with Participants, Parents or Legal Guardians, Olympiad Centres, Coordinators, Jury Members and other authorised users regarding:

  • registration status;
  • examination schedules;
  • operational announcements;
  • Entry Passes;
  • Performance Reports;
  • certificates;
  • prizes;
  • grievance responses;
  • technical support; and
  • other communications reasonably connected with the Olympiad.

Such communications may be made through email, SMS, WhatsApp, telephone calls, mobile application notifications or other officially approved communication channels.

6.5 Legal and Regulatory Compliance

To comply with Applicable Law, judicial orders, statutory obligations, governmental requests, audit requirements, dispute resolution proceedings, fraud prevention measures and internal governance requirements.

6.6 Security and Fraud Prevention

To maintain the integrity, security and reliability of the Platform by:

  • preventing fraudulent registrations;
  • detecting unauthorised access;
  • monitoring suspicious activities;
  • protecting participant data;
  • maintaining audit logs; and
  • investigating security incidents.

6.7 Research, Analytics and Service Improvement

Personal Data may be analysed in aggregated or anonymised form for statistical analysis, service improvement, operational planning, academic research and enhancement of future Olympiad programmes.

Where reasonably possible, personally identifiable information shall be removed before such analysis is undertaken.

7. Payment Information

Registration fees are processed through authorised third-party payment service providers.

CNAOEC does not intentionally collect, store or process sensitive payment credentials such as:

  • debit card numbers;
  • credit card numbers;
  • CVV numbers;
  • internet banking passwords;
  • UPI PINs; or
  • similar payment authentication credentials.

Such information is processed directly by the respective payment service provider in accordance with its own privacy practices and applicable regulatory requirements.

Users are encouraged to review the privacy policies and terms of their chosen payment service providers before completing any transaction.

Where payment disputes arise, CNAOEC shall reasonably cooperate with the relevant payment service provider to facilitate investigation and resolution, subject to applicable laws and contractual arrangements.

8. Cookies and Technical Information

The Platform may use cookies and similar technologies to facilitate secure and efficient operation.

Such technologies may be used for purposes including:

  • maintaining secure login sessions;
  • user authentication;
  • fraud detection;
  • preventing automated or malicious registrations;
  • improving website functionality;
  • remembering user preferences;
  • analysing website performance; and
  • maintaining system security.

The Platform does not intentionally deploy third-party advertising cookies for behavioural advertising or commercial profiling.

Users may disable certain cookies through their browser settings; however, doing so may affect the proper functioning of certain features of the Platform.

9. Promotional Content and Public Recognition

Subject to applicable consent requirements and the permissions granted by the Participant or Parent/Legal Guardian, CNAOEC may publish or display:

  • winning artworks;
  • performance videos;
  • participant names;
  • photographs;
  • certificates;
  • rankings;
  • awards; and
  • other Olympiad-related achievements,

through its official website, publications, exhibitions, newsletters, social media platforms and other promotional or educational materials.

Where reasonably practicable, appropriate attribution shall be provided to the Participant and, where applicable, the associated Olympiad Centre or educational institution.

Nothing contained in this clause transfers ownership of the intellectual property belonging to the Participant.

10. Disclosure and Sharing of Personal Data

CNAOEC does not sell, rent or commercially trade Personal Data to third-party marketing organisations.

Personal Data may be shared only where reasonably necessary for legitimate operational, legal or contractual purposes, including with:

10.1 National Jury Panel

Participant submissions and only such demographic information as is reasonably necessary for evaluation may be shared with authorised internal and external Jury Members.

Every external Jury Member shall be bound by appropriate confidentiality obligations, including Non-Disclosure Agreements or equivalent contractual confidentiality provisions.

10.2 Authorised Service Providers

Personal Data may be shared with carefully selected service providers engaged for:

  • payment processing;
  • cloud hosting;
  • secure data storage;
  • email services;
  • SMS or WhatsApp communication;
  • technical support;
  • cybersecurity;
  • OCR verification;
  • certificate generation; and
  • other services reasonably necessary for administration of the Olympiad.

Such service providers shall process Personal Data only in accordance with CNAOEC's instructions and applicable contractual obligations.

10.3 Government Authorities

Personal Data may be disclosed where disclosure is:

  • required by Applicable Law;
  • directed by a competent court;
  • required by a lawful governmental authority;
  • necessary for investigation of fraud or criminal activity; or
  • otherwise legally permissible.

10.4 Corporate Restructuring

Where the administration of the Olympiad is lawfully reorganised, transferred or restructured, relevant Personal Data may be transferred to the successor entity, subject to Applicable Law and appropriate safeguards.

11. Data Security and Protection Measures

CNAOEC adopts reasonable technical, organisational and administrative safeguards designed to protect Personal Data against unauthorised access, disclosure, alteration, loss, misuse or destruction.

While no electronic system can guarantee absolute security, CNAOEC continually reviews and updates its security practices in accordance with evolving technological and legal standards.

Without limiting the foregoing, security measures may include:

  • encryption of sensitive data during storage and, where appropriate, during transmission;
  • role-based access controls restricting access to authorised personnel only;
  • authentication and access logging;
  • secure server infrastructure and firewalls;
  • periodic security reviews and monitoring; and
  • contractual confidentiality obligations applicable to authorised personnel and service providers.

Users are also responsible for maintaining the confidentiality of their login credentials and for promptly notifying CNAOEC of any suspected unauthorised access to their accounts.

12. Encryption and Secure Access

Where technically feasible and operationally appropriate, sensitive digital content, including participant photographs, artwork submissions and performance videos, shall be encrypted using industry-recognised encryption standards during storage.

Evaluation materials shall be made available only to authorised Jury Members through secure access mechanisms designed to minimise unauthorised downloading, copying or disclosure.

CNAOEC continuously reviews its technical safeguards and may adopt updated security technologies from time to time without prior notice where necessary to improve information security.

13. Role-Based Access Control (RBAC)

Access to Personal Data is granted strictly on a need-to-know basis.

Only authorised personnel whose duties reasonably require access to specific categories of Personal Data shall be permitted to access such information.

Depending upon operational requirements, access may be granted to:

  • authorised administrative personnel;
  • authorised Jury Members;
  • authorised technical support personnel;
  • authorised grievance officers;
  • authorised compliance personnel; and
  • approved service providers acting under appropriate contractual obligations.

All access may be monitored, logged and periodically reviewed for security and audit purposes.

14. Identity Verification and OCR Processing

Where identity verification is necessary, Participants, Parents or Legal Guardians, Olympiad Centres, Coordinators or Jury Members may be required to upload a valid government-issued identity document.

Such documents may be processed using Optical Character Recognition (OCR) or other verification technologies solely for the purposes of identity verification, age verification, fraud prevention and compliance.

Unless retention is required:

  • under Applicable Law;
  • pursuant to a lawful governmental direction;
  • for the establishment, exercise or defence of legal claims; or
  • for ongoing fraud investigations,

uploaded identity document images shall ordinarily be deleted after successful completion of the verification process.

Extracted verification data reasonably necessary for registration, audit, legal compliance or dispute resolution may continue to be retained in accordance with this Privacy Policy.

15. Data Retention

Personal Data shall be retained only for as long as reasonably necessary to fulfil the purposes described in this Privacy Policy, comply with Applicable Law, resolve disputes, enforce legal rights or satisfy legitimate operational requirements.

Unless a longer retention period is required by law, participant-related records, including evaluation records, submitted artworks and performance videos, may ordinarily be retained for up to one (1) year from the official declaration of the relevant Olympiad results.

Following expiry of the applicable retention period, Personal Data shall be securely deleted, anonymised or otherwise disposed of using reasonable technical and organisational measures, unless continued retention is required by Applicable Law or legitimate legal necessity.

16. Privacy of Children

The National Arts Olympiad is primarily intended for participants below eighteen (18) years of age.

Accordingly, CNAOEC processes Personal Data relating to such Participants only on the basis of verifiable consent provided by the Parent or Legal Guardian or as otherwise permitted under Applicable Law.

Parents or Legal Guardians are responsible for ensuring that the information submitted on behalf of the Participant is accurate, complete and lawfully provided.

17. Rights of Data Principals

Subject to the DPDP Act, 2023 and other Applicable Laws, Data Principals or their authorised representatives may, where applicable, exercise the following rights:

  • to obtain information regarding processing of their Personal Data;
  • to request correction, updating or completion of inaccurate Personal Data;
  • to request erasure of Personal Data where legally permissible;
  • to withdraw consent where processing is based upon consent;
  • to seek grievance redressal in accordance with the prescribed procedure; and
  • to exercise such other rights as may be available under Applicable Law.

Requests shall be processed within a reasonable period, subject to identity verification and any legal limitations applicable to the request.

18. Withdrawal of Consent and Data Erasure

Where processing is based upon consent, the Parent, Legal Guardian or other authorised individual may withdraw such consent at any time by submitting a written request through the designated grievance mechanism.

Withdrawal of consent shall not affect the lawfulness of processing undertaken prior to such withdrawal.

Where a request for erasure or withdrawal of consent is received before completion of the Participant's registration, verification, evaluation or certification process, CNAOEC may be unable to continue providing the requested Olympiad services.

In such circumstances, the Participant's registration may be cancelled or treated as withdrawn to the extent necessary for operational or legal reasons.

CNAOEC may nevertheless retain such limited Personal Data as is required for:

  • compliance with Applicable Law;
  • audit requirements;
  • fraud prevention;
  • dispute resolution;
  • enforcement of legal rights; or
  • defence of legal claims.

19. Cross-Border Processing and Data Transfers

CNAOEC primarily stores and processes Personal Data within India. However, certain authorised technology service providers, including cloud hosting, communication, analytics or security providers, may process limited Personal Data through servers located outside India where legally permissible.

Where any cross-border processing occurs, CNAOEC shall endeavour to ensure that such processing is undertaken in accordance with the Digital Personal Data Protection Act, 2023, applicable governmental notifications, and appropriate contractual or technical safeguards.

20. Third-Party Platforms and External Links

The Platform may contain links to third-party websites, payment gateways, cloud platforms or other external services for user convenience.

This Privacy Policy applies only to the official Platform operated by or on behalf of CNAOEC.

CNAOEC does not control and is not responsible for the privacy practices, security measures or content of any independent third-party platform.

Users are encouraged to review the applicable privacy policies of such third-party services before sharing Personal Data.

21. Changes to this Privacy Policy

CNAOEC reserves the right to amend, revise, update or modify this Privacy Policy from time to time in order to:

  • comply with changes in applicable laws;
  • implement technological improvements;
  • strengthen security measures;
  • reflect operational changes; or
  • improve transparency and regulatory compliance.

Any revised version shall become effective from the date specified in the updated Privacy Policy and shall supersede previous versions unless expressly stated otherwise.

Where material changes are made, reasonable efforts may be undertaken to notify users through the Platform or other official communication channels.

Continued use of the Platform after such changes shall constitute acceptance of the revised Privacy Policy to the extent permitted under Applicable Law.

22. Limitation of Liability

CNAOEC adopts reasonable administrative, organisational and technical safeguards to protect Personal Data.

However, no electronic system, communication network or cybersecurity measure can guarantee absolute security.

Accordingly, except where liability cannot be excluded under Applicable Law, CNAOEC shall not be responsible for losses arising solely from:

  • unauthorised access caused by user negligence;
  • compromise of user credentials;
  • internet or telecommunication failures;
  • cyber-attacks beyond reasonable control;
  • failures attributable to independent third-party service providers; or
  • Force Majeure Events.

Nothing contained in this Privacy Policy excludes or limits any liability which cannot lawfully be excluded under Applicable Law.

23. Grievance Redressal

Any individual wishing to exercise rights under this Privacy Policy or raise concerns regarding the processing of Personal Data may submit a written grievance to the designated Grievance Redressal & Legal Compliance Team (GRLCT).

CNAOEC shall endeavour to acknowledge and process genuine grievances within a reasonable period in accordance with Applicable Law and its internal grievance handling procedures.

Nothing contained herein restricts any statutory rights available under applicable law.

24. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India.

The parties shall endeavour to resolve any dispute amicably through the internal grievance mechanism before initiating formal legal proceedings.

Subject to any mandatory legal requirements applicable under law, the courts having competent jurisdiction at Tripura, India, shall have jurisdiction over disputes arising out of or relating to this Privacy Policy.

25. Notices

Any notice, request or communication relating to this Privacy Policy shall be made through the official communication channels notified by CNAOEC.

Electronic communications transmitted through the registered email address or other officially designated communication channels shall constitute valid notice unless otherwise required by Applicable Law.

26. Severability

If any provision of this Privacy Policy is held to be invalid, illegal or unenforceable by a court or competent authority, such provision shall, to the extent of such invalidity or unenforceability, be deemed severed.

The remaining provisions shall continue to remain valid, enforceable and effective to the fullest extent permitted by Applicable Law.

27. Entire Privacy Policy

This Privacy Policy constitutes the complete privacy policy governing the collection, processing, use, disclosure and protection of Personal Data in relation to the National Arts Olympiad.

It shall be read together with the applicable Terms & Conditions, Refund Policy and other officially published policies of CNAOEC.

In the event of any inconsistency, the document specifically governing the relevant subject matter shall prevail to the extent of such inconsistency.

28. Amendment and Version Control

This Privacy Policy may be amended only through an officially approved written version published by CNAOEC.

Each revised version shall specify its effective date and shall supersede all previous versions from such date unless expressly stated otherwise.

Users are encouraged to periodically review the latest version available on the official Platform.

29. Contact Details

For requests relating to correction, access, withdrawal of consent, data erasure (where legally permissible), DPDP compliance or any privacy-related grievance, please contact:

Grievance Redressal & Legal Compliance Team (GRLCT)

Email: grievance.cnaoec@cfac.in

Helpline: 011 6926 9860

Standard Organizational Clarification Clause (Applicable Across All Documents)

Organizational Structure & Responsibility: The Contemporary Foundation for Art and Craft (CFAC) is the parent non-profit organization established to promote art, culture, and education.

The CFAC National Arts Olympiad Executive Council (CNAOEC) is an independent executive body constituted by CFAC solely for the purpose of planning, administering, managing, and conducting the CFAC National Arts Olympiad.

Accordingly, all registrations, examinations, evaluations, operational decisions, communications, financial transactions, grievance handling, and other activities relating to the National Arts Olympiad are administered by or under the authority of CNAOEC, unless expressly stated otherwise in the applicable policy or document.

References to "CFAC", "CNAOEC", or "we/us/our" in these Terms shall be interpreted in the context of their respective roles and responsibilities under the applicable document.