The International School at Sotogrande (SIS) values the privacy of every person and is committed to protecting information that school collect.
All staff, service providers (contractors) and agents, (whether paid or unpaid) of the School must comply with actual privacy law and this policy.
In the International School at Sotogrande the management of ‘personal information’ and ‘health information’ is governed by the General Data Protection Regulation (GDPR) approved by the EU Parliament on 14 April 2016 and Spanish Ley 34/2002, de 11 de julio, de servicios de la sociedad de la información y de comercio electrónico.
This policy will be regularly reviewed and updated to take account of new laws and technology and the changing school environment when required. Please ensure you have the current version of this policy.
What information do we collect?
Our school collects the following type of information:
- information about students and their family, provided by students, their family and others
- information about job applicants, staff, volunteers and visitors; provided by job applicants, staff members, volunteers, visitors and others
What means “information”?
Personal information is information or opinion, whether true or not, about a person whose identity is apparent, or can reasonably be ascertained, from the information or opinion – that is recorded in any form. For example, a person’s name, address, phone number and date of birth (age). De-identified information about students can also be personal information.
Health information is information or opinion about a person’s physical, mental or psychological health or disability, that is also personal information – whether in writing or not. This includes information or opinion about a person’s health status and medical history, immunisation status and allergies, as well as counselling records.
Sensitive information is information or opinion about a set of specific characteristics, including a person’s racial or ethnic origin, political opinions or affiliations, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices; or criminal record. It also includes health information.
How do we collect this information?
Our school collects information in a number of ways, including:
- in person and over the phone: from students and their family, staff, volunteers, visitors, job applicants and others
- from electronic and paper documentation: including job applications, emails, invoices, enrolment forms, letters to our school, consent forms (for example: enrolment, excursion, Student Support Services consent forms), our school’s website or school-controlled social media
- through online tools: such as apps, forms and other software used by our school
- through any CCTV cameras located at our school.
When our school collects information about you, our school takes reasonable steps to advise you of certain matters. This includes the purpose of the collection, and how to access, update and correct information held about you. For information about students and their families, a collection notice is provided to parents (or mature minor students) upon enrolment.
Unsolicited information about you
Our school may receive information about you that we have taken no active steps to collect. If permitted or required by law, our school may keep records of this information. If not, we will destroy or de-identify the information when practicable, lawful and reasonable to do so.
Why do we collect this information?
Primary purposes of collecting information about students and their families
Our school collects information about students and their families when necessary to:
- educate students
- support students’ social and emotional wellbeing, and health
- fulfil legal requirements, including to:
- take reasonable steps to reduce the risk of reasonably foreseeable harm to students, staff and visitors (duty of care)
- make reasonable adjustments for students with disabilities (anti discrimination law)
- provide a safe and secure workplace (occupational health and safety law)
- enable our school to:
- communicate with parents about students’ schooling matters and celebrate the efforts and achievements of students
- maintain the good order and management of our school
- enable the School to:
- ensure the effective management, resourcing and administration of our school
- fulfil statutory functions and duties
- plan, fund, monitor, regulate and evaluate the School’s policies, services and functions
- comply with reporting requirements
- investigate incidents in schools and/or respond to any legal claims against the School, including any of its schools.
Primary purposes of collecting information about others
Our school collects information about staff, volunteers and job applicants:
- to assess applicants’ suitability for employment or volunteering
- to administer employment or volunteer placement
- for insurance purposes
- to fulfil various legal obligations, including employment and contractual obligations, occupational health and safety law and to investigate incidents
- to respond to legal claims against our school.
When do we use or disclose information?
Our school uses or discloses information consistent with GDPR, as follows:
- for a primary purpose – as defined above
- for a related secondary purpose that is reasonably to be expected – for example, to enable the school council to fulfil its objectives, functions and powers
- with notice and/or consent – including consent provided on enrolment and other forms
- when necessary to lessen or prevent a serious threat to:
- a person’s life, health, safety or welfare
- the public’s health, safety or welfare
- when required or authorised by law – including as a result of our duty of care, anti-discrimination law, occupational health and safety law, reporting obligations to agencies such as “Spanish Ministerio de Sanidad” and/or Social Services and complying with tribunal or court orders, subpoenas or SIS Police warrants
- to investigate or report unlawful activity, or when reasonably necessary for a specified law enforcement purpose, including the prevention or investigation of a criminal offence or seriously improper conduct, by or on behalf of a law enforcement agency
- for Departmental research or school statistics purposes
- to establish or respond to a legal claim.
A unique identifier (SAP code) is assigned to each student to enable the school to carry out its functions effectively.
Student transfers between SIS and another schools
When a student has been accepted at, and is transferring to, another school, our school transfers information about the student to that school. This may include copies of the student’s school records, including any health information.
This enables the next school to continue to provide for the education of the student, to support the student’s social and emotional wellbeing and health, and to fulfil legal requirements.
Responding to complaints
On occasion our school receive complaints from parents and others. Our school will use and disclose information as considered appropriate to respond to these complaints (including responding to complaints made to external organisations or agencies). To carry out any query related to your personal data stored by SIS, you must request by email the standardized form for this application.
Accessing your information
All individuals, or their authorised representative(s), have a right to access, update and correct information that our school holds about them.
Access to student information
Our school only provides school reports and ordinary school communications to parents/guardians who have a legal right to that information. Requests for access to other student information must be made by making an Information Request application through the Admissions Department (see below).
In some circumstances, an authorised representative may not be entitled to information about the student. These circumstances include when granting access would not be in the student’s best interests or would breach our duty of care to the student, would be contrary to a mature minor student’s wishes or would unreasonably impact on the privacy of another person.
Access to staff information
School staff may first seek access to their personnel file by contacting the principal. If direct access is not granted, the staff member may request access through the Data Protection Officer.
Storing and securing information
Our school takes reasonable steps to protect information from misuse and loss, and from unauthorised access, modification and disclosure. Our school stores all paper and electronic records securely following the security standards.
When using software and contracted service providers to manage information, our school assesses these according to the appropriate departmental processes.
Updating your information
We endeavour to ensure that information about students, their families and staff is accurate, complete and up to date. To update your information, please contact our school’s Customer Relationship Officer.
If you want to make an Information Request Application or you have andy query or complain, please contact:
- IT Department/Legal Department
- International School at Sotogrande S.L.
- de la Reserva s/n
- 11310 Sotogrande, San Roque (Cádiz), España
- Telephone: +34 956 795 902
- David Álvarez / María Rodríguez
- E-mail : firstname.lastname@example.org