NADA India


National Anti-Doping Agency,India

NADA India’s Anti-Doping Data Protection Policy

1. Introduction
National Anti-Doping Agency, India (‘‘NADA India’’) is an autonomous body under the Ministry of Youth Affairs and Sports, Government of India. NADA India implements the anti-doping programme in India
and works
towards promoting clean sport practices across the country. The key areas of functioning include Sample                               Collection,Results Management, Anti-Doping Education & Awareness, Science & Research and Intelligence & Investigations.NADA India upholds the values of ethics and integrity in sports and is committed to creating a  dope-free sporting environment.

1.2  NADA India is a signatory to the World Anti-Doping Code and as part of its functions is required to process personal data for carrying out anti-doping activities.The data collected, shared and stored by NADA India shall be processed in compliance with the World Anti-Doping Agency’s International Standard for the Protection of Privacy and Personal Information (ISPPPI) as amended from time to time, NADA India’s Anti-Doping Data Protection Policy and applicable national laws and/or regulations.

2. Scope: The NADA India Anti-Doping Data Protection Policy (hereinafter referred to as “the Policy”) describes how the National Anti-Doping Agency, India (NADA India) shall utilize all the personal information that it collects, processes, shares,discloses and stores in connection with the anti-doping activities. NADA India shall update this Policy from time to time in order to reflect changes that it may make to its privacy practices.
3. Definitions : In this Policy, unless the context otherwise requires, words or expressions contained herein but not defined shall bear the same meaning as given in the National Anti-Doping Rules, 2021, the World Anti-Doping Code, the International Standard for the Protection of Privacy and Personal Information (ISPPPI), any other relevant international standard adopted and amended from time to time by the World Anti-Doping Agency, and applicable national laws, and/or regulations.

4. Data Collection:

4.1 NADA India may collect, store, process or disclose personal information relating to athletes and other persons
where necessary and appropriate to conduct its anti-doping activities under the Code, the  international standards and in compliance with applicable national laws and/or regulations.

4.2 The types of personal information collected shall depend on the level of a participant or on the athlete’s role
in sport. An 
example of categories of personal information collected is shown on the next page: – 


Information that identifies or is identifiable to you, like your name, contact
information, date of birth, gender and sport nationality. 

Education data collected to ensure attendance of NADA India’s
anti-doping education sessions. 
Whereabouts information that indicates where you can be found for anti-doping
testing (for example, addresses for regular activities like training, work or
school and for the location(s) where you will be available for testing during a
daily one-hour time slot). We will tell you if you need to provide us with this
Testing data that is created when we collect samples from you for
an anti-doping test. (for example, doping control forms, type of test, sample
code numbers, responses and information provided by you during a sample collection
session) and the laboratory results from the analysis of your samples. 
Athlete Biological Passport
(ABP) data
, for example, biological passport ID, blood and
steroid biological marker values and ratios, and expert recommendations and
assessments. The ABP is another tool to identify doping based on the analysis
of laboratory results obtained from anti-doping samples
Medical information, if you need to apply for a Therapeutic Use Exemption to treat a medical condition with the use of substance(s) or method(s) that is normally not allowed.Results management information, if we believe you have broken anti-doping rules. This includes information about the anti-doping rule violation you are charged with, evidence you provide in defense of a charge, and the decision on whether or not you will receive a sanction.Investigations information if NADA India suspects that an athlete or other person may have breached applicable anti-doping rules. This can include information or evidence obtained from including but not limited to open-source searches, from witnesses and other confidential sources, or through cooperation with law enforcement agencies and other external stakeholders within anti-doping ecosystem.
 4.3  Any other information which may be considered expedient to discharge its functions as an Anti – Doping Organisation under the Code and relevant international standards.
      4.4  NADA shall maintain a record of the Processing of Personal Information.
5Purpose of Processing Personal Information: NADA India shall only process Personal Information to conduct anti-doping activities under the National Anti-Doping Rules, 2021 and WADA’s International Standards or where otherwise required by applicable law, regulation or  compulsory legal process and where such processing does not conflict with applicable privacy and data protection laws. 
This includes, but is not limited to, processing Personal Information such as: –
 ·  To determine eligibility for a TUE.
·   To conduct testing, target testing, and to record the results from such testing.
·   To conduct investigations to determine breaches of the anti-doping rules.
·  To carry out results management under the National Anti-Doping Rules, 2021 associated with disciplinary   hearings, appeals and adjudications and to publish the outcomes on its website and/or social media pages.
·  To serve the substantial public interest of eliminating doping in sport.
·   To perform a contract or take necessary steps prior to entering a contract.
· To fulfil legitimate interests associated with the activities of an Anti-Doping Organisation. To protect the vital  interests or those of another person based on applicable legal provisions authorising the processing of personal information for the purpose of promoting clean sports.

6. Disclosures and sharing of personal information: 

   6.1 The Personal Information shall be processed in accordance with the provisions of the World Anti-Doping Code to allow NADA to fulfil its obligations and responsibilities under the National Anti-Doping Rules 2021, the World Anti-Doping Code and applicable international standards.

  6.2 NADA India may share the personal information with the following individuals and organizations to run its anti-doping  program and respect the provisions mentioned under the Code: – 
 · Individuals, who are authorized to receive or share the personal information, including but not limited to, an agent, coach, doctor, or a parent or guardian.
· Code Signatories that have testing authority, sample collection authority, or results management authority, such as                  International Federation, or Major Event Organizers.
· WADA, that ensures all Code Signatories respect the rules of the Code. WADA also operates and manages the Anti- Doping Administration and Management System (ADAMS), a platform hosted in Canada to which personal information  is loaded. Using ADAMS facilitates the collaboration and sharing of information needed to run our anti-doping program.
 ·   Laboratories and Athlete Passport Management Units that analyze anti-doping samples and the Athlete Biological                  Passport. They are subject to the International Standard for Laboratories, and only have access to coded data
(based on sample codes or passport IDs).
·  Other delegated third parties and service providers that NADA India may hire to help carry out its anti-doping                          activities and maintain its operations.  NADA India shall ensure that delegated third parties and service providers agree to strict contractual controls designed to protect the personal information.
·  National Federations and Continental Federations, that may receive disciplinary notices or other information
concerning their athletes or other affiliated persons.
· Disciplinary panels and hearing bodies (including the Court of Arbitration for Sport), for adjudicating ADRVs and/or other disciplinary offences in accordance with the Code and/or other applicable regulations.

·  Public authorities and other relevant bodies (including law enforcement agencies) responsible for enforcing sport and anti-doping laws and for investigating offences relating to doping in sport.In accordance with the Code, some of the personal information, such as name, sport and other anti-doping

      related data  may be publicly disclosed in cases where athlete has been charged with or convicted of an anti-doping rule violation. The personal information may also be disclosed to third parties in any event where such disclosure: –   
(a) is required by law, regulation or compulsory legal process,
      (b) takes place with athlete’s consent, or
(c) is necessary to assist law enforcement or governmental or other authorities in the detection, investigation or prosecution of a criminal offence or breach of the Code, provided that the personal information is reasonably relevant  to the offence in question.

7. International Transfers : The personal information may be made available by NADA India to other persons or third parties, including authorized service providers, WADA and other ADOs that are located outside of the country. The international transfer of personal information to other countries and international organizations shall take place in accordance with the Code, the ISPPPI, and any other applicable national law and/or regulations. When transferring the personal information internationally NADA India shall ensure compliance with applicable laws and regulations, for example, by ensuring that the recipients of the information maintain appropriate safeguards and provide an adequate level of data protection.

8. Rights with respect to personal information: Athletes have rights with respect to personal information under the ISPPPI, including Data subjects have the right to access, rectify, and erase their personal data, as well as the right to restrict or object to its processing and the right to data portability, subject to certain limitations under applicable data protection law. Because anti-doping is a mandatory feature of organized sport, it still may be necessary for NADA India, WADA, and other ADOs and organizations to continue to process personal information to fulfil obligations under the Code, the International, despite the objection to such processing or withdrawal of consent (where applicable). This includes processing personal information for investigations or proceedings related to possible anti-doping rule violations, as well as to establish, exercise or defend against legal claims involving an athlete or other person, WADA and/or an ADO. Objecting or withdrawing consent could also have consequences for the athlete such as triggering non-compliance with the WADA Code and International Standards, resulting in an anti-doping rule violation or prevention from participation in sporting events. NADA can be contacted in case of questions or complaints about how we handle personal information. NADA India may provide individuals with access to their personal information upon request and in accordance with the procedures outlined in the ISPPPI and will take reasonable steps to correct or delete any inaccurate or incomplete information.

9. Data Retention : NADA India may retain personal information for a period of time that is necessary for NADA to conduct its Anti-Doping Activities, in accordance with applicable law(s), regulations, applicable statute of limitations and data retention practices as set by ISPPPI. Personal information may be retained as is reasonably necessary to comply with applicable law, regulation, legal process or governmental request, to detect or prevent fraud, to resolve disputes, to address problems, to assist with investigations, to enforce other applicable agreements or policies or to take any other actions consistent with applicable law.

NADA shall ensure that personal data is kept secure and confidential, and that appropriate technical and organizational measures are in place to prevent unauthorized access, use, or disclosure. In particular, NADA India shall take appropriate measures to ensure that personal data is processed securely and confidentially, including:

     Implementing technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage;

         limiting access to personal data to authorised personnel for legitimate anti-doping purposes;

       Implementing procedures to ensure the confidentiality and integrity of personal data, including secure transmission and storage;

     ensuring that third-party processors and service providers comply with ISPPPI requirements. Access to personal data in connection with anti-doping activities shall be limited to authorized individuals who require access to perform their duties and responsibilities within the scope of their employment or contractual obligations with the NADA. 

NADA shall ensure that Personal Information is only retained for as long as is necessary to fulfil its obligations under ISPPPI and to fulfil its obligation under applicable data protection laws and/or regulations.


10. Security Measures: NADA India shall implement a range of measures, including administrative, physical, technical and contractual safeguards, to safeguard personal information under NADA’s custody and control from theft, loss, and unauthorized access, use, alteration, or disclosure. Access to such information must be restricted on a need-to-know basis, limited to employees, authorized delegated third parties, and service providers who may require access to fulfil their designated roles.

When sharing personal information with anti-doping organizations, NADA India shall ensure that they adhere to the same standards outlined in the ISPPPI. These standards encompass safeguarding personal information, transparent practices, deletion when no longer necessary, and facilitating athlete’s rights, such as accessing the personal information.The retention of personal information shall align with the criteria and timeframes specified in Annex A of the ISPPPI. Extensions to retention periods may occur as required by law or for the purpose of conducting an anti-doping investigation or proceeding, as and when required.

 11. Breach of personal information : NADA India shall establish a protocol for addressing instances of personal data breaches. This protocol must encompass various measures, including but not limited to the identification and evaluation of risks to individuals affected by the breach, the implementation of suitable corrective actions, the minimization of the breach’s impact, and the timely and appropriate notification of affected individuals, as mandated by data protection laws such as the ISPPPI. NADA shall keep a record of Security Breaches, including the facts relating to the breach, its effects and remedial actions taken Furthermore, NADA is required to have a procedure for the comprehensive documentation and recording of any such data breaches, along with providing regular updates to the pertinent authorities. It is imperative for the NADA to ensure the respect of athlete’s rights and the lawful and secure processing of data.

12. Contact and complaints : Should there be queries or concerns about how data is processed by NADA India, or if there are any complaints, please contact NADA India’s Data Privacy Officer at

13. Guidelines on information security practices: 
    13.1 The digital technology and usage of internet has grown exponentially and is an integral part of modern life. Today, cyberspace is the common platform used by citizens, businesses and Governments for communication, dissemination of information, e-commerce, economic activities, education, entertainment etc. At the same time, the  advancement of technology has opened vulnerabilities for exploitation by the malicious actors.

    13. 2 With the ubiquitous applications of Information & Communication Technologies (ICT) in almost all facets of service    delivery & operations, continuously evolving cyber threats has become a concern for Government. Cyber threats leading to cyber-attacks or incidents can compromise the confidentiality, integrity, and availability of an organization’s
information and systems and can have far reaching impact on essential services and national interests. To protect against cyber threats, it is important for government entities to implement strong cybersecurity measures and follow  best practices.

    13. 3. In view of the above, the Indian Computer Emergency Response Team (CERT-In) has issued guidelines relating to            information security practices, procedures, prevention and response to all Ministries, Departments, Secretariats and Offices specified in the First Schedule to the Government of India (Allocation of Business) Rules, 1961, their attached  and subordinate offices, and all government institutions, public sector enterprises and other government agencies under their administrative purview (collectively referred to as “government entities”). The guidelines are available on website of Ministry of Electronics & Information Technology (MeitY) and CERT-In.

    13.4 In this regard it is requested that all the Sections of NADA India may please refer to the aforementioned guidelines for necessary  action and further usage.

14. Compliance and Monitoring : NADA India shall regularly review and monitor its anti-doping data protection policy and procedure(s) to ensure its compliance with the ISPPPI and applicable national law(s) and regulation(s). This Policy has been adopted pursuant to the applicable provisions of the Code and the international standards as amended from time to time by WADA and shall be interpreted in a manner that is consistent with applicable provisions of the Code, international standards and applicable national law, rules or regulations. NADA India may issue circulars, notifications, office orders, guidelines and/or standard operating procedures for the effective discharge of its functions, as deemed necessary from time to time.