The school uses and processes pupil information within the remit of the (EU) 2016/679 Regulation (General Data Protection Regulation), referred to throughout this statement as the GDPR.
This notice explains how The International School of Paphos (ISOP) processes your personal information/data. In this document “We “Us” or “Our” means The International School of Paphos or any part of it.
We aim to comply with the General Data Protection Regulation (the GDPR) when processing your personal information. The purpose of the GDPR is to safeguard information about people (referred to in the GDPR as Personal Data) and covers issues such as data security, individual rights to access information about them held by The International School of Paphos, and the use and disclosure of Personal data.
We are the Data Controller of personal data about staff, students and their parents and/or guardians, and associates. This means that we are responsible for compliance with relevant legislation
This notice applies to current and prospective staff, students and their parents and/or guardians and associates.
2. How we acquire Personal Data
2.1 We may acquire Personal Data in a number of ways including, without limitation, the following:
- Parents of students provide us with Personal Data about themselves or their family through the application process, these may include contact details,
Characteristics (such as ethnicity, language, date of birth, disability )
- We may acquire Personal Data from third parties, such as safeguarding information (from professional involvement), previous school data, public authorities
Medical and administration (such as, child health, allergies, medication and dietary requirements)
- Attendance (such as sessions attended, number of absences, absence reasons and any previous schools attended)
- Assessment and attainment
- Behavioural information, though the Behaviour record sheet.
3. Why we collect and use Personal information
3.1 We collect and use pupil information, for the following purposes, without limitation:
- To support pupil learning
- To Monitor and report on pupil attainment progress
- To assess the quality of our services
- To keep children safe
- To meet the General Data Protection Regulations
- To provide appropriate pastoral care
- To enable students to take part in examinations and assessments
- We collect and use pupil information under Article 6 (Lawfulness of Processing) and Article 9 (Processing of Special Categories) of the GDPR, this enables the school to process information such as assessments, special educational needs requests, examination results and other such data processes that relate educational data to the individual, within the requirements for the school to provide education for the individual.
4. How we collect pupil information
4.1 We collect pupil information in the following ways:
- Application process
- Face to Face - If you attend our school, or we visit you, we may collect your personal data
- Orally during telephone conversations and meetings
- Email - If you email us we may keep a record of your email address and the email as evidence of the contact. We are unable to guarantee the security of any email initiated by you and we recommend that you keep the amount of confidential information you send to us via email to a minimum.
- Medical forms and information
- Registration process
- Financial information
Pupil data is essential for the school’s operational use. Whilst the majority of pupil information you provide to us is mandatory, some of it is requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain pupil information to us or if you have a choice in this.
5. How we store and dispose of pupil data
- We hold pupil data securely for the set amount of time required by legislation and school needs.
- We hold data in hard copy and electronic form
- We dispose of Personal Data appropriately including shredding papers securely and ensuring data is deleted from all information technology and memory devices.
6. Who we share student information with
6. 1 We share data where we have consent to do so, which can include
- Teaching staff and Senior Management Team
- Parents; where legislation allows, for example academic purposes
- School staff where this is in the interest of the student, for example during Trips and Activities where it may be appropriate to share medical and health information.
- With appropriate staff at ISOP, for example where students may have a medical condition which requires daily medication to be dispensed.
6.2 We may also share data with third parties, where doing so complies with relevant legislation. For example:
- Schools, Universities and/or Further Education that students attend after leaving us
- Government agencies where we are compelled to provide Personal Data for example in respect of Safeguarding a student
- Medical details for a student where it is in the student’s interest to do so, for example to enable consent for a trip or activity or for insurance purposes.
- With Educational bodies such as UCAS, Universities, external assessors, where it is in the student’s interest to support an application.
Requesting access to your personal data
You also have the right to:
- Object to processing of personal data that is likely to cause, or is causing, damage or distress
- Prevent processing for the purpose of direct marketing
- Object to decisions being taken by automated means
- In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- Seek redress, either through the Office of the Commissioner for Data Protection, or through the courts
In the unlikely event that your concern or complaint is not resolved you can contact:
The Office of the Commissioner for Data Protection:
1 Iasonos str., 1082 Nicosia P.O.Box 23378, 1682 Nicosia Tel: +357 22818456 Fax: +357 22304565