This policy governs the collection, use and/or disclosure of personal data by the school that recognises the rights of individuals to protect and gain access to their personal data held by the school as well as the needs of the school to use, collect and disclose the data for reasonable business purpose. This Policy applies to personal data held in any form and media, including written notes and records, held and processed by ISHCMC, and sets out its duties for staff when dealing with personal data. It provides guidance on collecting, using, disclosing, retaining, accessing, correcting and security of all personal data held by the school.
ISHCMC is required to collect, use and/or disclose personal data regarding pupils, their parents, legal or local guardians and its staff as part of its operations, and must take all reasonable steps to do so in accordance with this Policy. ISHCMC aims to have transparent systems for the collection, use and disclosure of personal data.
Any individual is entitled to request access to information relating to their personal data that is in the possession or under the control of the school.
This policy sets out 9 obligations of the school in relation to personal data protection:
1) Purpose limitation – The school should notify individuals of the purpose for which they collect, use or disclose personal data. A reasonable person test should be applied to determine what a reasonable person would consider appropriate information to collect in the circumstances. Data collected should not be excessive
2) Consent – The school should obtain positive consent from the individual to collected their personal data. Consent should be given voluntarily.
3) Notification – ISHCMC will notify the individual of the purpose of the collection, use and disclosure of the personal data before such collection, use and disclosure
4) Access and correction - Individuals should be given the right to access and correct their personal data held or controlled by the school. There may however be exceptions to when access may not be provided. Such exceptions will be considered on a case by case basis by the Head of School in consultation with the Head of Legal, Asia at Cognita.
5) Accuracy – ISHCMC makes reasonable efforts to ensure the accuracy of Personal Data held on an individual e.g. student medical data and parent contact number
6) Protection – The school should make reasonable security arrangements to protect data e.g. clear desk and clear screen policy, safe disposal via secured shredding, protect against unauthorized access/loss/theft
7) Retention limitation – ISHCMC will only retain personal data for so long as there is a legitimate legal or business reason to keep the data
8) Transfer limitation – ISHCMC will not transfer the personal data outside Vietnam and information should only be transferred to a third party if the school is satisfied the data will be protected and secured.
9) Openness – ISHCMC will be open and transparent with individuals on the policies, practice and complaints procedure of the school in relation to collection, use and disclosure of personal data.
“Personal Data“ means any data (true or false) about an individual that can identify the individual from that data or other data that the school has. Examples include name, address, date of birth, photographs, passport number.
“Processed" or "Processing" means the carrying out of any operation or set of operations in relation to the personal data, and includes any of the following: recording, holding, organisation, adaptation or alteration, retrieval, combination, transmission, erasure or destruction.
“Pupil(s)” means current, past or prospective pupils, unless express stated otherwise.