PRIVACY NOTICE

PRIVACY NOTICE

1. Introduction

The school uses and processes student information within the remit of the (EU) 2016/679 Regulation (General Data Protection Regulation), referred to throughout this statement as the GDPR.

This notice explains how The International School of Paphos (ISOP) processes your personal information/data. In this document “We “Us” or “Our” means The International School of Paphos or any part of it.

We aim to comply with the General Data Protection Regulation (the GDPR) when processing your personal information. The purpose of the GDPR is to safeguard information about people (referred to in the GDPR as Personal Data) and covers issues such as data security, individual rights to access information about them held by The International School of Paphos, and the use and disclosure of Personaldata.

We are the Data Controller of personal data about staff, students and their parents and/or guardians, and associates. This means that we are responsible for compliance with relevant legislation.
This notice applies to current and prospective staff, students and their parents and/or guardians and associates.
Any questions you have in relation to this policy should be directed to DPO@isop-ed.org

2. How we acquire Personal Data
2.1 We may acquire Personal Data in a number of ways including, without limitation, the following:
  • Parents of students provide us with Personal Data about themselves or their family
    through the application process. These may include contact details, characteristics (such as ethnicity, language, date of birth, disability)
  • We may acquire Personal Data from third parties, such as safeguarding information (from professional involvement), previous school data, public authorities, medical and administration (child health, allergies, medication and dietary requirements)
  • Attendance (number of absences, absence reasons and any previous schools attended)
  • Assessment and attainment
  • Behavioural information, through the Behaviour record sheet.
3. Why we collect and use Personal information
3.1 We collect and use student information, for the following purposes, without
limitation:
  • To support student learning
  • To monitor and report on student attainment progress
  • To assess the quality of our services
  • To keep children safe
  • To meet the General Data Protection Regulations
  • To provide appropriate pastoral care
  • To enable students to take part in examinations and assessments
  • We collect and use student information under Article 6 (Lawfulness of Processing) and Article 9 (Processing of Special Categories) of the GDPR. This enables the school to process information such as assessments, special educational needs requests, examination results and other such data processes that relate educational data to the individual, within the requirements of the school to provide education for the individual.
4. How we collect student information
4.1 We collect student information in the following ways:
  • Application process

  • Face to Face — if you attend our school, or we visit you, we may collect your personal data

  • Orally during telephone conversations and meetings

  • Email — If you email us, we may keep a record of your email address and the email as evidence of the contact. We are unable to guarantee the security of any email initiated by you and we recommend that you keep the amount of confidential information you send to us via email to a minimum

  • Medical forms and information

  • Registration process

  • Examinations

  • Attendance

  • Financial information

Student data is essential for the school’s operational use. Whilst the majority of student information you provide to us is mandatory, some of it is requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain student information to us or have a choice in this.

5. How we store and dispose of student data
  • We hold student data securely for the set amount of time required by legislation and school needs
  • We hold data in hard copy and electronic form
  • We dispose of Personal Data appropriately including, shredding papers securely and ensuring data is deleted from all information technology and memory devices
6. Who we share student information with
6. 1 We share data where we have consent to do so, which can include
  • Teaching staff and Senior Management Team
  • Parents — where legislation allows, for example academic purposes
  • School staff — where this is in the interest of the student, for example during trips and
    activities that may be appropriate in order to share medical and health information
  • With appropriate staff at The International School of Paphos, for example where
    students may have a medical condition which requires daily medication to be dispensed
6.2 We may also share data with third parties, where doing so complies with relevant
legislation

For example:

  • Schools, Universities and/or Further Education Institutions that students attend after
    leaving us
  • Government agencies where we are compelled to provide Personal Data, for example in
    respect of safeguarding a student
  • Medical details for a student — when it is in the student’s interest to do so, for example
    to enable consent for a trip or activity or for insurance purposes
  • With Educational bodies such as UCAS, universities, external assessors, where it is in the
    student’s interest to support an application

Requesting access to your personal data

Under Data Protection Legislation, parents and students have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the DPO Officer at DPO@isop- ed.org.

You also have the right to:

  • Object to processing of personal data that is likely to cause, or is causing, damage or distress
  • Prevent processing for the purpose of direct marketing
  • Object to decisions being taken by automated means
  • In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
  • Seek redress, through the Office of the Commissioner for Data Protection
Complaints

We take any complaints about our collection and use of personal information seriously. If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us by contacting the school, emailing DPO@isop-ed.org in the first instance. Should your concern or complaint not be resolved to your satisfaction, you can make an appointment to speak to the Head of School or the Managing Director.

Contact us
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please email DPO@isop-ed.org

In the unlikely event that your concern or complaint is not resolved, you can contact:
The Office of the Commissioner for Data Protection:

1 Iasonos str., 1082 Nicosia P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456 Fax: +357 22304565
Email: commissionerdataprotection@gov.cy