ISS International School’s Privacy Policy

Introduction

The ISS International School collects, processes and discloses personal data in compliance with the requirements of Singapore’s Personal Data Protection Act (PDPA) and EU’s General Data Protection Regulation (GDPR).

There is a policy in place to preserve and protect the data that you have voluntarily provided. We use the information during the course of your enrolment with us. We respect your data and will endeavour to keep it safe.

ISS International School understands your expectation that your personal information is maintained accurately and secured from any unwarranted disclosures.

Which categories of student information do we process?

The categories of student information that we process include:

  • Personal identifiers and contact information (such as name; passport/ NRIC/ FIN information; contact details; dates of enrolment, withdrawal and/ or graduation; and addresses)
  • Characteristics (such as ethnicity, nationality, gender, and language)
  • Safeguarding information (such as court orders and professional involvement, if any)
  • Special educational needs (including the needs and ranking)
  • Medical and administration (such as doctor’s information, child health, dental health, allergies, medication)
  • Attendance and discipline (such as sessions attended, number of absences, absence reasons, any previous schools attended and disciplinary records)
  • Assessment and attainment  (such as report card grades and results of external examinations)
  • Behavioural information (such as exclusions and any relevant alternative provision put in place)
  • Local or overseas trips, extra-curricular activities (ECAs), camps, and inter-school competitions (personal identifiers, medical, food allergies)
  • Canteen and/ or catering (personal identifiers, dietary requirements, food allergies)
  • Health and safety information (personal identifiers, contacts and incident details)
  • School surveys (personal identifiers, preferences, responses)
  • School publications – e.g., newsletters, yearbooks, websites (personal identifiers, photos, videos, testimonials)
  • School activities and events (personal identifiers, text, photos, videos, testimonials)
  • School social media and promotional platforms (personal identifiers, text, photos, videos, testimonials, avatars, comments, enquiries)
  • School bus services (personal identifiers, medical)
  • Alumni Services (personal identifiers, attainments and progressions, photo, testimonials)
  • Parent-Teacher conferences (personal identifiers, assessment results, attainment)
  • CCTV footage (video images)

Why do we collect and use student information?

We collect and use student information for the following purposes:

  • to support enrolment applications
  • to support applications of immigration passes
  • to support student learning
  • to register students for examinations
  • to monitor and report on student attainment progress
  • to provide appropriate pastoral care
  • to support timely dissemination of information on school programmes
  • to assess the quality of our services
  • to keep students safe
  • to meet the statutory duties placed upon us (e.g. Private Education Act)
  • to administer the school’s governing body (e.g., school fees)
  • to facilitate and promote health services (e.g., vaccinations, health screening)
  • to meet other statutory duties (personal data protection, health & safety)
  • to administer the Fee Protection Scheme (FPS) under EduTrust
  • to improve or develop new products and services, analyse customer preferences, or provide personalised services
  • to conduct educational research (early stage/ trials/ exploratory/ broader educational research)
  • to prevent and detect fraud, prevent misuse of services, ensure security of business assets and individuals at premises
  • to administer Alumni services such as provide educational references, fundraising, or promotional activities
  • to market our products and services on social media platforms, websites, newsletters, promotional videos, and yearbooks
  • to support college or university applications for graduating students

Collecting student information

We collect student information from a number of sources including but not limited to: admission forms (online or offline), other education settings, students as the data subjects, health professionals and parents (or guardians).

Student data is essential for the schools’ operational use. Whilst the majority of student information you provide to us is mandatory, some of it is requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain student information to us or if you have a choice in this.

Storing student data

We hold student data securely for the set amount of time of 7 years beginning from the date the student withdraws or graduates from the school.

Who do we share student information with?

We share student information with (where applicable):

  • Ministry of Education (MOE), Singapore
  • Committee for Private Education (CPE), Skillsfuture Singapore
  • Immigration and Checkpoints Authority (ICA), Singapore
  • Singapore Police Force
  • Ministry of Health, Singapore
  • schools or universities that the student intends to attend after leaving us
  • medical professionals (e.g. school nurses, hospitals)
  • insurance companies (e.g., fee protection, hospitalisation & accident)
  • bus operators (e.g., school bus service)

Why do we share student information?

We share student information strictly on a needs-basis so we may continue to provide essential services as a school to our students and parents in a timely manner. We do not share information about our students with anyone without consent unless the law and our policies allow us to do so. The legislation the school shares data under includes but is not limited to:

  • Compulsory Education Act, Singapore
  • Private Education Act, Singapore
  • Immigration Act, Singapore
  • Personal Data Protection Act (PDPA), Singapore
  • General Data Protection Regulation (GDPR), European Union

The Committee for Private Education (CPE) collects personal data from private education institutions (PEIs) such as ISS International School via various statutory data collections (e.g., Private Education Act). We are required to share information about our students with CPE when requested. All data is transferred securely and held by CPE under a combination of software and hardware controls, which meet the current government security policy framework.

How the Government uses your data

The student information that we lawfully share with CPE through data collections:

  • underpins annual reporting to the Ministry of Education, Singapore
  • ensures compliance of private education regulations
  • for accreditation purposes (e.g., EduTrust)

Compliance to PDPA of Singapore

The confidentiality of your personal information is important to us. You have our assurance that if your personal information is collected, used or disclosed for the purposes we have listed in this privacy statement, we will protect and use the information in accordance with the Personal Data Protection Act (2020) of Singapore.

Compliance to GDPR of the European Union (EU)

Applies to students and parents who are residents of the EU only

Under GDPR, the lawful basis we rely on for the majority of processing (including student learning and pastoral care) is:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (e.g. publication of personal identifiers such as name and photographs)
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject; (e.g. health & safety, safeguarding)
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person; (e.g. medical emergencies)
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. (e.g. school photographs)

When processing special categories of personal information the organisation will engage an additional condition from Article 9(2)(a) of the GDPR.

Requesting access to your personal data

Under the GDPR, parents and students have the right to request access to information about them that we hold. To make a request, please contact us.

You also have the right to:

  • to ask us the purpose when processing your data;
  • to ask us the categories of personal data concerning you;
  • to ask us the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • to ask us for access to information about you that we hold;
  • to have your personal information rectified, if it is inaccurate or incomplete;
  • to request the deletion or removal of personal information where there is no compelling reason for its continued processing;
  • to restrict our processing of your personal information (i.e. permitting its storage but no further processing);
  • to object to direct marketing (including profiling) and processing for the purposes of scientific/historical research and statistics;
  • not to be subject to decisions based purely on automated processing where it produces a legal or similarly significant effect on you;

If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance.

Withdrawal of Consent

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.

Access To and Correction of Personal Data

If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you. We will respond to your request as soon as reasonably possible. In general, our response will be within ten (10) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

For students, please click on the Student Personal Data Change Request Form to submit your request. For ISS staff, please approach the HR department for further assistance.

Contact Us

If you would like to discuss anything in this privacy notice, please contact us:
Data Protection Officer: ISS International School
Address: 21 Preston Road, Singapore 109355
Data Protection Officer: dataprotectionofficer@iss.edu.sg