International School of Amsterdam Privacy Notice
The International School of Amsterdam complies with the relevant national data protection regulations. We are committed to keeping personal information accurate, up-to-date, safe, secure and will not keep personal information longer than necessary. This privacy notice explains how we use personal information, who we share it with and the ways in which we protect and account for the protections to privacy. This notice applies to all personal data collected for and on behalf of the school. This pertains to information collected in analogue (forms, documents, in writing) and through technological means such as information systems and email.
From time to time, we will make you aware when we require additional personal information for processing through a separate specific privacy notice.
How we use personal information
The school collects personal information and sensitive categories of personal information of students, parents employees and at times third parties, to provide a safe and caring environment for teaching, learning and general educational purposes. We use the information you provide for purposes that are necessary by law and required to undertake the performance of the contract into which you have entered and do so as we are required to do by law. We will always ensure we have a condition for processing personal and sensitive information
We use the information you provide in the following ways:
- to undertake and manage the school admissions and enrolment
- for approved school trips
- personal financial information (for the purposes of billing and payment of tuition)
- to provide a safe learning environment
- to comply with child protection requirements
- to support and enable the academic, pastoral and personal objectives of children, including the monitoring and reporting of progress
- to provide support and care for emotional and psychological wellbeing (pastoral and counselling)
- to protect the health of the students and staff we serve. We may also use data provided to us by other health professionals to safeguard staff and students.
- to provide a tailored learning environment and make evidence-based educational decisions for the children we serve
- to enable the children we serve to continue or progress their education at other educational organisations
- to enable the development of a comprehensive picture of the workforce and how it is deployed
- to inform the development of recruitment and retention policies
- to enable individuals to be paid
- to support and develop our employees in the performance of their duties
- for financial planning to help in the future planning and resource investment purposes
- for meet our statutory reporting requirements to The IB, CIS, NEASC, Amstelveen and Amsterdam Gemeentes, the GGD Amsterdam and other authorities
- to help investigate any concerns or complaints you may have
Why do we collect and use personal information
We collect and use personal information to carry out the education services as prescribed above. We do so under a lawful basis, as prescribed by our Articles of Association, registered with Kamer van Koophandel (registration number: 41199478). In some circumstances we may be required to share your personal data for legal statutory purposes or under legitimate interest. If we need to share your information we will ensure, if required, that you are advised.
The categories of personal information that we collect, hold and may share include:
- personal information (such as name, date of birth, unique number and address)
- special categories of data (such as health, ethnicity)
- other relevant categories for the performance of our services (such as assessment, relevant medical information, special educational needs information, exclusions / behavioural information and psychological reports and assessments)
- attendance information (such as sessions attended, number of absences and absence reasons)
- logging and audit in the use of IT systems and education technology apps, applications and cloud based systems
- photographs and videos taken by staff and students throughout the school year to record and share learning at ISA. Your child may be identifiable in these photographs.
- photographs taken for identification purposes e.g. ID cards, annual school yearbook.
Collecting student information
Whilst the majority of student information you provide to us is required for the performance of a contract or by law, some of it is provided to us on a voluntary basis.
In order to comply with data protection law, we will inform you when we require consent to process your information. Where consent is provided you or your child are free to withdraw consent at anytime. You can contact our Data Protection Lead at email@example.com if you or your child wish to withdraw consent.
Retention and storing of personal data
The school recognises that by efficiently managing its records, it will be able to comply with its legal and regulatory obligations and to contribute to the effective overall management of the institution. Records provide evidence for protecting the legal rights and interests of the school, and provide evidence for demonstrating performance and accountability.
All pupil and staff records will be stored securely at all times. Paper and electronic records will have appropriate security measures in place. This will ensure that confidentiality is maintained for pupil and staff records whilst enabling information to be shared lawfully and appropriately, and to be accessible for those authorised to see it.
The pupil and staff records will be disposed of in accordance with the safe disposal of records guidelines. If records have been identified as historically important they will be archived.
Whilst we store and use your personal data we will ensure the appropriate security of your personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Who do we share student information with?
Example of who we may share data with:
- Schools, colleges or universities that the students attend after leaving us
- Family nurses, doctors or social service organisations where sharing is in the vital interests, or where not sharing could have a negative impact on the individual
- Providers of information systems that are necessary for School to deliver the admissions, administration, teaching and learning, pastoral development, and child protection services
- Third parties for school trips / outings
Who do we share workforce information with
Unless there is a statutory requirement we do not share information about workforce members with anyone without consent unless the law and our policies allow us to do so. We may be required to share information about our school employees with our local Gemeente or the US Office of Overseas Schools
We collect information in the form of CCTV to ensure the safety and security of students and staff. You have the right to access the images of you. We retain CCTV images for 10 days after which they are deleted. Access to these images can be requested through the Data Protection Lead (firstname.lastname@example.org). Please refer to our CCTV Policy for further information
Processing and transfers to third countries
Personal information may be transferred to organisations outside the EU for the purposes of student application for college or university. Various teaching and learning applications are also used that are based outside the EEA / EU. Information on these and the protections afforded by these data processors can be requested from the Data Protection Lead (email@example.com).
Some educational applications profile the behaviour, use and outcomes of children. The school has a process to assess the impact on children and applications are only adopted where the profiling serves the learning goals of the classroom. In evaluating the use of these applications the school will consider the benefit gained from using it for the child to learn, develop and explore, against the negatives identified from profiling.
The school’s IT systems log the use, access and content viewing of all users. No profiling is done on this information. The logs enable the school to assess child protection and safeguarding (pastoral) risks or concerns if and when they occur. The school has a process in place to ensure only those with the relevant training and expertise have access to the data generated by this logging activity.
For the purposes of IT hosting and maintenance all school information including personal data is located on servers hosted either at the school or by Veracross and/or Google. No third parties have access to your personal data unless the law allows them to do so. Where the law allows and information is shared with third parties, we ensure they have the same protections in place as we do. We cannot deliver our education services without processing the data we collect and share.
In following the principles of Article 32 – Security of Processing of the GDPR, we have in place proportionate organisational and technical measures to protect your personal information. More information on these can be requested via the Data Protection Lead (firstname.lastname@example.org).
ISA uses Google Workspace for Education, which includes programs such as Google Docs, Gmail, and Classroom. When using these programs, Google collects information about our users, including visited websites, login time and searches. In our contract with Google, our school remains in control of what Google can and may do with all this personal information. Our school is a data controller and Google is not allowed to advertise or use the data of our students and employees for their purposes.
Cookies are small pieces of information sent from our website to your computer or mobile device and that are stored on your device’s hard drive. Cookies allow us to gather useful information such as the number of visitors to our site, which pages they have been visiting and other technical information that allows us to improve our services.
Requesting access to your personal data
Under data protection legislation, anyone has the right to request access to information about them that we hold. To make a request for your personal information, contact the Data Protection Lead (email@example.com) and/or see our Information Rights Guidelines.
You also have certain additional rights to:
- be informed of how we are processing your personal information – this Privacy Notice serves to explain this to you but please do get in touch if you have any questions;
- have your data corrected if it is inaccurate or incomplete;
- have your information erased (the right to be forgotten) in certain circumstances – e.g. where it is no longer needed by us for the purpose for which it was collected or you have withdrawn your consent;
- restrict the use of your data in certain circumstances e.g. where you have told us the data is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your data but will not process it further until we have checked and confirmed whether the data is inaccurate;
- to object to the processing of your data in certain circumstances – e.g. you may object to processing of your data for direct marketing purposes.
- to object to decisions being taken by automated means or for it to be reviewed by manual intervention.
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have any concerns about the way we are collecting or using your personal data, you should raise your concern with us in the first instance by emailing our Data Protection Lead at firstname.lastname@example.org. You can also directly contact the Autoriteit Persoonsgegevens https://autoriteitpersoonsgegevens.nl/
If you would like to discuss anything in this privacy notice, please contact:
Data Protection Lead and Director of Educational Technology
The International School of Amsterdam