This is information which you provide to us which personally identifies you, such as your name, email address or other data which can be reasonably linked to such information by SchoolIS, such as information we associate with your SchoolIS profile.
SchoolIs does not share, sell or transfer personal data to anyone other than as described below. Broadly, we collect personal data for the purposes of providing our services and tasks incidental to that purpose, which is the electronic processing and administration of academic information of students enrolled in their school. We will not provide personal information to third parties except when we have the express permission of the Parent or under the limited circumstances listed under below.
User data is submitted to our platform in three ways:
- directly by the users
- by representatives authorised by the users (e.g. the school SchoolIS administrators and faculty obtains data and then uploads it to our platform)
- via an integration with a third-party system
Data typically enters our systems via “student information systems” independently maintained and controlled by our customer schools. We import data from third-party systems only under direct instruction from our customers.
The lawful basis for collecting personal data
GDPR specifies six lawful basis for collecting personal data:
- Written contract
- Legal obligation
- Vital interests
- Public tasks
- Legitimate interests
For most schools, the legal basis for data collection relates to either legal obligations as learning institutions, or to legitimate interests.
Most of the bases require that the data processing is necessary, i.e. if you can reasonably achieve the same results and purpose without processing data, then you do not have a lawful basis.
Personal data retrieved
We may collect personally identifiable data, such as e-mail addresses of those who communicate with us via e-mail and information volunteered by users (such as survey information and/or site registrations). We also collect your name, school, gender, date of birth and e-mail address when you register on a Website. A billing address and credit card information will be required for primary account administrators. By using a student account, Students and parents may send personal information including directory information such as their first and last name, email address, nationality, place of birth, language, national ID, and parents’ names and contact details to Schools.
Sharing information with third parties
SchoolIS obtains information on voluntary basis, and that information will not be provided to any third parties by us except when we have the express permission or under the limited circumstances:
When the school or users has given their express permission in writing or recorded automated process giving us authority for personal data and/or information to be shared publicly.
We do not share, sell or transfer personal data to anyone other than as described. Broadly, we collect personal data for the purposes of providing our services and tasks incidental to that purpose, which is the electronic processing and administration of academic information of students enrolled in the customer school. We will not provide personal information to third parties except when we have the express permission of the Parent or under the limited circumstances listed above. We take steps to prevent our customers from sending data to third parties without complying with data protection regulations. However, it is important that our customers themselves implement safeguards to ensure that data transfer occurs in adherence with regulation.
Cookies are small text files that are placed on your computer or mobile phone when you browse websites.
Cookies on SchoolIs:
- Make our service work as you'd expect
- Save you having to login every time you visit the site
- Remember your settings during and between visits
- Improve the speed/security of the site
- Help you get to what you need faster
- Collect any personally identifiable information (without your express permission)
- Pass data to advertising networks
- Pass personally identifiable data to third parties
- Pay sales commissions
You may block cookies by updating the relevant settings on your device or browser to allow you to refuse the setting of some or all types of cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our website.
Data deletion request
A data deletion request is valid only if the lawful basis of the processing is Consent (see above), or if the original purpose is no longer valid. We strongly recommend that our schools implement clear processes for evaluating these kinds of requests. If a data subject is granted the right to be deleted, SchoolIs will, either through our software or our support services, help execute these rights and confirm the deletion.
SchoolIs deletes personal data when instructed by our customers, or if the contract between us and the customer is terminated. The procedures around deleting customer data upon termination of service should be provided in writing.
An instruction to delete a user in our services can either be manually performed in the platform by a customer representative or upon request to our support team.
When users are deleted in our systems, there are safeguards in place to prevent errors leading to an irreplaceable loss of data. In many cases customers will have to manually confirm the deletion of customer data, including personal data.
Providing personal data that we store on a user when requested
Our users have strong rights to transparency, information, and data access. Any data subject can request a copy of all personal data stored, provided that it does not adversely impact other users, or if the data is not already directly available.
Please note this is not an absolute right. There are laws in place that require you to protect the data subject and others from accessing certain kinds of information. We strongly recommend that our customer schools implement a clear process for evaluating this kind of request. If our customer school grant a data subject the right of access, we will, either through our software or our support services, help execute these rights.
Our systems were built for transparency across all stakeholder groups, so the majority of data stored about a user is directly accessible via the individual user profile.
Providing personal data that we store on a user when requested directly by a user (e.g. student, parent, teacher)
Under GDPR, the data subject (user) rights is between him and the controller (our customer schools). Any data subject requests from end users to SchoolIs will be handed over to the customer school. SchoolIs will cooperate in good faith with customers to ensure they can exercise the rights of the data subjects in a prompt manner.
Data breach notification
Depending on the nature of the data breach, our customers might be required to promptly notify both the users affected and the supervising authorities. SchoolIS is required to notify its customers when becoming aware of a data breach, and to help them in fulfill obligations in notifying users.
GDPR for customer schools outside the EU
The EU has no legislative power over jurisdictions outside EU. GDPR does not offer any rights or freedoms to data subjects located outside the EU, and does not put obligations on non-EU customers that do not process data on EU/EEA data subjects.
However, SchoolIS provides the same services and same level of security to all our customers. In other words, no matter where your school is located, you will benefit from our approach to security of personal data under GDPR.
Links to other websites
SchoolIs may link to other websites but is not responsible for the accuracy of the content on external sites nor does it imply endorsement of their views. We encourage you to review the privacy policies of websites you choose to link to from ours so that you can understand how those websites collect, use, and share your information.
Whenever users submit personal information (such as contact info) via online forms or registration, upon submission that information is encrypted via the highest level of SSL available. Servers that store personally identifiable information are in a secure environment.
Use of Text and Images