1.1. This Statement is adopted as the Privacy Policy Statement (“Statement”) of Indian School Sohar (the “School”). The purpose of this Statement is to establish the policies and practices of the School's commitment to protect the privacy of personal data and to act in compliance with the provisions of the Privacy Policy and implementation of the guidelines thereon issued by the School
1.2. The School is required to establish its own policies and practices to ensure full compliance with the applicable legal and regulatory requirements in their respective jurisdictions relating to personal data protection.
2.1. There are two broad categories of personal data held in the School. They are personal data related to Students and their parents.
2.2. Personal data of the students and the parents held by the School may include the following: name and address, occupation, contact details, date of birth and nationality, identity card and/or passport numbers and place and date of issue thereof, information obtained by the School in the ordinary course of the continuation of the school operations;
2.3 The School may hold other kinds of personal data which it needs in the light of experience and the specific nature of its operations.
3.1 It is necessary for students and parents to provide the School with data in connection with the admission and continuation of education in the school.
3.2 It is also the case that data are collected from the students and parents in the ordinary course of the continuation of the providing education services and other financial relationship.
3.3 The purposes for which data relating to a students and parents may be used are as follows:
It is the policy of the School to ensure an appropriate level of protection for personal data in order to prevent unauthorized or accidental access, processing, erasure or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by occurrence of any of the aforesaid events. It is the practice of the School to achieve appropriate levels of security protection by restricting physical access to data by providing secure storage facilities, and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Data is only transmitted by secure means to prevent unauthorized or accidental access.
It is the policy of the School to ensure accuracy of all personal data collected and processed by the School. Appropriate procedures are implemented to provide for all personal data to be regularly checked and updated to ensure that it is reasonably accurate having regard to the purposes for which that data is used. In so far as personal data held by the School consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.
6.1 In relation to the collection of personal data on-line, the following practices are adopted:
The School will follow strict standards of security and confidentiality to protect any information provided to the School online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals' privacy.
Personal data provided to the School through an on-line facility, once submitted, it may not be facilitated to be deleted, corrected or updated on-line. If deletion, correction and updates are not allowed online, users should approach relevant officials of the School.
7.1 It is the policy of the School to comply with and process all data access and correction requests in accordance with the provisions of the policy, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests.
7.2 Data access and correction requests to the School may be addressed to the School's Data Protection Officer (“DPO”) or other person as specifically advised.
The School shall usually hold data relating to the customer(s) for a period of at least three years after the business operational relationship is ended or such other period as prescribed by applicable laws and regulation after closure of account/termination of service.