Australian International School (AIS) is part of Inspired Education Group. AIS takes data protection and our responsibilities to correctly and lawfully process personal data as a data controller. We are committed to complying with legal obligations and practicing industry standards when collecting, processing and storing personal data.
This privacy notice provides detailed information about how we process information that you provide to us. Our Data Protection Officer can be contacted by email on email@example.com if you have any queries regarding your personal data.
2. TYPES OF PERSONAL DATA WE PROCESS
We process personal data about prospective, current and past: pupils and their parents; staff, suppliers and contractors; donors, friends and supporters; and other individuals connected to or visiting AIS.
The personal data we collect, process and store will be personally identifiable information related to pupils and their parents, staff, suppliers and contractors, donors, friends and supporters. The personal data processed includes recorded information that is true and correct and/or video and photographic images about an individual. Information such as;
- names, addresses, telephone numbers, e-mail addresses and other contact details;
- family details;
- admissions, academic, disciplinary and other education related records, information about special educational needs, references, examination scripts and marks;
- education and employment data;
- images, audio and video recordings;
- financial information;
- schools previously attended.
Other types of data we collect, process and store are protected health information, criminal record information and other sensitive information related to an individual. Information such as;
- information about health status or provision of health care linked to a specific individual;
- dietary restrictions & requirements
- information about criminal records linked to a specific individual;
- biometric information.
3. HOW WE COLLECT AND PROCESS PERSONAL DATA
AIS collects information in several ways, including:
- in person and over the phone: from students and their family, staff, volunteers, visitors, job applicants and others;
- from electronic and paper documentation: including job applications, emails, invoices, enrolment forms, letters to our school, consent forms, our school’s website or school-controlled social media;
- through online tools: such as apps and other software used by our school;
- through any CCTV cameras located at our school;
- through third parties, such as referees, previous schools, professionals or authorities working with the individual;
- through publicly available resources.
As a school, it is lawfully required to share personal information with relevant authorities: such as the Department of Education or government services such as Visa and Immigration, Revenue and Customs, health insurance and health services. Our members of staff collect, process and store personal information only for the purpose for which it is intended.
We share data as data controller with certified and GDPR compliant data processors for educational service purposes.
All personal data resides within servers and files on systems that are provided by the school, third parties and/or cloud storage providers. These systems include Management Information systems, Human Resources Information systems, web servers and systems, email systems and school portals. We do not transfer personal data outside of Switzerland or the European Economic Area unless we are satisfied that the personal data will be afforded an equivalent level of protection.
Our school has a Data Protection Standard in place to oversee the effective and secure processing of your personal data. We have policies around the use of technology and devices, and access to school systems. We try to ensure that all personal data held in relation to an individual is as up to date and accurate as possible.
4. PURPOSES FOR WHICH WE PROCESS PERSONAL DATA
AIS processes personal data to lawfully and legitimately support the school’s operation as an independent school. Our school collects information about students and their families when necessary to:
- select and admit students;
- educate students;
- administer pupils’ entries to public examinations;
- provide academic reporting upon each student and publishing of results;
- provide references for current and past pupils;
- support students’ social and emotional wellbeing, and health;
- support operational management of the school including administration of pupil records; the administration of invoices, fees and accounts; the management of the school’s property; the management of security and safety arrangements (including the use of CCTV in accordance with our CCTV Policies and monitoring of the school’s IT and communications systems in accordance with our Acceptable Use Policy); management planning and forecasting; research and statistical analysis; the administration and implementation of the school’s rules and policies for pupils and staff; the maintenance of historic archives and other operational purposes;
- fulfil legal requirements;
- take reasonable steps to reduce the risk of reasonably foreseeable harm to students, staff and visitors (duty of care);
- make reasonable adjustments and support for students with special needs;
- provide a safe and secure working and school environment;
- communicate with parents about students’ schooling matters and celebrate the efforts and achievements of students;
- maintain the good order and management of our school;
- promote the school on our school’s website or school-controlled social media, the school prospectus and other publications and communications conducted by the school.
Our school collects information about staff, prospective staff and contractors when necessary for:
- the administration of staff records;
- the recruitment of staff;
- the engagement of contractors;
- administration of payroll, pensions and sick leave;
- staff appraisal;
- disciplinary procedures;
- administration of human resources records;
- providing references.
5. HOW LONG DO WE KEEP PERSONAL DATA
We retain personal data only for a legitimate and lawful reason and only for so long as necessary or required by law.
6. YOUR RIGHTS
Under Data Protection Law you have rights regarding the collection, processing and storage of your personal data. These rights are, however, subject to certain exemptions and limitations. You have the right to:
- access and understand the personal data we hold about you;
- access and understand the personal data we hold about your child;
- ask for the personal data we hold about you and/or your child to be erased (this is with limitations and exceptions as we may have lawful reason to hold such data);
- ask for the personal data we hold about you and/or your child to be amended;
- ask us to stop processing such data (this is with limitations and exceptions as we may have lawful reason to process such data);
- withdraw consent to process your personal data or your child’s personal data (this is with limitations and exceptions as we may have lawful reason to process such data regardless of consent).
Any request for data we store and process about you must be completed in writing.
7. SUBJECT ACCESS REQUESTS
Under Data Protection Law you have the right to request information or request to delete information we store about you and/or your child without incurring costs. We are only obligated to provide information that is related to you and your child (depending on legal custody). Parents can request data on behalf of their child, however, depending on their age, a student can also submit a Subject Access Request form to obtain their own data. Access to personal data belonging to your child may require the child’s consent if the child is old enough to understand the implications of such a request. Any data access request is, however, subject to certain exemptions, limitations or contractual obligations. Data belonging to or identifying other individuals is exempt from right of access and will be subject to legal privilege. We cannot disclose confidential information related to the purpose of providing education, examinations or supplying examination scripts to external bodies. We cannot disclose confidential information on any of our staff.
Any request for data we store and process about you or your child must be completed in writing. The Subject Access Request form can be obtained from our Data Protection Officer by email on firstname.lastname@example.org. Data Protection Law allows us to respond to any such written requests within one calendar month. Excessive requests or simultaneous requests for the same information may incur an administration fee or be refused where Data Protection Law allows us to do so.
Under Data Protection Law we are required to obtain consent to process an individual’s personal data. This is with limitations and exceptions as we may have lawful and legitimate reasons to process such data to support the school’s operation as an independent school or fulfil contractual or legal obligations, regardless of consent. When our school collects information about you, our school takes reasonable steps to advise you of certain matters. This includes the purpose of the collection, and how to access, update and correct information held about you. For information about students and their families, a consent form is provided to parents (or mature students) upon enrolment. In some cases, we may send out separate consent requests using:
- paper based consent forms;
- electronic consent forms;
- digital applications to obtain consent.
9. PRIVACY NOTICE UPDATES
AIS will update this Privacy Notice from time to time. Any substantial changes that affect how we process your personal data will be notified on our website. If required, we will also notify you directly. This Privacy Notice should be read in conjunction with other school policies and any contract terms and conditions.
If you are not satisfied with our response or believe we are processing your personal data uncompliant with the law, we recommend that you contact our Data Protection Officer by email on email@example.com to take necessary steps to resolve the matter.