At the British International School Hanoi, we collect and hold personal information of individuals for various purposes.
There are three general categories of personal data held by us.
1. Student information, which includes but is not limited to information supplied by students / parents and collected in connection with student applications, student records, former students, contacts and communications activities undertaken by us or on our behalf. Student records are kept for purposes that include corresponding with, responding to and taking follow-up actions in respect of students, contacts and communications activities.
2. Personnel information, which includes but is not limited to personal particulars, job descriptions, details of compensation and benefits, performance appraisals, references and disciplinary matters relating to our job applicants, employees and former employees. Personnel records of employees are kept for human resource management purposes, relating to such matters as employees’ terms of employment, performance appraisals, monitoring compliance with applicable law and internal rules and conducting investigations in respect thereof, providing references, intra-group communications, professional development, discipline and termination.
3. Other records, which include administration and other files, containing personal data provided to us by individuals for purposes other than those connected with students, contacts, communications or employment. Other records are kept to enable us to carry out various functions and activities which vary according to the nature of the purpose for which such records are to be used, including but not limited to the administration of our school’s functions and activities, seeking advice on operational matters, undertaking communications and training activities organised by us, or on our behalf, including the acquisition of services and handling of enquiries from members of the public.
We are committed to meeting internationally recognised standards of personal data privacy protection, in compliance with the requirements of applicable law. We will never disclose any personal data to any third parties without prior consent unless permitted or required by law.
Users have the right to request access to and correction of their personal data pursuant to applicable laws. Should you wish to access or correct your personal information held by us, or submit a complaint in respect thereof, please send your request by email to firstname.lastname@example.org
If you have any queries about our policy and practices, please write to email@example.com
1.2 By providing your information, or the information of any Student you are responsible for (whether via our website, in person, in writing or over the phone) to us, you acknowledge the processing set out in this policy and (where applicable) the policy relating to any relevant School. Further notices highlighting certain uses we wish to make of your Personal Data together with the ability to opt in or out of selected uses may also be provided to you when we collect Personal Data from you.
1.3 This policy only relates to processing undertaken by or on behalf of NAE. Whilst our websites may contain links to other third party websites, please note that we do not accept any responsibility or liability for their policies in relation to any Personal Data or their collecting processing of any Personal Data.
- What Personal Data do we process?
We may collect and process the following Personal Data about you and any Student you are responsible for:
2.1 We may collect and process the following Personal Data about you and any Student you are responsible for:
- Website and communication usage ► details of visits to our websites and information collected through cookies and other tracking technologies including, but not limited to, IP address and domain name, browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that are accessed;
- Information you have provided to us ► any additional information that you or a Student you are responsible for may provide to us, such as through completing enquiry or feedback forms. In the event that you share Personal Data relating to a Student with us, please ensure that you have their permission to do so in the event that they are sufficiently mature to make decisions about their own Personal Data. Click here for more information. Please note that if any Special Categories of Personal Data are submitted to us via our website, these will be deleted.
Where we collect Personal Data from
2.2 We may obtain Personal Data from you (or any Student you are responsible for) directly, or from third parties such as other educational or sporting institutions, sanctions and politically exposed persons screening lists, our business partners and public registers.
- How we use your Personal Data
3.1 Your Personal Data (and that of any Student you are responsible for) will only be processed where we have a specific purpose, and a lawful basis, for doing so. These purposes and bases are listed below. An explanation of the scope of the grounds available can be found here Lawful Bases
- To select, onboard and enrol Students ► to process application forms, tests, interviews, travel arrangements and all activities relating to the Student’s enrolment in a School;
Lawful Bases: contract performance; legitimate interests (to enable us to perform our obligations and provide our services).
- To provide newsletters and marketing materials ► to provide you and any Students you are responsible for with updates and offers relating to our products and services, where you have chosen to receive these. Where required by law, we obtain consent to conduct this marketing activity. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us;
Lawful Bases: legitimate interests (to promote our services); consent
- To improve our services ► to analyse Personal Data in order to better understand your requirements, or those of any Student you are responsible for. This will assist us in tailoring and developing the services we offer;
Lawful Bases: legitimate interests (to allow us to improve our services)
- To monitor certain activities ► to monitor communications to ensure compliance with our internal procedures and any legal requirements;
Lawful Bases: legal obligations; legal claims; legitimate interests (to ensure that the quality and legality of our services)
- To ensure website content is relevant ► to ensure that content from our websites are presented in the most effective manner for you and any Student you are responsible for;
Lawful Bases: contract performance; legitimate interests (to allow us to provide the content and services on the websites)
- In connection with legal or regulatory obligations ► We may process your personal Data or that of any Student you are responsible for to comply with our regulatory requirements or to engage in dialogue with our regulators. This may include disclosing that Personal Data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so;
Lawful Bases: legal obligations; legal claims; legitimate interests (to cooperate with law enforcement and regulatory and public authorities).
3.2 We may also process your Personal Data including Special Categories of Personal Data where necessary for the establishment, exercise or defence of a legal claim.
- Transmission, storage and security of Personal Data
Security over the internet
4.1 No data transmission over the Internet or through a website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your Personal Data, and that of any Student you are responsible for, in accordance with data protection legislative requirements.
4.2 All information you, or any Student you are responsible for, provide to us is stored on our or our suppliers’ secure servers and accessed and used subject to our security policies and standards. We ask that you, or any Student you are responsible for:
- Refrain from sharing any password providing access to certain parts of our websites, applications or systems with any other person; and
- Comply with any other security procedures that we may notify you of from time to time.
EEA Specific Provision: Export outside the EEA
Please note that this section of this policy only relates to individuals located within the EEA.
4.3 Your Personal Data, or that of any Student you are responsible for, may be transferred to, stored in or accessed by staff or suppliers in, a destination outside the European Economic Area (EEA). Regardless of location, we will impose the same data protection safeguards that we deploy inside the EEA.
4.4 Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Data to these jurisdictions (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm). In countries which have not had these approvals, we will transfer it subject to:
- European Commission approved contractual terms; or
- (in respect of transfers to the United States of America only) Privacy Shield;
that impose equivalent data protection obligations directly on the recipient, unless we are permitted under applicable data protection law to make such transfers without such formalities.
4.5 Please contact us if you would like to see a copy of the specific safeguards applied to the export of Personal Data relating to you or any Student you are responsible for.
4.6 We will retain your Personal Data for as long as is necessary for the processing purpose(s) for which they were collected and any other permitted linked purpose. Our retention periods are based on business needs and relevant laws. Records that are no longer needed are either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed.
- EEA Specific Provision: European Rights Relating to Personal Data
Please note that this section of this policy only relates to individuals located within the EEA.
5.1 Data Subjects in the EEA have a number of rights relating to how their personal data is used. Please be aware that certain exceptions apply to the exercise of these rights and so you will not be able to exercise them in all situations. In addition, these will vary slightly between EU member states. If you wish to exercise any of these rights we will check your entitlement and respond within a reasonable timescale.
5.2 Students may be able to exercise these rights independently, provided that they have Legal Capacity.
5.3 Where applicable, you will have the following rights relating to your Personal Data or the Personal Data of a Student for whom you are responsible:
- Subject Access: ► Be provided access to any Personal Data held about you/a Student you are responsible for, by NAE. This information will generally be provided within one month of us confirming your identity and understanding the scope of your request.
- Rectification: ► Require us to update or amend any inaccurate Personal Data which we hold about you or a Student for whom you are responsible.
- Erasure: ► Require us to erase Personal Data in certain circumstances. If the Personal Data has been made public, reasonable steps will be taken to inform other controllers that are processing the data that you have requested the erasure of any links to, copies or replication of this Personal Data.
- Withdrawal of consent: ► Withdraw any consents to processing that you have given us or that have been given on your behalf and prevent further processing, if there is no other ground under which we can rely to process your Personal Data.
- Restriction: ► Require certain Personal Data to be marked as restricted in some circumstances, for example, whilst we resolve any complaint we may have received from you in respect of your Personal Data. Restriction means that whilst we still store the data, we will not otherwise process it until such time as the restriction may be lifted.
- Portability: ► Have a copy of any Personal Data you (or a Student for whom you are responsible) have provided to us and which we process by automated means (e.g. electronically) in electronic form to a third party.
- Right to Object: ► Object to NAE processing Personal Data relating to you (or a Student for whom you are responsible) based on our legitimate interests unless NAE’s reasons for undertaking that processing outweigh any prejudice to your data protection rights.
- Marketing: ► Require NAE to prevent processing of your Personal Data for direct marketing purposes.
- Raise a complaint: ► Complain to your local Data Protection Authority about our processing of your Personal Data.
5.4 If you have any queries relating to your rights or exercise of your rights, please contact us.
- Changes to our Policy
6.1 Our policy may change from time to time in the future. We therefore encourage you to review them when you visit the website from time to time to stay informed of how we are using Personal Data. This policy was last updated on 10 August 2018.
What are Cookies?
7.2 Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating web domain on your subsequent visits to that domain. Most web pages contain elements from multiple web domains so when you visit the Website, your browser may receive cookies from several sources.
7.3 We use the cookies on this website to help you navigate our website efficiently, perform certain functions and to collect site statistics. These cookies do not store any personal information that would, on its own, allow us to identify individual users of this service without your permission. Please be aware that restricting cookies may impact on the functionality of the website and could mean that key features do not work properly. We strongly recommend allowing cookies from this website so that we can provide you with a full service
What type of cookies do we use?
7.4 We use a number of suppliers(3rd Party) who also set cookies on our website on our behalf in order to deliver the services that they are providing. If you would like more information about the cookies used by these suppliers, as well as information on how to opt, please see the information in the tables provided below. To help you make an informed decision, we have categorised the cookies used on this site into two categories;
Necessary cookies – these cookies are fundamental to ensure the site works correctly.
Optional cookies – These cookies could help us track how you use the website so that we can improve the information and experience provided to you. They may also provide additional features by 3rd party providers to allow you to socially share content or comment on this website.
How to control and delete cookies
7.6 Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual. We do not use “spyware’, that is web bugs or hidden identifiers
7.7 We keep a record of traffic data which is logged automatically by the server. This includes your IP address, the website address you visited before ours, the website address you visit after leaving our site and which pages you visit on our site. We do not store or analyse this traffic data in a way that identifies any individual. We also use Google Analytics for site statistics – see Cookies above for details of how this works.
Appendices - Lawful Bases
Use of Personal Data under EU data protection laws must be justified under one of a number of Lawful bases and we are required to set out the Lawful bases in respect of each use in this policy. We note the Lawful bases we use to justify each use of your information here: How we use your Personal Data. These are the principal Lawful bases that justify our use of your Personal Data
Consent: You have given your consent to the processing of those personal data for one or more specified purposes. You are free to withdraw your consent by contacting us. Where you do so, we may be unable to provide a service that requires the use of such data.
Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal obligations.
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
The following terms are used in this Policy:
Data Controller: this is the person which alone or jointly with others determines the purpose and means of the processing of Personal Data. NAE is the Data Controller of all details collected about you and any Student you are responsible for in its operation of the school.
Data Subject: for the purpose of this policy this includes all living individuals about whom we hold Personal Data, including Students, Parents and/or Guardians. A Data Subject need not be a national or resident of the country the concerned NAE business is based in. Within the EU, all Data Subjects have legal rights in relation to their Personal Data.
Data Processor: this is the person which processes Personal Data on behalf of the Data Controller (not including employees of the Data Controller). NAE’s suppliers and agencies that handle Personal Data on our behalf will be Data Processors.
Guardians / Parents: this means any parents or guardians responsible for a Student.
NAE, Our, Us, We: Nord Anglia Education (which includes each of the companies and Schools listed on our website.)
NAE HK: our Hong Kong based Headquarters, Nord Anglia Education, of St George's Building Level 12, 2 Ice House Street, Central, Hong Kong, China.
Parents / Guardians: this means any parents or guardians responsible for a Student.
Personal Data: this is defined as any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified (either directly or indirectly) by reference to an 'identifier'. These include names, ID numbers, location data, online identifiers or one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that person.
School(s): this means any school within the Nord Anglia Education Group.
Student: this means any prospective, past or present student of a School.