Privacy Notice Policy
At Hua Hin International School we value the rights and freedoms of all people. This includes respecting your privacy and protecting your personal data. This privacy notice describes how we collect and use (or “process”) your information. It also tells you how to contact us as well as outlining what rights you have with regard to your personal data.
Who are we?
Hua Hin International School (“we”, “our”, “us”) is an international school located in Hua Hin, Prachuap Khiri Khan, Thailand. We provide education to children between the ages of 3 years old through to 18 years old.
What is the purpose of this website privacy notice?
The purpose of this privacy notice is to provide detailed information about how we process personal data.
Please read this notice carefully and, if you have questions regarding your personal data or its use, you may contact the data protection officer at firstname.lastname@example.org.
We will update this Privacy Notice from time to time. Any substantial changes that affect how we process your personal data will be notified on our website and to you directly, as far as practicable.
What is personal data?
The term ‘personal data’ refers to any information which identifies you or can be used to identify a data subject when used in conjunction with other information.
The term ‘data subject’ describes the person about whom the personal data is about.
What personal data do we collect about you?
We process personal data about visitors to our website; prospective, current and past: students and their parents; staff and other individuals connected with or visiting our school.
The personal data we process takes different forms.
- names, addresses, telephone numbers, e-mail addresses and other contact details;
- IP addresses, location data, and website statistics and analytics;
- Website cookies;
- family details;
- admissions, academic, disciplinary and other education related records, references, examination scripts and marks;
- education and employment data;
- images, audio and video recordings;
- financial information and identification documents (eg for bursary assessment or for fundraising);
- courses, meetings or events attended.
As a school, from time to time we also need to process personal data which is designated as “sensitive” or “special category personal data” in order to facilitate our school operations and activities. Such data includes personal data regarding a data subject’s concerning:
- special education needs;
- Information relating to safeguarding and child protection/welfare
- ethnicity; or
How do we obtain your information?
We collect most of the personal data we process directly from the data subject concerned (or often in the case of students, from their parents). In some cases, we collect data from third parties (for example, referees/references, and previous schools) or from publicly available resources.
We also collect data about you when:
- You have expressed an interest in having a student attend our school;
- you have registered to attend (or have attended) one of our events;
- you visit our website;
- you sign up to receive email our newsletter and/or prospectus;
- you have expressed an interest in working for, or with, us; or
- you are employed by an organisation with whom we have a business relationship.
How do we use your personal data?
Whenever we use (or “process”) any personal data (sensitive/special category or otherwise), we do so in accordance with applicable laws and regulations (including with respect to safeguarding or employment). Personal data held by us is processed by appropriate members of staff for the purposes for which the data was provided. We take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to school systems.
In the course of school business, we share personal data (including special category personal data where appropriate) with third parties such as examination boards, the school’s nurse/doctor, the school’s professional advisors and relevant authorities. We may also be required to share your personal data with other organisations for legal or statutory purposes, or where we have your consent to do so. Moreover, some of our systems are managed or operated by third parties (SchoolBase, Google). Sharing data with these parties is always subject to contractual assurances that personal data will be kept securely and only in accordance with our specific directions. We do not transfer personal data you have provided unless we are satisfied that the personal data will be afforded an equivalent level of protection.
We may transfer data to other countries but in doing so will rely either on the existence of adequacy agreements or upon standard contractual clauses as part of agreements with data processors. For more information on how we transfer data to other countries is available upon request by contacting our Data Protection Officer at email@example.com.
Purposes for which we process personal data
We process personal data to support our operation as an independent school. In particular, we use the data for:
- The selection and admission of students;
- The provision of education and enrichment to our students, including the administration of our curriculum; monitoring student academic progress and educational needs; reporting on the same internally and to parents; administration of students’ entries to public examinations, and providing references for students (including after a student has left);
- The provision of educational support and related services to students;
- The safeguarding of students’ welfare and provision of pastoral care, welfare, health care services and support.
- Compliance with legal and regulatory requirements;
- Operational management including the compilation of student records; the administration of invoices, fees and accounts; the management of school property; the management of security and safety arrangements (including the use of CCTV and monitoring of the school’s IT and communications systems in accordance with our Acceptable use of the school’s ICT facilities and the internet agreement); the administration and implementation of our school’s rules and policies for students and staff; and the maintenance of historic archives;
- Staff administration including the recruitment of staff/engagement of contractors; administration of payroll, pensions and sick leave; review and appraisal of staff performance; conduct of any grievance, capability or disciplinary procedures; and the maintenance of appropriate human resources records for current and former staff; and providing references;
- Advancement including fundraising;
- Analyzing website traffic, demographics and behaviour through the use of analytical tools and cookies;
- The promotion of our school through our website[s], our prospectus and other publications and communications (including through our social media accounts);
- Maintaining relationships with our alumni and former employees.
- For keeping a record of historical and memorable events relevant to the maintenance of a historical record.
What is our legal basis for processing your personal data?
We may process your personal data for the above purposes based one or more of the following legal bases:
- We have an individual’s consent to do so (or their parent’s, if appropriate) . You can withdraw your consent at any time by emailing firstname.lastname@example.org.
- it is necessary for the performance of a contract (e.g. an employment contract with a member of staff);
- it is necessary for our compliance with our legal obligations. In this respect, we may use personal data to exercise or perform any right or obligation conferred or imposed by law in connection with employment; and/or for the prevention and detection of crime, and in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities;
- it is necessary for our or a third party’s legitimate interests. These “legitimate interests” include our interests in providing high quality education, fostering relationships with those in the school community, and our interests in managing and operating the school to the best of our abilities.
- it is necessary to protect an individual’s vital interests (in certain limited circumstances, for example where a student has a life-threatening accident or illness while at school and we have to process that student’s personal data in order to ensure the student receives prompt and appropriate medical attention);
- it is necessary for the establishment, exercise or defence of legal claims;
- it is necessary for reasons of substantial public interest, including safeguarding purposes;
- it is necessary for medical purposes, including medical diagnosis and the provision of health care or treatment for students, managing related health care systems, and/or for assessing the working capacity of staff;
- it is necessary for archiving, research or statistical purposes;
Under data protection laws, the rights belong to the individual to whom the data relates (i.e. the data subject). However, where consent is required as the lawful basis for processing personal data relating to students we will often rely on parental consent [unless, given the nature of the processing in question, and the student’s age and understanding, it is more appropriate to rely on the student’s consent. Parents should be aware that in such situations they may not be consulted, depending on the interests of the child, the parents’ rights at law or under their contract, and taking into account all the relevant circumstances.
In general, we will assume that students’ consent is not required (and that other lawful bases are more appropriate, as described above) for ordinary disclosure of their personal data to their parents, e.g. for the purposes of keeping parents informed about the student’s activities, progress and behaviour, and in the interests of the student’s welfare, unless, in the school’s opinion, there is a good reason to do otherwise.
However, where a student seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, we may be under an obligation to maintain confidentiality unless, in our opinion, there is a good reason to do otherwise; for example where the school believes disclosure will be in the best interests of the student or other students, or is required by law.
What are our responsibilities for looking after your personal data?
In every case, when we are collecting or using personal data, we will comply with the requirements of data protection legislation
What rights do you have over your personal data?
Under data protection laws, you have the right to:
- obtain access to, and copies of, the personal data that we hold about you (subject to legal exceptions);
- correct the personal data we hold about you if it is incorrect;
- require us to erase your personal data in certain circumstances;
- require us to restrict our data processing activities in certain circumstances;
- receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of your transmitting that personal data to another data controller;
- object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights (including a right to object to receiving fundraising or communications, and to object to our profiling you for the purposes of fundraising or keeping in touch);
- where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal.
If you would like to exercise any of your rights under data protection law for which we are the data controller, please make your request by emailing us at email@example.com.
Please note that these rights are not absolute, and we may be entitled or required to refuse requests where exceptions or exemptions apply.
We will respond to any such written requests as soon as is reasonably practicable and in any event within statutory time limits.
We try to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Please notify of any significant changes to important information, such as contact details, held about you.
If you have any questions or concerns about how we are using your personal data or if you would like to exercise any of your information rights, please contact us at firstname.lastname@example.org.
How do we retain and store your personal data?
All personal data is securely stored in accordance with legal requirements. We retain personal data only for legitimate purposes, relying on one or more of the lawful bases as set out above, and only for so long as necessary for those purposes, or as required by law. When the need to process a particular piece of personal data, it is securely destroyed in accordance with legal requirements.
If you have questions, requests or issues, please let us know how we can help. Our Data Protection Officer can be reached at email@example.com
Hua Hin International School
549 Moo 7, Hin Lek Fai, Hua Hin, Prachuap Khiri Khan 77110
Tel: +6632-900-632, +6632-900-633