Who we are
The American International School of Muscat (TAISM)
TAISM has opted to adhere to international data protection law (General Data Protection Regulation), ensuring that the personal data it processes is safe, secure and protected from unauthorised or unlawful processing and against accidental loss, destruction or damage. TAISM complies with the relevant national data protection regulations. We are committed to keeping personal information accurate, up-to-date, safe, secure and will not keep personal information longer than necessary. This privacy notice explains how we use personal information, whom we share it with, and how we protect and account for the protections to privacy. This notice applies to all personal data collected for and on behalf of TAISM. This notice pertains to information obtained in analogue (forms, documents, in writing) and through technological means such as information systems and email.
From time to time, we will make you aware of when we require additional personal information for processing through a separate specific privacy notice.
How we use personal information
TAISM collects personal information and sensitive categories of personal information of students, parents, employees and at times, third parties, to provide a safe and caring environment for teaching, learning and general educational purposes. We use the information you provide for purposes that are necessary by law and are required to undertake the performance of the contract into which you have entered. We will always ensure we have a condition for processing personal and sensitive information.
We use the information you provide in the following ways:
- to undertake and manage the school admissions and enrolment
- for approved school trips
- to provide a safe learning environment
- to comply with child protection requirements
- to support and enable the academic, pastoral and personal objectives of children, including the monitoring and reporting of progress
- to provide support and care for emotional and psychological wellbeing (pastoral and counselling)
- to protect the health of the students and staff we serve. We may also use data provided to us by other health professionals to safeguard staff and students.
- to provide a tailored learning environment and make evidence-based education decisions for the children we serve
- to enable the children we serve to continue or progress their education at other educational organisations
- to enable the development of a comprehensive picture of the workforce and how it is deployed
- to inform the development of recruitment and retention policies
- to enable individuals to be paid
- to support and develop our employees in the performance of their duties
- for financial planning to help in the future planning and resource investment purposes
- to help investigate any concerns or complaints you may have
Why do we collect and use personal information?
We collect and use personal information to carry out the education services as prescribed above. We do so under a lawful basis, as prescribed by the associated Regulations. In some circumstances, we may be required to share personal data for legal, statutory purposes or under legitimate interest. If we need to share your information, we will ensure, if required, that you are advised.
The categories of personal information that we collect, hold and share include:
- personal information (such as name, date of birth, unique number and address)
- special categories of data (such as health, ethnicity)
- other relevant categories for the performance of our services (such as assessment, relevant medical information, special educational needs information, exclusions / behavioural information and psychological reports and assessments)
- attendance information (such as sessions attended, number of absences and absence reasons)
- logging and audit information from the use of IT systems and education technology apps, applications and cloud-based systems
- photographs and videos taken by staff and students throughout the school year to record and share everyday life at TAISM. Your child may be identifiable in these photographs.
- photographs taken for identification purposes e.g. ID cards.
Retention and storing of personal data
TAISM recognises that by efficiently managing its records, it will be able to comply with its legal and regulatory obligations and to contribute to the effective overall management of the institution. Records provide evidence for protecting the legal rights and interests of the school and provide evidence for demonstrating performance and accountability.
All pupil and staff records will be kept securely at all times. Paper and electronic records will have appropriate security measures in place. This security will ensure that confidentiality is maintained for pupil and staff records while enabling information to be shared lawfully and appropriately, being made accessible for those authorised to see it.
Pupil and staff records are disposed of in accordance with the secure disposal of records guidelines. Where documents have been identified as historically significant, they will be archived.
While we store and use your personal data, we will ensure the appropriate security of your personal data including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures. In addition, we limit access to such personal information to those employees, agents, contractors and other third parties who have a valid need to know that information.
For the purposes of IT, hosting and maintenance of all school information, including personal data, is located on servers within the school, or within hosted servers provided by our service providers. No third parties have access to your personal data unless the law allows them to do so. Where the law allows and information is shared with third parties, we ensure they have the same protections in place as we do. We cannot deliver our education services without processing the data we collect and share.
In following the principles of Article 32 - Security of Processing of the GDPR, we have in place proportionate organisational and technical measures to protect your personal information. More information on these can be requested via the Data Protection Lead (contact details below).
Who processes your data and why we share information?
The school uses data processors (3rd parties) to provide services which are of benefit to students, staff and parents. The school has contracts in place with all data processors which means they can only use your personal data as instructed by the school.
Example of data processors:
- School Management Information System (PowerSchool)
- Student Information System (PowerSchool)
- Catering company (Crafty Kitchen)
- Gsuite for Education
- Providers of information systems that are necessary for the School to deliver the admissions, administration, teaching and learning, pastoral development, and child protection services. (PowerSchool)
The school may also share this data, but this will only be done if the school is satisfied that there is a lawful basis to share.
Examples of who we may share data with:
- Schools, colleges or universities that the students attend after leaving us
- Government bodies If there is a legal or statutory obligation to share
- Medical facilities if in the vital interests of students or individuals to share
- The Ministry of Education (MOE)
- Education authorities in Oman
- Providers of information systems that are necessary for the School to deliver the admissions, administration, teaching and learning, pastoral development, and child protection services
- We share pupil’s data with third parties for school trips/outings
- We do not share information about our pupils unless there is a lawful basis to do so.
Processing and transfers to third countries
When TAISM works with third parties that process data outside of a country with an adequate level of data protection, we will apply the appropriate due care and diligence to assess these parties against TAISM's data protection standards.
Requesting access to your personal data
Under data protection legislation, everyone has the right to request access to information about them that we hold. To make a request for your personal information, contact the Data Protection Lead (DPL).
You also have certain additional rights to:
- be informed of how we are processing your personal information – this privacy notice serves this purpose, get in touch if you have any questions;
- have your data corrected if it is inaccurate or incomplete;
- have your information erased (the right to be forgotten) in certain circumstances – e.g. where it is no longer needed by us for the purpose in which it was collected or you have withdrawn your consent;
- restrict the use of your data in certain circumstances e.g. where you have told us the data is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your data but will not process it further until we have checked and confirmed whether the data is inaccurate;
- to object to the processing of your data in certain circumstances - e.g. you may object to the processing of your data for direct marketing purposes.
- to object to decisions being taken by automated means or for it to be reviewed by manual intervention.
- object to the processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have any concerns about the way we are collecting or using your personal data, you should raise your concern with us in the first instance.
If you would like to discuss anything in this privacy notice, please contact: firstname.lastname@example.org