FOURTH SCHEDULE
[See rule 11]
PART A
Classes of Data Fiduciaries in respect of whom provisions of sub-sections (1) and (3) of section 9 shall not apply:
| S. No. | Class of Data Fiduciaries | Conditions |
|---|---|---|
| 1 | A Data Fiduciary who is a clinical establishment, mental health establishment or healthcare professional | Processing is restricted to provision of health services to the child by such establishment or professional, to the extent necessary for the protection of her health. |
| 2 | A Data Fiduciary who is an allied healthcare professional | Processing is restricted to supporting implementation of any healthcare treatment and referral plan recommended by such professional for the child, to the extent necessary for the protection of her health. |
| 3 | A Data Fiduciary who is an educational institution | Processing is restricted to tracking and behavioural monitoring:
|
| 4 | A Data Fiduciary who is an individual in whose care infants and children in a crèche or child day care centre are entrusted | Processing is restricted to tracking and behavioural monitoring in the interests of safety of children entrusted in the care of such institution, crèche or centre. |
| 5 | A Data Fiduciary who is engaged by an educational institution, crèche or child care centre for transport of children enrolled with such institution, crèche or centre | Processing is restricted to tracking the location of such children, in the interests of their safety, during the course of their travel to and from such institution, crèche or centre. |
PART B
Purposes for which provisions of sub-sections (1) and (3) of section 9 shall not apply:
| S. No. | Purposes | Conditions |
|---|---|---|
| 1 | For the exercise of any power, performance of any function or discharge of any duties in the interests of a child, under any law for the time being in force in India | Processing is restricted to the extent necessary for such exercise, performance or discharge. |
| 2 | For providing or issuing any subsidy, benefit, service, certificate, licence or permit, by whatever name called, under law or policy or using public funds, in the interests of a child, under clause (b) of section 7 of the Act | Processing is restricted to the extent necessary for such provision or issuance. |
| 3 | For the creation of a user account for communicating by email | Processing is restricted to the extent necessary for creating such user account, the use of which is limited to communication by email. |
| 4 | For ensuring that information likely to cause any detrimental effect on the well-being of a child is not accessible to her | Processing is restricted to the extent necessary to ensure that such information is not accessible to the child. |
| 5 | For confirmation by the Data Fiduciary that the Data Principal is not a child and observance of due diligence under rule 10 | Processing is restricted to the extent necessary for such confirmation or observance. |
Note:
In this Schedule—
- “allied healthcare professional” shall have the same meaning as is assigned to it in the National Commission for Allied and Healthcare Professions Act, 2021 (14 of 2021);
- “clinical establishment” means and includes all establishments and places:
- falling within the meaning assigned to the term “clinical establishment” in clause (c) of section 2 of the Clinical Establishments (Registration and Regulation) Act, 2010 (23 of 2010); and
- as referred to in sub-clauses (i) or (ii) of the said clause that is owned, controlled or managed by any force constituted under the Army Act, 1950 (46 of 1950), the Air Force Act, 1950 (45 of 1950) or the Navy Act, 1957 (62 of 1957);
- “educational institution” shall mean and include an institution of learning that imparts education, including vocational education;
- “healthcare professional” shall have the same meaning as is assigned to it in the National Commission for Allied and Healthcare Professions Act, 2021 (14 of 2021);
- “health services” shall mean the services referred to in clause (j) of section 2 of the National Commission for Allied and Healthcare Professions Act, 2021 (14 of 2021); and
- “mental health establishment” shall have the same meaning as is assigned to it in the Mental Healthcare Act, 2017 (10 of 2017).