Data Protection Policy
REPS School collects and uses personal information about staff, pupils, parents and other individuals who come into contact with the school. This information is gathered in order to enable the school to provide education and other associated functions. In addition, there may be a legal requirement to collect and use information to ensure that the school complies with its statutory obligations.
All staff involved with the collection, processing and disclosure of personal data will be aware of their duties and responsibilities by adhering to these guidelines.
This policy explains the general principles that will be used by Swiss International Scientific School in processing data and how you can complain if you feel that we have used your data incorrectly. The appendices explain, for specific types of data, how and why personal data will be used and how long it will usually be retained for.
DATA PROTECTION PRINCIPLES
We will comply with data protection law and principles, which means that your data will be: Used lawfully, fairly and in a transparent way.
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
Relevant to the purposes we have told you about and limited only to those purposes. Accurate and kept up to date.
Kept only as long as necessary for the purposes we have told you about. Kept securely.
The school is committed to maintaining these principles and will therefore:
Inform individuals why the information is being collected when it is collected
Inform individuals when their information is shared, and why and with whom it was shared Check the quality and accuracy of the information it holds
Ensure the information is not retained for longer than necessary
Ensure that when obsolete information is destroyed that it is done so appropriately and securely Ensure that clear and robust safeguards are in place to protect personal information from loss, theft and unauthorized disclosure, irrespective of the format in which it is recorded
Share information with others only when it is legally appropriate to do so Set out procedures to ensure compliance with subject access requests Ensure our staff are aware of and understand our policies and procedures.
What is Personal Information?
Personal information or data is defined as data which relates to a living individual who can be identified from that data, or other information held. please also refer to the Parent and Student Privacy Notice provided to you for further information on how and why we collect personal information about you.
We will use the personal information we collect about you to:
- Assess the prospective pupil’s suitability for attendance at the School.
- Communicate with the parents or guardians about the admissions process.
- Keep records related to our admissions processes.
- Comply with legal or regulatory requirements.
THE KIND OF INFORMATION WE HOLD ABOUT YOU
In connection with your admissions enquiry with us, we will collect, store, and use the following categories of personal information about you:
- For parents or guardians: the information you have provided on our admissions enquiry form, including name, title, address, telephone numbers, personal email address, and any information you provide on the means testing form, including your personal financial information and any other information you provide voluntarily.
- For prospective pupils: date of birth, gender, education history and photographs from prospective student events.
- For both parents/guardians and prospective pupils, any information you provide to us during an interview.
- Your child’s current School, if applicable, from whom we collect the following categories of data: educational attainment; any conduct or other relevant behavioral issues with your current school.
- Your child’s health information and background such as immunization records; health issues; health restrictions; information on disabilities; any emotional, learning, physical and other health needs; etc You, the prospective pupil and parent/ guardian.
If you are a applying to be a new member of staff, the following information below may be collected from you.
- Personal information such as name; title; next of kin; postal address; email address; phone number; date and country of birth; religious beliefs and practices; gender; nationality; government issued ID information; visa information; etc.;
- information about your background such as education, qualifications and professional achievements;
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Heads of Marketing and Admissions. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- 1.1. We understand the importance of securing your personal information in our care. We utilize reasonable security measures that include technical, administrative and physical safeguards to secure your personal information in our care from unauthorized access, modification, disclosure or destruction.
- 1.2. However, if you provide us with personal information over the internet, you should be aware that the absolute security of the information transmitted over the internet or stored in electronic storage cannot be guaranteed to be 100% secure. While we take reasonable efforts to protect such personal information, you acknowledge that we cannot ensure or warrant the security of any personal information provided by these means and you provide it to us at your own risk.
- Password and Confidentiality
7.1. If you are provided with a user identification code, password or any other piece of information as part of our security procedures, you are responsible for maintaining the confidentiality of your password and user name for the Site and you are responsible for all activities that are carried out under them. We do not have the means to check the identities of people using the Site and we will not be liable where your password or user name is used by someone else.
- Your data protection rights
8.1. You have the right to ask us for copies of your information, which is free of charge in most cases.
8.2. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
8.3. You have the right to ask us to erase your information in certain circumstances.
8.4. You have the right to object to the processing of your information in certain circumstances.
8.5. You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances.
8.6. We may request proof of your identity before we disclose such information to you. That’s so we can prevent unauthorized access. Just write to us at the contact details provided in the Contact Us section below.
Data Protection (followed as guidelines)
Personal data will be recorded, processed, transferred and made available according to the Data Protection Act 1998 which states that personal data must be:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Kept no longer than is necessary
- Processed in accordance with the data subject’s rights
- Only transferred to others with adequate protection
The school must ensure that:
- It will hold the minimum personal data necessary to enable it to perform its function and it will not hold it for longer than necessary for the purposes it was collected for.
- Every effort will be made to ensure that data held is accurate, up to date and that inaccuracies are corrected without unnecessary delay.
- All personal data will be fairly obtained in accordance with the “Privacy Notice” and lawfully processed in accordance with the “Conditions for Processing”.
- There are clear and understood policies and routines for the deletion and disposal of data
- There is a policy for reporting, logging, managing and recovering from information risk incidents
- There are clear Data Protection clauses in all contracts where personal data may be passed to third parties
Staff must ensure that they:
- At all times take care to ensure the safe keeping of personal data, minimizing the risk of its loss or misuse.
- Use personal data only on secure password protected computers and other devices, ensuring that they are properly “logged-off” at the end of any session in which they are using personal data
- Transfer data using encryption and secure password protected devices
9.2. You are entitled to ask us not to process your personal information for marketing purposes.
10.2. We only set a few cookies ourselves, but when we include content from other websites (like Telegram or Facebook) they also get the opportunity to set cookies, to help them serve their content better.
11.0. You don’t want cookies?
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&answer=95647
- Safari: https://support.apple.com/en-ae/guide/safari/sfri11471/mac
- Microsoft Edge: https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy
- If you use a different web browser, please contact the browser maker for instructions on disabling cookies. Please note that, if you disable cookies in your browser, some aspects of the Site, and of other websites, may stop working.
REPS is committed to respecting your privacy and protecting your personal information. We recognize our obligation to keep sensitive information secure and have created this privacy and security statement to share and explain the current information management practices on our websites.
For more information about Data Protection in UAE , please visit: https://u.ae/en/about-the-uae/digital-uae/data/data-and-privacy-protection-in-the-uae
Protecting data and privacy online
- Federal Law No. 5 of 2012 on Combatting Cybercrimes and its amendment by the Federal Law No. 12 of 2016
Federal Law No. 5 of 2012 on Combatting Cybercrimes (PDF) makes it illegal to disclose any information obtained by electronic means, if such information was obtained in an unauthorized manner.
Article 21 of the law makes one liable if he uses an electronic information system or any information technology means for offending another person or for attacking or invading his privacy.
Article 22 of the same law makes one liable if uses without authorization, any computer network, website or information technology means to disclose confidential information which he has obtained in the course of or because of his work.
- Internet Access Management (IAM) policy
Telecommunications Regulatory Authority (TRA) implements the Internet Access Management (IAM) policy in the UAE, in coordination with National Media Council and Etisalat and Du, the licensed internet service providers in the UAE. Under this policy, online content that is used for impersonation, fraud and phishing and/or invades privacy can be reported to Etisalat and Du to be taken down.
Read more about UAE laws and resolutions concerning activities conducted online.
- Electronic transactions
Federal Law No. 1 of 2006 on Electronic Commerce and Transactions provides security measures of electronic transactions and ensures that electronic data is authentic and reliable.
Privacy protection in the UAE Penal Code
Article 378 of the UAE Penal Code makes one liable if he violates the private or familial life of individuals, by perpetrating one of the following acts, unless authorized by law, or without the victim’s consent:
- If he lends his ears, records or transmits, through a device of any kind, conversations that took place in a private place or through the telephone or any other device.
- Captures or transmits, through any kind of device, the picture of a person in a private place.
- If these acts were done during a meeting in front of the attending persons, their consent shall be presumed.
- REPS Student Behavior Management Policy for Distance Learning
- REPS Acceptable Use Policy
- REPS Password Security Policy
- REPS Filtering Policy
- REPS Managing Mobile Technologies Policy
- REPS Emails Policy
- REPS Distance Learning Policy
Please only sign if you have fully read the REPS Acceptable Use Policy. By signing the acceptance form you are agreeing that you have fully understood the REPS Mobile Phone Policy.
I hereby confirm that I have read and fully understood the terms and conditions document attached and will strictly follow the REPS Mobile Phone Policy.