The International School at Sotogrande (SIS) values the privacy of every person and is committed to protecting information that school collect.
All staff, service providers (contractors) and agents, (whether paid or unpaid) of the School must comply with actual privacy law and this policy.
In the International School at Sotogrande the management of ‘personal information’ and ‘health information’ is governed by the General Data Protection Regulation (GDPR) approved by the EU Parliament on 14 April 2016 and Spanish Ley 34/2002, de 11 de julio, de servicios de la sociedad de la información y de comercio electrónico.
This policy will be regularly reviewed and updated to take account of new laws and technology and the changing school environment when required. Please ensure you have the current version of this policy.
What information do we collect?
Our school collects the following type of information:
What means “information”?
Personal information is information or opinion, whether true or not, about a person whose identity is apparent, or can reasonably be ascertained, from the information or opinion – that is recorded in any form. For example, a person’s name, address, phone number and date of birth (age). De-identified information about students can also be personal information.
Health information is information or opinion about a person’s physical, mental or psychological health or disability, that is also personal information – whether in writing or not. This includes information or opinion about a person’s health status and medical history, immunisation status and allergies, as well as counselling records.
Sensitive information is information or opinion about a set of specific characteristics, including a person’s racial or ethnic origin, political opinions or affiliations, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices; or criminal record. It also includes health information.
How do we collect this information?
Our school collects information in a number of ways, including:
When our school collects information about you, our school takes reasonable steps to advise you of certain matters. This includes the purpose of the collection, and how to access, update and correct information held about you. For information about students and their families, a collection notice is provided to parents (or mature minor students) upon enrolment.
Unsolicited information about you
Our school may receive information about you that we have taken no active steps to collect. If permitted or required by law, our school may keep records of this information. If not, we will destroy or de-identify the information when practicable, lawful and reasonable to do so.
Why do we collect this information?
Primary purposes of collecting information about students and their families
Our school collects information about students and their families when necessary to:
Primary purposes of collecting information about others
Our school collects information about staff, volunteers and job applicants:
When do we use or disclose information?
Our school uses or discloses information consistent with GDPR, as follows:
A unique identifier (SAP code) is assigned to each student to enable the school to carry out its functions effectively.
Student transfers between SIS and another schools
When a student has been accepted at, and is transferring to, another school, our school transfers information about the student to that school. This may include copies of the student’s school records, including any health information.
This enables the next school to continue to provide for the education of the student, to support the student’s social and emotional wellbeing and health, and to fulfil legal requirements.
Responding to complaints
On occasion our school receive complaints from parents and others. Our school will use and disclose information as considered appropriate to respond to these complaints (including responding to complaints made to external organisations or agencies). To carry out any query related to your personal data stored by SIS, you must request by email the standardized form for this application.
Accessing your information
All individuals, or their authorised representative(s), have a right to access, update and correct information that our school holds about them.
Access to student information
Our school only provides school reports and ordinary school communications to parents/guardians who have a legal right to that information. Requests for access to other student information must be made by making an Information Request application through the Admissions Department (see below).
In some circumstances, an authorised representative may not be entitled to information about the student. These circumstances include when granting access would not be in the student’s best interests or would breach our duty of care to the student, would be contrary to a mature minor student’s wishes or would unreasonably impact on the privacy of another person.
Access to staff information
School staff may first seek access to their personnel file by contacting the principal. If direct access is not granted, the staff member may request access through the Data Protection Officer.
Storing and securing information
Our school takes reasonable steps to protect information from misuse and loss, and from unauthorised access, modification and disclosure. Our school stores all paper and electronic records securely following the security standards.
When using software and contracted service providers to manage information, our school assesses these according to the appropriate departmental processes.
Updating your information
We endeavour to ensure that information about students, their families and staff is accurate, complete and up to date. To update your information, please contact our school’s Customer Relationship Officer.
If you want to make an Information Request Application or you have andy query or complain, please contact:
Por favor contáctenos en firstname.lastname@example.org y responderemos lo antes posible.