How we use personal information
The school collects personal information and sensitive categories of personal information of students, parents employees and at times third parties, to provide a safe and caring environment for teaching, learning, and general educational purposes. We use the information you provide for purposes that are necessary by law and required to undertake the performance of the contract into which you have entered and do so as we are required to do by law. We will always ensure we have a condition for processing personal and sensitive information
We use the information you provide in the following ways:
- to undertake and manage the school admissions and enrolment
- for approved school trips
- to provide a safe learning environment
- to comply with child protection requirements
- to support and enable the academic, pastoral and personal objectives of children, including the monitoring and reporting of progress
- to provide support and care for emotional and psychological wellbeing
- to protect the health of the students and staff we serve. We may also use data provided to us by other health professionals to safeguard staff and students.
- to provide a tailored learning environment and make evidence-based educational decisions for the children we serve
- to enable the children we serve to continue or progress their education at other educational organizations
- to enable the development of a comprehensive picture of the workforce and how it is deployed
- to inform the development of recruitment and retention policies
- to enable individuals to be paid
- to support and develop our employees in the performance of their duties
- for financial planning to help in the future planning and resource investment purposes
- for meet our statutory reporting requirements to the IB and other authorities
- to help investigate any concerns or complaints you may have
Why do we collect and use personal information
We collect and use personal information to carry out the education services as prescribed above. We do so on a lawful basis. In some circumstances, we may be required to share your personal data for legal statutory purposes or under legitimate interest. If we need to share your information we will ensure, if required, that you are advised.
The categories of personal information that we collect, hold and may share include:
- personal information (such as name, date of birth, unique number and address)
- special categories of data (such as health, ethnicity)
- other relevant categories for the performance of our services (such as assessment, relevant medical information, special educational needs information, exclusions /behavioral information and psychological reports and assessments)
- attendance information (such as sessions attended, number of absences and absence reasons)
- logging and audit in the use of IT systems and education technology apps, applications and cloud-based systems
- photographs and videos were taken by staff and students throughout the school year to record and share learning at ISU. Your child may be identifiable in these photographs.
photographs were taken for identification purposes e.g. ID cards, annual school yearbook.
Collecting student information
Whilst the majority of student information you provide to us is required for the performance of a contract or by law, some of it is provided to us on a voluntary basis.
In order to comply with data protection law, we will inform you when we require consent to process your information. Where consent is provided you or your child are free to withdraw consent at anytime. You can contact our Data Protection Lead at firstname.lastname@example.org if you or your child wish to withdraw consent.
Retention and storing of personal data
The school recognizes that by efficiently managing its records, it will be able to comply with its legal and regulatory obligations and to contribute to the effective overall management of the institution. Records provide evidence for protecting the legal rights and interests of the school and provide evidence for demonstrating performance and accountability.
All pupil and staff records will be stored securely at all times. Paper and electronic records will have appropriate security measures in place. This will ensure that confidentiality is maintained for pupil and staff records whilst enabling information to be shared lawfully and appropriately and to be accessible for those authorized to see it.
The pupil and staff records will be disposed of in accordance with the safe disposal of records guidelines. If records have been identified as historically important they will be archived.
Whilst we store and use your personal data we will ensure the appropriate security of your personal data including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Who do we share student information with?
Example of who we may share data with:
- Family nurses, doctors or social service organizations where sharing is in the vital interests or were not sharing could have a negative impact on the individual
- Providers of information systems that are necessary for School to deliver the admissions, administration, teaching and learning, pastoral development, and child protection services
- Third parties for school trips/outings
Who do we share workforce information with
Unless there is a statutory requirement we do not share information about workforce members with anyone without consent unless the law and our policies allow us to do so.
Processing and transfers to third countries
Personal information may be transferred to organizations outside the EU for the purposes of student application for college or university. Various teaching and learning applications are also used that are based outside the EEA / EU. Information on these and the protections afforded by these data processors can be requested from the Data Protection Lead (email@example.com).
The school’s IT systems log the use, access and content viewing of all users. No profiling is done on this information. The logs enable the school to assess child protection and safeguarding (pastoral) risks or concerns if and when they occur. The school has a process in place to ensure only those with the relevant training and expertise have access to the data generated by this logging activity.
For the purposes of IT hosting and maintenance, all school information including personal data is located on servers hosted at Superhosting.bg or Google. No third parties have access to your personal data unless the law allows them to do so. Where the law allows and information is shared with third parties, we ensure they have the same protections in place as we do. We cannot deliver our education services without processing the data we collect and share.
In following the principles of Article 32 – Security of Processing of the GDPR, we have in place proportionate organizational and technical measures to protect your personal information. More information on these can be requested via the Data Protection Lead (firstname.lastname@example.org).
Cookies are small pieces of information sent from our website to your computer or mobile device and that are stored on your device’s hard drive. Cookies allow us to gather useful information such as the number of visitors to our site, which pages they have been visiting and other technical information that allows us to improve our services.
Requesting access to your personal data
Under data protection legislation, anyone has the right to request access to information about them that we hold. To make a request for your personal information, contact the Data Protection Lead (email@example.com).
You also have certain additional rights to:
- be informed of how we are processing your personal information – this Privacy Notice serves to explain this to you but please do get in touch if you have any questions;
- have your data corrected if it is inaccurate or incomplete;
- have your information erased (the right to be forgotten) in certain circumstances – e.g. where it is no longer needed by us for the purpose for which it was collected or you have withdrawn your consent;
- restrict the use of your data in certain circumstances e.g. where you have told us the data is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your data but will not process it further until we have checked and confirmed whether the data is inaccurate;
- to object to the processing of your data in certain circumstances – e.g. you may object to the processing of your data for direct marketing purposes;
- to object to decisions being taken by automated means or for it to be reviewed by manual intervention;
- object to the processing of personal data that is likely to cause, or is causing, damage or distress
prevent processing for the purpose of direct marketing;
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed;
- and claim compensation for damages caused by a breach of the Data Protection regulations
If you have any concerns about the way we are collecting or using your personal data, you should raise your concern with us in the first instance by emailing our Data Protection Lead at firstname.lastname@example.org.
If you would like to discuss anything in this privacy notice, please contact at email@example.com