Data Protection Guidelines

Effective date: 21 March 2026

1. Guiding Principles

• Collect only data necessary for educational and administrative purposes.
• Use personal data fairly, lawfully, and transparently.
• Keep data accurate, relevant, and up to date where practical.

2. Data Access and Confidentiality

• Access personal data only when required for your role.
• Do not disclose personal data to unauthorized persons.
• Use secure school channels when sharing records internally.

3. Storage and Retention

• Store data in approved systems with access control.
• Avoid keeping unnecessary copies in personal devices or unofficial tools.
• Retain records only for approved retention periods and operational needs.

4. Data Security

• Protect files with proper permissions and, where applicable, encryption.
• Do not send sensitive personal data through insecure channels.
• Immediately report suspected data breaches or accidental disclosures.

5. Data Subject Rights

The school will handle requests related to personal data access and correction according to applicable regulations and internal procedures.

6. Third-Party Processors

When external service providers are used, they must follow confidentiality and data protection requirements under school-approved arrangements.

7. Breach Handling

Data incidents must be recorded, assessed, contained, and escalated promptly. Corrective actions should be documented and reviewed.